Privacy nerds got some good and some bad news on Friday, when Facebook became the latest major company to embrace encryption, rolling out an optional end-to-end encrypted option in Messenger called "Secret Conversations."
The good news is that this will give more than 900 million people the option to chat securely via Facebook Messenger. The bad news is that it's just opt-in for now.
For some, this is an half-assed effort: either go all in and make all messages encrypted by default, or don't bother.
The Facebook-owned chat app WhatsApp, on the other hand, turned on end-to-end encryption by default (using the Signal Protocol just like Facebook) for all its more than 1 billion users just a few months ago. And even though the integration of the Signal Protocol and WhatsApp took more than a year, that felt like a flip of a switch for a project of that scale. From that day on, all chats got encrypted.
So why not do the same for Facebook Messenger? Why can WhatsApp do it and not Facebook Messenger?
The short answer is that it's easier to roll-out encryption by default for WhatsApp because it lives on only one device (you can't use it on multiple places, except by syncing it on the web), while Facebook Messenger lives on multiple devices, and people use it both via the web (on not one but two different sites, Facebook.com and Messenger.com) as via the app.
That's the big challenge here: people use Facebook Messenger via those websites, and doing encryption via the browser is notoriously hard.
"If you use Messenger from the web browser there's just no way to do encryption reliably," Matthew Green, an assistant professor at Johns Hopkins University who worked as an outside consultant with Facebook o this project, told me. "You can't store [encryption] keys on a browser."
And for Facebook, it's not just technically harder to implement the crypto, but would likely change the way people chat and use Messenger.
"We wanted to not disrupt how people are used to using our products," Tony Leach, Facebook Messenger's product manager, told Motherboard in a phone call. "For us this is taking a really well established, really fast-growing and really meaningful part of a lot of people's lives and advancing it one step forward."
"We didn't want to make such drastic changes to our user experience."
The user experience argument is actually entangled with the crypto argument. The challenge for Facebook Messenger is that a lot of people use it via the web, and as Alex Stamos, Facebook's chief security officer, explained, there is "no secure way to verify code or store keys without routing through mobile."
Routing through mobile is how WhatsApp allows people to chat via the web. The user syncs his or her browser by scanning a barcode with their phone, and their messages then get mirrored on the browser. And, at least for now, Facebook doesn't want to do that for Messenger.
"That would fundamentally change the way everyone who already uses Messenger, uses Messenger," Leach said. "We didn't want to make such drastic changes to our user experience."
Green, who said he wishes it was by default, was sympathetic with Facebook's argument.
"You take an existing service where people don't have to do that, you tell 900 million people that in order to use the web service they're already using, you have to do this complicated thing," Green told me in a phone call. "There's just no good way to do it that's not going to compromise security in some way."
So, at least for now, Secret Conversations will only be opt-in, and will only be available for one single device. But for Moxie Marlinspike, the cryptographer behind the Signal Protocol, there's nothing stopping Facebook from changing that in the future.
"I don't think there are technical limitations that make [end-to-end] deployment by default impossible in this case."
"Every deployment poses its own challenges," Marlinspike told Motherboard in an online chat. "But I don't think there are technical limitations that make [end-to-end] deployment by default impossible in this case."
The debate over encrypting by default versus opt-in is a recurring one. Privacy and anti-surveillance experts believe that it's a provider's responsibility to protect all messages, with no compromises. When Google announced its new chat app, Allo, the search giant made a similar decision—and was lambasted for it. Google enabled end-to-end encryption powered by the Signal Protocol, which is the de-facto gold standard for encrypted chats, only as an optional feature, and not the default. Telegram, another popular messaging app, has been repeatedly criticized for only offering end-to-end encrypted chats as an optional feature.
For some privacy advocates, Facebook's opt-in encryption a good first step; for others, an unforgivable compromise.
This story has been corrected to reflect that WhatsApps' integration of the Signal Protocol was a process that lasted more than a year.