In an effort led by CEO Mark Zuckerberg, Facebook has plans to rearchitect WhatsApp, Instagram direct messages, and Facebook Messenger so that messages can travel across any of the platforms. The New York Times first reported the move Friday, noting also that Zuckerberg wants the initiative to "incorporate end-to-end encryption." Melding those infrastructures would be a massive task regardless, but designing the scheme to universally preserve end-to-end encryptionin a way that users understandposes a whole additional set of critical challenges.
As things stand now, WhatsApp chats are end-to-end encrypted by default, while Facebook Messenger only offers the feature if you turn on "Secret Conversations." Instagram does not currently offer any form of end-to-end encryption for its chats. WhatsApp's move to add default encryption for all users was a watershed moment in 2016, bringing the protection to a billion people by flipping one switch.
Facebook is still in the early planning stages of homogenizing its messaging platforms, a move that could increase the ease and number of secured chats online by a staggering order of magnitude. But cryptographers and privacy advocates have already raised a number of obvious hurdles the company faces in doing so. End-to-end encrypted chat protocols ensure that data is only decrypted and intelligible on the devices of the sender and recipient. At least, that's the idea. In practice, it can be difficult to use the protection effectively if it's enabled for some chats and not for others and can turn on and off within a chat at different times. In attempting to unify its chat services, Facebook will need to find a way to help users easily understand and control end-to-end encryption as the ecosystem becomes more porous.
"The big problem I see is that only WhatsApp has default end-to-end encryption," says Matthew Green, a cryptographer at Johns Hopkins. "So if the goal is to allow cross-app traffic, and its not required to be encrypted, then what happens? There are a whole range of outcomes here."
WhatsApp users, for example, can assume that all of their chats are end-to-end encrypted, but what will happen in Facebook's newly homogenized platform if an Instagram user messages a WhatsApp user? It's unclear what sort of defaults Facebook will impose, and how it will let users know whether their chats are encrypted.
Facebook can also glean more data from unencrypted chats and introduce monetizable experiences like bots into them. The company has had a notoriously hard time earning revenue off of WhatsApp's 1.5 billion users, in part because of end-to-end encryption.
"We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private," a Facebook spokesperson said in a statement on Friday. "We're working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks. As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work."
Facebook emphasizes that this gradual process will allow it to work out all the kinks before debuting a monolithic chat structure. But encryption's not the only area of concern. Privacy advocates are concerned about the potential creation of a unified identity for people across all three services, so that messages go to the right place. Such a setup could be convenient in many ways, but it could also have complicated ramifications.
In 2016, WhatsApp started sharing user phone numbers and other analytics with Facebook, perforating what had previously been a red line between the two services. WhatsApp still lets users make an account with only a phone number, while Facebook requires your legal name under its controversial "real name" policy. The company maintains this rule to prevent confusion and fraud, but its rigidity has caused problems for users who have other safety and security reasons for avoiding their legal or given name, such as being transgender.
"If the goal is to allow cross-app traffic, and its not required to be encrypted, then what happens?"
Matthew Green, Johns Hopkins University
In a Wall Street Journal opinion piece on Thursday evening, Zuckerberg wrote that, "Theres no question that we collect some information for adsbut that information is generally important for security and operating our services as well." An indelible identity across Facebook's brands could have security benefits like enabling stronger anti-fraud protections. But it could also unlock an even richer and more nuanced user data trove for Facebook to mine, and potentially make it harder to use one or more of the services without tying those profiles to a central identity.
"The obvious identity issue is usernames. I'm one thing on Facebook and another on Instagram," says Jim Fenton, an independent identity privacy and security consultant. "In some ways, having the three linked more closely together would be good because it would make it more transparent that they are connected. But there are some Instagram and WhatsApp users who don't want to use Facebook. This might be seen as a way to try to push more people in."
Such a change to how chat works on the three brands isn't just a potentially massive shift for usersit also seems to have stirred deep controversy within Facebook itself, and may have contributed to the departure last year of WhatsApp cofounders Jan Koum and Brian Acton.
End-to-end encryption is also difficult to implement correctly, because any oversight or bug can undermine the whole scheme. For example, both WhatsApp and Facebook Messenger currently use the open-source Signal protocol (used in the Signal encrypted messaging app), but the implementations are different, because one service has the encryption on by default and the other doesn't. Melding these different approaches could create opportunities for error.
"Theres a world where Facebook Messenger and Instagram get upgraded to the default encryption of WhatsApp, but that probably isn't happening," Johns Hopkins' Green says. "Its too technically challenging and would cost Facebook access to lots of data."
And while end-to-end encryption can't solve every privacy issue for everyone all the time anyway, it's harder to know how to take advantage of it safely when a service doesn't offer it consistently, and creates potential privacy issues when it centralizes identities.
