Meta Defies FBI Opposition To Encryption, Brings E2EE To Facebook, Messenger (arstechnica.com) 39
Meta held firm, telling Ars in April that "we don't think people want us reading their private messages" and that the plan to make end-to-end encryption the default in Facebook Messenger would be completed before the end of 2023. Meta also plans default end-to-end encryption for Instagram messages but has previously said that may not happen this year. Meta said it is using "the Signal Protocol, and our own novel Labyrinth Protocol," and the company published two technical papers that describe its implementation (PDF). "Since 2016, Messenger has had the option for people to turn on end-to-end encryption, but we're now changing personal chats and calls across Messenger to be end-to-end encrypted by default. This has taken years to deliver because we've taken our time to get this right," Crisan wrote yesterday. Meta said it will take months to implement across its entire user base. A post written by two Meta software engineers said the company "designed a server-based solution where encrypted messages can be stored on Meta's servers while only being readable using encryption keys under the user's control."
"Product features in an E2EE setting typically need to be designed to function in a device-to-device manner, without ever relying on a third party having access to message content," they wrote. "This was a significant effort for Messenger, as much of its functionality has historically relied on server-side processing, with certain features difficult or impossible to exactly match with message content being limited to the devices."
The company says it had "to redesign the entire system so that it would work without Meta's servers seeing the message content."