Facebook Messenger is one of the most popular online chat services, but even casual fans know that it's not necessarily the most secure. Facebook messages are theoretically private, but without encryption, they're accessible to everyone from law enforcement to cybercriminals to Facebook itself.
However, Facebook is looking to address this issue with a new Secret Conversations feature, which is now available to a select few users and will get a full release in September.
Tech news site TechCrunch took a deep dive with the service, which promises end-to-end encryption on all conversations between two participants — if the participants want it, that is. End-to-end encryption means that messages are encrypted on the sender's device and decrypted only once they reach the recipient's device. Encryption keys are generated on-the-fly. In this way, no outside party can read the message, not even Facebook.
The most obvious advantage of Secret Conversations is that they're totally private. What you're saying will (theoretically) never get beyond you and your intended recipient. (There's no real reason why existing Facebook messages should get beyond their intended recipients either, but the possibility does exist.)
Facebook said to TechCrunch that users probably don't need Secret Conversations for every bit of ephemera, but they could be a crucial extra layer of security when discussing sensitive matters such as Social Security numbers, banking information or personal medical issues. Users can also set messages to "self-destruct," or automatically erase themselves from both devices after a set period of time. Users can already delete regular Facebook Messenger conversations, although it's a bit of a process and only works if both participants take active steps.
On the other hand, end-to-end encryption also comes with a number of drawbacks. Encrypting text is hard enough; encrypting GIFs, videos, online payments and other "rich content" won't be possible, at least not at first. Furthermore, Secret Conversations work only between two participants; it's not feasible to offer end-to-end encryption options for a whole group.
Finally, the option is available only on iOS and Android devices at present. On Twitter today (July 8), Facebook Chief Security Office Alex Stamos downplayed the possibility of getting Secret Conversations to work on the desktop version of Messenger.
"Hundreds of millions use Messenger from a web browser," Stamos tweeted. "No secure way to verify code or store keys without routing through mobile."
If you're one of the lucky few who has access to Secret Conversations now (you'll know if you are; determining the beta testers was an active opt-in process, not a random selection), open up Messenger on an Android or iOS device. Open a conversation with a friend, then tap his or her name and select the Secret Conversation option. You can turn it on and off as necessary from there.
Encrypted chat is generally a good thing, although in Facebook Messenger's case, it may not address a critical privacy vulnerability. Facebook users are notorious for getting phished, and if a cybercriminal can log into your account, he or she can read your encrypted messages just as easily as unencrypted ones. As always, encryption will protect you from a lot, but not from your own carelessness.