"I think they can work this out," Fenton says. "The bigger problem in my opinion is user confusion."
See the original post:
The Pitfalls of Facebook Merging Messenger, Instagram, and ...
- Review: SecureDrive BT, the encrypted external SSD you can unlock with Face ID - 9to5Mac - January 19th, 2020
- EncryptOnClick is a freeware tool that can encrypt files and folders - Ghacks Technology News - January 19th, 2020
- Trump and Comey Are United Against Encrypted Communications - Reason - January 19th, 2020
- Police Scotland to roll out encryption bypass technology - Glasgow Live - January 19th, 2020
- Encryption battle reignited as US govt at loggerheads with Apple - Times Now - January 19th, 2020
- Hardware Encryption Market Set To Register A CAGR Growth Of XX% Over The Forecast Period 2017 2025 - Fusion Science Academy - January 19th, 2020
- Malware Obfuscation, Encoding and Encryption - Security Boulevard - January 14th, 2020
- Microsoft CEO says encryption backdoors are a terrible idea - The Verge - January 14th, 2020
- Debate over access to encryption isn't going away - Washington Examiner - January 14th, 2020
- Over two dozen encryption experts call on India to rethink changes to its intermediary liability rules - TechCrunch - January 14th, 2020
- Encryption Software Market Booming by Size, Trends and Top Growing Companies- IBM Corporation, Sophos, Ciphercloud, Pkware, Mcafee - BulletintheNews - January 14th, 2020
- Hardware-based Full Disk Encryption Market Analysis With Key Players, Applications, Trends And Forecasts To 2025 - Instanews247 - January 14th, 2020
- Mobile Encryption Market Insights and Technology 2020, Forecasts to 2026 - Broadcast Offer - January 14th, 2020
- Garda needs new technology for online child abuse investigations - The Irish Times - January 14th, 2020
- IoT Security Solution for Encryption Market Research, Recent Trends and Growth F - News by aeresearch - January 14th, 2020
- Apple made a rare appearance at tech's biggest conference and defended encryption on the iPhone - Business Insider - January 8th, 2020
- Encryption Software Market to cross USD 20 Bn by 2026: Global Market Insights, Inc. - Yahoo Finance - January 8th, 2020
- Data Encryption Software Market Size by Top Leading Key Players, Growth Opportunities, Incremental Revenue , Trends, Outlook and Forecasts to 2025 -... - January 8th, 2020
- WidePoint Partners with KoolSpan to Offer End-to-End Encryption for Phone Calls and Text Messages - GlobeNewswire - January 8th, 2020
- Encryption Software Market 2020 Size, Growth By Top Companies, Forecast Analysis To 2027 - Citi Blog News - January 8th, 2020
- How to cope with a FileVault recovery key disappearing while you write it down - Macworld - January 8th, 2020
- Doing these 10 things on WhatsApp may land you in jail - Gadgets Now - January 8th, 2020
- Holistic encryption is one of the keys to California Consumer Privacy Act risk management - Continuity Central - January 6th, 2020
- Encryption Software Market 2020 Size, Share Metrics, Growth Trends and Forecast to 2026 - Food & Beverage Herald - January 6th, 2020
- New Informative Report of IoT Security Solution for Encryption Top Key Players are Cisco Systems, Intel Corporation, IBM Corporation, Symantec... - January 6th, 2020
- Maastricht University gets almost all of its Windows systems encrypted by ransomware - 2-spyware.com - January 6th, 2020
- Homomorphic Encryption Market Analysis, Industry Size, Application Analysis, Regional Outlook, Competitive Strategies And Forecasts (2020 2027) -... - January 6th, 2020
- The Week in Ransomware - January 3rd 2020 - Busy Holiday Season - BleepingComputer - January 6th, 2020
- Keep Your Business Secure From Online Threats - BBN Times - January 6th, 2020
- State Department Adds ITAR Definitions in Interim Final Rule for Activities that Are Not Exports, Reexports, Retransfers or Temporary Imports -... - January 6th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market Executive Summary and Analysis by Top Players 2020-2027: Seagate Technology PLC, Western... - January 6th, 2020
- Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools - BleepingComputer - January 6th, 2020
- Scientists in Scotland help develop worlds first encryption system that is unbreakable by hackers - The Independent - December 21st, 2019
- Apple Bows Down To Google As 2019 Most Trustworthy Recognition - International Business Times - December 21st, 2019
- Facebook , Apple being threatened by US senators over data encryption - Gizmo Posts 24 - December 21st, 2019
- How To Secure Microsoft Windows 10 In Eight Easy Steps - Forbes - December 21st, 2019
- Examine Mobile Encryption Market expected to obtain $2,917.9 million by 2022 - WhaTech - WhaTech - December 21st, 2019
- Facebook's end-to-end encryption will enhance user privacy but its not good news for law enforcement - Firstpost - December 21st, 2019
