In the midsts of Yahoo’s recent major security missteps, Facebook is rolling out an option to encrypt conversations its chat app Messenger. Although the Facebook-owned WhatsApp has had this feature as a default for more than a year, the update to Messenger is only coming now and you should definitely start using it right now.
A Facebook Spokesperson spoke with WIRED explaining the company just finished rolling out “Secret Conversations” to all 900 million Facebook Messenger users in the past few weeks. It allows users to encrypt their messages so that no one can read them except the two people on either end of a conversation—not even Facebook or law enforcement or intelligence agencies.
“Your messages are already secure, but Secret Conversations are encrypted from one device to another,” states a description in the app when users initiate their first encrypted conversation.
It’s important to note that this is an opt-in feature and requires an extra step when creating the conversation. Additionally, this cannot be applied to older messages – a new “Secret Conversation” must be created for each new chat.
Here is how to do it: Tap the ‘new message’ icon then tap the ‘Secret’ option in the top right corner. After selecting the recipient you can begin your conversation which will appear in black text bubbles and not the usual blue. You can also view the recipient within messenger and tap the ‘Secret Conversation’ option on that page (see left screenshot).
You can also time your messages to be permanently deleted. Each message can have its own time from 5 seconds to one day which begins the moment you send it.
The feature is only available on iOS and Android apps, not desktop or mobile web versions. Only the initial devices used to send and receive the secret message will be able to access the conversation–no device swapping here. The app update did not include any indication of this of this change, so be sure you have the most updated version and you will be fine.
Secret Conversations uses the Signal encryption system which is widely accepted in the security community. Facebook first announced the new security mechanism and tested it with beta users in July. Google’s new Allo messenger also includes the encryption option, though is also an opt-in feature.
The major issue here is that this feature is not a default as it is in WhatsApp and the Signal App. Only users who care to try and learn this flow (and follow it each time they start a new conversation) will be protected from potential data compromise. This could be in-part due to Facebook protecting the user experience as the encrypted messages do not offer all of Messenger’s features. “With secret conversations, you can send messages, pictures and stickers. Secret conversations don’t support group messages, gifs, videos, voice or video calling or payments” states Facebook’s help page.
Regardless of the opt-in issue, the addition of a simple and powerful encryption to Facebook’s massively popular Messenger app was a long time coming and we just glad that it is there at all.