Facebook will begin testing a new “secret conversations” feature for its Messenger service that will offer end-to-end encryption between the sender and receiver, the company announced Friday.
The privacy features in theory allow the messages to be encrypted so no one else can read them – including Facebook. Such features are increasingly being offered by a slew of other messaging services, including Telegram, Wickr, and Google's Allo.
For Facebook, which plans to begin rolling out the feature to a limited group of users, it is the latest in several efforts to expand Messenger. The service now has 900 million regular monthly users, but it still lags behind WhatsApp, which offers fuller encryption features and is also owned by the tech giant.
"The fact that we have 1.65 billion people on Facebook already makes Messenger the best live, self-updating address book in the world," David Marcus, a former PayPal executive who has overseen Messenger's expansion since 2014, told The New York Times. "Because of the scale of our network, I feel like we really have a shot at this."
Recently, Facebook has added a variety of features to Messenger, including letting people send money to their friends through the app and make a voice or video call. It also integrated a variety of chatbots that send users customized recommendations or information.
With an estimated 10,000 bots now available via the service, including assistance for users ordering an airline ticket or getting news customized to their interests, the bots also offer the service a way to make money, by connecting users with a variety of companies.
But for privacy advocates, the variety of information users may share with a chatbot, coupled with Facebook’s already existing trove of information via its social network, raises some concerns.
"With time, the need for a better user experience could force Facebook to grant more permissions directly to bots," Hamza Harkous, a PhD student at Switzerland’s École Polytechnique Fédérale de Lausanne who has studied the effect chatbots have on privacy, told the Monitor in June.
"It would be interesting to see how these permissions will work and how much control the user has. What could be a privacy nightmare is if Facebook is left to determine when and what permissions to grant based on the chatbots' request," he added.
A Facebook spokesperson told the Monitor it has policies in place to prevent "sub-par" bots from getting to users and to govern what information the bots can gain about users.
With Friday's announcement of the "secret conversations" feature, it hopes to burnish those privacy-enhancing credentials, noting in a blog post that the feature is currently optional and will be rolled out to more users later in the summer.
That's a key difference from encryption offered by both WhatsApp and Apple, which both automatically encrypt messages, a stance that's generated considerable debate from law enforcement officials. Much like Snapchat, Facebook users can also set a timer to control how long an individual message is visible.
The encrypted conversations will also only be available to read on one device. Facebook's encryptions don't currently support more sophisticated features such as GIFs, videos, and making payments, the company says.
The new feature is based on a protocol known as Signal, created by the non-profit Open Whisper Systems, that's currently being used in WhatsApp, Allo, and Signal's own app, Wired reports.
When Google announced that encryption would also be available as an opt-in feature rather than by default in its own Allo messaging service in May, some privacy advocates were troubled.
But despite the current limitations, the inclusion of secret conversations in Facebook's Messenger does bring more private messaging to an even broader group of users, Matthew Green, a Johns Hopkins computer scientist who reviewed Facebook's encryption as an outside consultant, told Wired.
"This is just a huge number. It brings access to encrypted messaging to nearly a billion more people," he said. "If you make a list of all the messaging services that have end-to-end encryption and the ones that don’t, we're starting to live in a world where the ones that don't are mostly in China."