Messenger and Instagram without privacy protection. Full data encryption at the earliest in 2023

Although it is hard to believe, the messengers operated by Meta still do not offer encryption of messages – although work on the implementation has been carried out for years. Messenger and Instagram are still not fully protected.

Messenger and Instagram are some of the most widespread communication services on the Internet – the former in particular. Despite this, end-to-end encryption (E2EE) is still an elusive technology for Meta. Although there is more and more evidence that the reasons for the tardiness may be less technical and more political.

Already in 2019, Meta – then still as Facebook – announced that it was working on implementing message encryption for its messengers. In May this year, the company admitted that users cannot count on the implementation of encryption mechanisms earlier than next year. Unfortunately, this term is also becoming obsolete.

According to the information obtained by the Guardian editors, the implementation of message encryption is to take place no earlier than 2023. The Telegraph, which asked the representative of Meta for a comment, learned that the problem and the cause of the delay was the lack of will to obstruct the work of law enforcement agencies.

“We have to find a balance between security, privacy and security. There needs to be a balance between keeping users private and safe for conversation, and providing a safe environment and providing law enforcement authorities with data to prevent potential harm in the real world. We have discussed tools that can protect user privacy and, at the same time, provide security through behavioral and traffic analysis without reading the content of the message. There was no consensus on the recommended approach to the issue, but experts encouraged us to consult further in order to achieve an appropriate balance, ”reads Meta’s statement.

Once E2EE encryption is finally implemented, Meta is to use a combination of unencrypted data from our applications, account information, and user submissions to ensure security, privacy, and cooperation with law enforcement.

The theory that Meta has had years of technical difficulties in implementing end-to-end encryption into its communicators seems doubtful. In fact, the company is under pressure from law enforcement agencies as well as organizations working to protect minors on the Internet. Full encryption is a method of privacy protection so effective that, after its implementation, Meta, even if it wanted to cooperate with the police, would not be able to do it anyway – content encrypted with this method is unreadable for third parties, it is readable only for the sender and recipient.

The need to ensure the privacy of correspondence, according to many experts, seems to be the overriding one. Meta is extremely reluctant to provide it, as most other solutions provide this type of encryption, including Signal, iMessage, Skype, Microsoft Teams, Telegram, or even Meta’s WhatsApp (although E2EE encryption is disabled by default in some of these services). The fact that Messenger is the market leader and serves hundreds of millions of users should not be a decisive factor here.

Regardless of views and ideas for solving the above problem, the facts remain the same. Messenger and Instagram still do not fully protect the privacy and, unfortunately, that will not change in the foreseeable future.

As part of end-to-end encryption, only persons participating in the data exchange (conversation) can read the data exchanged. No one else can preview their content, including the operator of the service providing the communication. Since no third party can decrypt the transmitted or stored data, service providers using such encryption are unable to communicate the content of their customers’ messages to the authorities.