Facebook Messenger E2EE

Facebook Messenger has what is called “Secret conversation” which is supposedly end-to-end encrypted. So if for whatever reason the person you want to talk to does not want to use a more privacy friendly app, I guess it’s better than nothing?

Food for thought :

  1. Why would Meta implement such a feature, if their business model is stealing our personnal data (for exemple like scanning through our conversations)?

  2. Can we really thrust that they can not access our conversation? In their Help Center, Meta writes “When you report an end-to-end encrypted conversation, recent messages from that conversation will be decrypted and sent securely from your device to our Help Team for review.” If they can decrypt the conversation if we report it, it would also mean they can decrypt it whenever they want, if they wanted to, is that correct? How is this E2EE?

1 Like

It is end-to-end from your device to the recipient. That means your device can decrypt the message. If you report something to meta, they take your client-side decrypted recent messages and send those to the support team, not what is on the server in its encrypted state.

1 Like

No, we can’t really trust anything unless we actually see and verify the code, which is not the case with Facebook Messenger or WhatsApp.

This news below might give an insight of how Meta handles E2EE in Facebook Messenger, considering Meta owns both of them:

That’s what they told us, nothing to prove whether that’s the case. To this day, nobody knows what’s in the metadata that’s sent along with your message, e.g. Does it include your encryption key to further decrypt all your messages?

And don’t forget that they can retain your messages for as long as they would want to, providing that it is compiling with certain legal obligations:

How long we need to retain the information to comply with certain legal obligations