- Future of Encryption Software Market Reviewed in a New Research Study 2019-2025 - Daily News Reports 24 - December 21st, 2019
- Fortanix expert on how European companies are taking back control of their data in the cloud - Intelligent CIO ME - December 21st, 2019
- What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal - The Register - December 20th, 2019
- NYPD radio encryption most likely wont happen in 2020 but will soon - amNY - December 20th, 2019
- If You Think Encryption Back Doors Won't Be Abused, You May Be a Member of Congress - Reason - December 20th, 2019
- The decline of passwords, the rise of encryption and deepfakes cybersecurity predictions for 2020 - BetaNews - December 20th, 2019
- Facebook's Push for End-to-End Encryption Is Good News for User Privacy, as Well as Terrorists and Paedophiles - Nextgov - December 20th, 2019
- Internet of crap (encryption): IoT gear is generating easy-to-crack keys - The Register - December 20th, 2019
- What Is Snatch Ransomware and How to Remove It - Guiding Tech - December 20th, 2019
- Hardware-based Full Disk Encryption Market Executive Summary, Introduction, Sizing, Analysis and Forecast To 2025 - Market Research Sheets - December 20th, 2019
- NYPD Eyeing Encrypted Radios to Protect Criminal Investigations - Officer - December 20th, 2019
- Volunteer firefighters, EMTs worry they won't have NYPD radio access to help public - amNY - December 20th, 2019
- What We Learned About the Technology That Times Journalists Use - The New York Times - December 20th, 2019
- The Senate Judiciary Committee Wants Everyone to Know It's Concerned About Encryption - EFF - December 14th, 2019
- The Defense Department Says It Needs the Encryption the FBI Wants to Break - Free - December 14th, 2019
- Congress wants to regulate encryption for big tech - The Burn-In - December 14th, 2019
- Facebook says it won't break end-to-end encryption - TechRadar - December 14th, 2019
- Encryption spat sees backdoor back-and-forth between tech firms, Congress - TelecomTV - December 14th, 2019
- Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership - Techdirt - December 14th, 2019
- Large, diverse coalition of civil society groups tell the US, UK and Australian governments not to ban working encryption - Boing Boing - December 14th, 2019
- U.S. Attorney Justin Herdman of Ohio says agents need access encrypted devices, apps for the sake of public s - cleveland.com - December 14th, 2019
- Google makes it safer to text on Android phones, but end-to-end encryption is still MIA - PCWorld - December 14th, 2019
- Priti Patel bids to create end-to-end encryption apps' back door - The National - December 14th, 2019
- Encryption can't put tech giants beyond the reach of the law, Minister says - The Age - December 14th, 2019
- Chrome 79 includes anti-phishing and hacked password protection - Naked Security - December 14th, 2019
- Hardware Encryption Technology Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2027 - Downey... - December 14th, 2019
- Encryption back on the congressional agenda - Politico - December 9th, 2019
- Police radios blocked from the public in southeast Denver metro area - The Denver Post - December 9th, 2019
- Encryption Software Market Innovations, And Top Companies - Forecast To 2029| Microsoft, Sophos Ltd., Check Point Software Technologies Ltd. -... - December 9th, 2019
- Did You Hear That? Securing Communications in 2019 | Insight for the Connected Enterprise - No Jitter - December 9th, 2019
- 'Government broke their promise': Labor seeks to amend encryption legislation - Sydney Morning Herald - December 9th, 2019
- Global Hardware-based Full Disk Encryption Market 2019 Innovation and Technological Developments, Industry Analysis & Outlook 2023 - Weekly News... - December 9th, 2019
- Privacy vs public safety - the pros and cons of encryption - World Economic Forum - December 8th, 2019
- 80% of all Android apps encrypt traffic by default - We Live Security - December 8th, 2019
- Keybase moves to stop onslaught of spammers on encrypted message platform - Ars Technica - December 8th, 2019
- Labor says it will fix encryption laws it voted for last year - ZDNet - December 8th, 2019
- Nick Clegg to be summoned to Parliament to give evidence on Facebook encryption - Sunriseread - December 8th, 2019
- This startup just solves the data privacy problem by making it possible to search encrypted data in the cloud - TechStartups.com - December 8th, 2019
- Encryption Software Market to Discern Magnified Growth During 2017-2027 - Weekly Spy - December 8th, 2019
- Millions of Private Text Messages Have Been Exposed: Here's How to Encrypt Messages on iPhone and Android - Tech Times - December 8th, 2019
- Biometric Data Encryption Device Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2018 to 2028 -... - December 8th, 2019
- Certbot Leaves Beta with the Release of 1.0 - EFF - December 8th, 2019