It is no secret Facebook doesn’t have the greatest track record when it comes to security and privacy. With scandal after scandal showing just how untrustworthy Facebook is. Creating a knock-on effect in the number of users that are fleeing the platform.
Due to this exodus of users, Facebook has been trying to make changes to appear as though they now care about privacy. One of these changes was to introduce end-to-end encryption (E2EE) in Facebook Messenger. But after government pushback, Facebook has delayed its implementation. Do they care about your privacy?
Facebook Messenger popularity
Facebook Messenger is one of the most popular messaging services in the world. With 1.3 billion users globally.
In the United States, it is the number one messaging platform, with 106 million active users, more than double the users of second-place Snapchat. Worldwide, Facebook Messenger isn’t as popular as the also Facebook-owned WhatsApp. But it is still widely used.
Facebook Messenger is riding on the coattails of Facebook’s wider social media presence. Most people that have a Facebook account probably use Facebook Messenger in some way. Even if it isn’t as their main messenger. Though recently, for the first time, Facebook lost 500k daily users, leading to a huge hit in the stock market. Facebook’s dominance for the first time seems to be under threat.
Facebook Messenger’s history with E2EE
Facebook has had a weird history with E2EE on Facebook Messenger. By default, Facebook Messenger conversations are not encrypted. This means that Facebook can view your messages if they want to, and even parse them for data for advertising. This is the risk anyone runs when they use unencrypted messaging services.
Facebook did introduce “Secret Conversations”, but it wasn’t pushed by them in any way. Secret Conversations were E2EE chats, but they lacked some of the features that you find in your standard Facebook Messenger chat. Such as group messages, GIFs, and voice/video calling. Though in August 2021, they did finally seem to finally be working on adding group messaging and voice/video calling to their small E2EE portfolio.
Not to mention the option was nestled deep in menus anybody rarely ventures into. Secret Conversations felt like nothing more than a way for Facebook to pretend they cared about E2EE for Messenger, without having to commit to anything.
For a long time, people weren’t bothered that Facebook Messenger wasn’t encrypted by default or just simply not aware. People were happy to have an easy-to-use messaging service that allowed them to contact their friends and family with little fuss.
What Facebook didn’t bank on was that over the years, as many shocking stories leaked about their reprehensible practises regarding user privacy, people would demand more. The 2018 Cambridge Analytica scandal in particular was a turning point for many people. Suddenly the privacy of Facebook was a big issue. So Facebook had to start implementing as many privacy-related features as they could to make it seem like Facebook did care about your privacy.
Ultimately, that is what led us to where we are today. To a certain extent, many people are willing to trade privacy for convenience. But, like many companies, Facebook took its users for granted, went a step too far, and ended up costing themselves both users and money.
Facebook announces E2EE by default for Facebook Messenger
Back in 2019, it was revealed that Facebook planned to add E2EE by default for Facebook Messenger. Then there was silence, Facebook didn’t reveal any sort of timeline, that was until 2021 when The Telegraph reported that E2EE wasn’t expected to be implemented until well into 2022.
Then, just a few short months later, The Guardian revealed that Facebook had delayed default encrypted messaging until at least 2023. What happened? Governments raised concerns that it would protect child abusers, pressuring Facebook to not implement it. With Facebook already on thin ice with their recent behaviour, they had no real choice but to relent and delay.
No Place To Hide
It was announced back in September 2021, that the UK government would be beginning a PR push to demonise E2EE. The campaign was dubbed “No Place To Hide”, cost the UK taxpayer £500k, and was run by the ad agency M&C Saatchi (who used to run the currently ruling Conservative Party’s ad campaigns). The ad agency also roped in several UK non-profits to tweet in support of their No Place To Hide campaign.
The UK’s Home Secretary, Priti Patel, said:
“The offending will continue, the images of children being abused will proliferate – but the company intends to blind itself to this problem through end-to-end encryption which prevents all access to messaging content.”
The UK Home Office also tweeted publicly their stance on E2EE:
The campaign hasn’t made any sort of tangible impact on the discourse surrounding E2EE, but ultimately, they got a hollow victory getting Facebook to delay until 2023. Also, it shows just how unknown Secret Conversations are that the UK government decided to not even allude to them in any way.
For a long time now, governments around the world have been trying to demonise E2EE.
In the wake of 9/11, it was that E2EE facilitated terrorism. This sort of thinking is what led to operations such as Optic Nerve. A mass surveillance program that spied on people around the world, and was infamously shut down after being a complete waste of time. Optic Nerve worked by intercepting unencrypted video and chats from Yahoo! Messenger. This time around, governments are leaning on child abuse to help discredit E2EE.
