Meta Finally Launches Default End-To-End Encryption In Messenger

For many, many years we've been calling on companies to enable end-to-end encryption by default on any messaging/communications tools. It's important to recognize that doing so correctly is difficult, but not impossible (similarly, it's important to recognize that doing so poorly is dangerous, as it will lead people to believe their communications are secure when they are most certainly not).

So, over the years we've been hopeful as Meta made moves towards implementing end-to-end encryption in Facebook Messenger. However, over and over during the past decade or so, those working on the issue have told us that while Meta really wants to set it up, the practical realities of doing it correctly are way more complex than most people think. And that's ignoring the fact that law enforcement, intelligence agencies, and, even random shareholders, have tried to get Meta to move away from its encryption plans.

And, now, finally, Meta has announced that Facebook Messenger is end-to-end encrypted by default.

Today I'm delighted to announce that we are rolling out default end-to-end encryption for personal messages and calls on Messenger and Facebook, as well as a suite of new features that let you further control your messaging experience. We take our responsibility to protect your messages seriously and we're thrilled that after years of investment and testing, we're able to launch a safer, more secure and private service.

Since 2016, Messenger has had the option for people to turn on end-to-end encryption, but we're now changing private chats and calls across Messenger to be end-to-end encrypted by default. This has taken years to deliver because we've taken our time to get this right. Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up. We've introduced new privacy, safety and control features along the way like delivery controls that let people choose who can message them, as well as app lock, alongside existing safety features like report, block and message requests. We worked closely with outside experts, academics, advocates and governments to identify risks and build mitigations to ensure that privacy and safety go hand-in-hand.

The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver's device. This means that nobody, including Meta, can see what's sent or said, unless you choose to report a message to us.

It's extremely rare that I'd offer kudos to Meta, but this is a case where it absolutely deserves it. Even if some of us kept pushing the company to move faster, they did get there, and it looks like they got there by doing it carefully and appropriately (rather than the half-assed attempts of certain other companies).

I am sure that we'll hear reports of law enforcement and politicians whining about this, but this is an unquestionably important move towards protecting privacy and private communications.