Why would we trust them?
Optic Nerve used terrorism to demonise E2EE at a time when fear was high due to the media landscape. This allowed for Optic Nerve to have a nice clear run at spying on people all over the world. No pesky encryption to get in the way of invading peoples’ privacy.
Taking this into account, why wouldn’t they try it again? Child abuse is a naturally evocative topic to use to scare people into thinking removing E2EE is the only way to keep their children safe. And then use that fear to spy on people. The only reason I can think of is that Optic Nerve showed it wasn’t effective. But, that hasn’t stopped them before. Or maybe it’s a case of “better to be safe than sorry”, but ultimately, we are the ones that end up being sorry when our unencrypted data gets leaked and our privacy compromised.
Money better spent elsewhere
What is so frustrating about the waste of money that is No Place To Hide, is that £500k goes a long way to helping educate people on the real dangers of communication online. That money could be used to educate both parents and children on how to be safe online. The money could be used to educate people on why E2EE is vital to privacy and security online.
Instead, it was decided the money be wasted on a pointless campaign that was designed to do nothing but give the UK government more data to pore through of its citizens. Money that could have done so much more.
This isn’t even the first time the current UK government has designed ways to spend money it supposedly doesn’t have on initiatives that make no sense. This is the same UK government that wants to introduce a “Porn Pass” that will require people to hand over their ID and other PII just to view porn. Of course, it’s to “protect the children” but it has no basis in reality, that’s why it’s been indefinitely delayed multiple different times now.
Does Facebook care about your privacy?
Before the No Place To Hide campaign even really kicked off we saw that Facebook folded and delayed their launch of E2EE by at least a year. I mentioned previously that because of their previous transgressions Facebook didn’t have much of a platform to fight back from. Their goal right now is more to keep on the good side of as many powerful people as possible.
But this move just shows that Facebook doesn’t care about your privacy. They could have stuck to their guns and stated that E2EE was a vital part of keeping its users safe. But because they don’t care, they just folded under the smallest amount of pressure.
Is that a company you want to be giving any of your data to? Throw in the multitude of scandals Facebook has had, and they just aren’t worth your time.
But for your average person that doesn’t even know what E2EE is, Facebook has to do better. Especially as the age demographics of the service shift ever higher. But we’ve seen Facebook doesn’t like to take responsibility, only retroactively when they get called out.
Facebook is tracking you regardless
Theoretically, when Facebook introduces E2EE in 2023, does that mean the service is private and okay to use? Not really.
Because Facebook Messenger is tied to your Facebook account, Facebook can still track your usage habits and use these metrics to make money off you. They can track how often you use Messenger, when you are most active, who you talk to, and much more.
This is how Facebook makes their money. Even if they can’t scour your message history anymore. They can still track everything else you do around it. This goes the same for WhatsApp, which has had E2EE since 2016. They admit as much in their Terms of Service.
E2EE encryption is a good step, but Facebook as a platform exists to harvest your data, and they will no matter what.
Are there any good alternatives?
As people became disillusioned with Facebook owning the two most popular messaging platforms in the world. Many privacy-centric alternatives rose to the challenge. The most popular and well-known is Signal.
A messenger that is very much like WhatsApp in design, but with privacy and security at its core. Signal is run by the Signal Foundation, a non-profit, meaning they have nothing to gain from tracking you or selling your data. Of course, Signal is E2EE by default.
Something a bit different is messengers built on the Matrix Protocol. You can choose the client you want and speak with others using whatever Matrix client they want. If you would like to learn more, we have an in-depth blog here.
We have a series of blogs dedicated to finding privacy-centric alternatives to different popular messaging services. Give them a read!
vpn-does”>Facebook doesn’t care, but hide.me vpn does
As a vpn company, we are well versed in the tactics of governments around the world using E2EE as a bogeyman of sorts. “If only there was no E2EE, we would catch all the bad guys!”. They know it’s a lie. We know it’s a lie.
That is why hide.me vpn cares about E2EE. Encryption is what we do best, and we will always fight to make sure that people have access to a free, open, private, and secure internet. Whether that means introducing cutting edge vpn protocols to keep our users safe. Or even implementing Multihop, a way to connect through two vpn servers, rather than just one!
Regardless of what governments around the world think. We will continue fighting for E2EE, and actively making sure that as many people as possible are educated on the matter. The more we encrypt, the more power we have over our own data.
We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.
Have you considered using a vpn?
By using a vpn you get enhanced security whilst online, and the ability to circumvent censorship, amongst much more. Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone.
Get hide.me vpn!
If you have any questions, please feel to contact our 24/7 support team either at firstname.lastname@example.org or via live chat.