In an effort Led by CEO Mark Zuckerberg, Facebook has plans to rearchitect WhatsApp, direct messages from Instagram and Facebook Messenger so messages can travel through any of the platforms. The New York Times On Friday he reported the measure for the first time, noting also that Zuckerberg wants the initiative to "incorporate end-to-end encryption." However, merging those infrastructures would be a massive task, but designing the scheme to universally preserve end-to-end encryption, in a way that users understand, poses an additional set of additional critical challenges.
As things stand now, WhatsApp chats are encrypted by default by default, while Facebook Messenger only offers the feature if you activate "Secret conversations". Currently, Instagram does not offer any kind of end-to-end encryption for their chats. The movement of WhatsApp to add default encryption for all users was a turning point in 2016, providing protection to a billion people by flipping a switch.
Facebook is still in the early stages of planning the homogenization of its messaging platforms, a move that could increase the ease and quantity of secured online chats by an astonishing order of magnitude. But cryptographers and privacy advocates have already raised a number of obvious obstacles that the company faces in doing so. The end-to-end encrypted chat protocols ensure that the data is only decrypted and intelligible on the devices of the sender and the recipient. At least that's the idea. In practice, it can be difficult to use protection effectively if it is enabled for some chats and not for others and can be activated and deactivated in a chat at different times. When trying to unify its chat services, Facebook must find a way to help users easily understand and control encryption from end to end as the ecosystem becomes more porous.
"The big problem I see is that only WhatsApp has a default end-to-end encryption," says Matthew Green, a cryptographer at Johns Hopkins. "So, if the goal is to allow cross-application traffic, and it does not need to be encrypted, what happens, there's a whole range of results here."
WhatsApp users, for example, can assume that all their chats are encrypted end-to-end, but what will happen to the newly homogenized Facebook platform if an Instagram user sends a message to a WhatsApp user? It is not clear what kind of default values Facebook will impose, and how it will allow users to know if their chats are encrypted.
Facebook can also collect more data from unencrypted chats and introduce monetizable experiences like bots on them. The company has had significant difficulties in obtaining revenue from the 1.5 billion WhatsApp users, in part due to end-to-end encryption.
"We want to create the best messaging experiences we can and people want messaging to be fast, simple, reliable and private," a Facebook spokesman said in a statement on Friday. "We are working to make our messaging products more encrypted and consider ways to make it easier to reach friends and family through networks." As expected, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work. "
Facebook emphasizes that this gradual process will allow you to solve all the problems before debuting in a monolithic chat structure. But encryption is not the only cause for concern. Privacy advocates are concerned about the possible creation of a unified identity for people in all three services, so the messages go to the right place. Such a configuration could be convenient in many ways, but it could also have complicated ramifications.
In 2016, WhatsApp began sharing user phone numbers and other analyzes with Facebook, drilling what had previously been a red line between the two services. WhatsApp still allows users to create an account with just a phone number, while Facebook requires its legal name under its controversial "real name" policy. The company maintains this rule to avoid confusion and fraud, but its rigidity has caused problems for users who have other security reasons to avoid their legal or given name, such as being transgender.
"If the goal is to allow cross-application traffic and it does not need to be encrypted, what happens?"
Matthew Green, Johns Hopkins University
in a Wall Street Journal The opinion piece on Thursday evening, Zuckerberg wrote: "There is no doubt that we collect information for the announcements, but that information is generally important for security and to operate our services as well." An indelible identity in all Facebook brands could have security benefits such as enabling stronger anti-fraud protections. But it could also unlock even richer and more nuanced user data so that Facebook can exploit them, and potentially hinder the use of one or more of the services without linking those profiles to a central identity.
"The obvious identity problem is usernames, I'm one thing on Facebook and one on Instagram," says Jim Fenton, an independent privacy and identity security consultant. "Somehow, having the three linked more closely would be good because it would make it more transparent that they are connected, but there are some users of Instagram and WhatsApp who do not want to use Facebook, which could be seen as a way to try to push more people in. "
This change in the way chat works on all three brands is not just a potentially massive change for users, it also seems to have sparked a deep controversy on Facebook, and may have contributed to the departure last year of the WhatsApp co-founders , Jan Koum and Brian. Acton.
End-to-end encryption is also difficult to implement correctly, since any oversight or error can undermine the entire scheme. For example, WhatsApp and Facebook Messenger currently use the open source signal protocol (used in Signal's encrypted messaging application), but the implementations are different, because one service has encryption enabled by default and the other does not. The merging of these different approaches could create opportunities for error.
"There is a world in which Facebook Messenger and Instagram are updated to the default encryption of WhatsApp, but that probably is not happening," says Green of Johns Hopkins. "It's too challenging from the technical point of view and it would cost Facebook access to a lot of data."
And while end-to-end encryption can not solve all privacy issues for everyone all the time anyway, it's harder to know how to take advantage of it securely when a service does not offer it consistently, and creates potential privacy issues when Centralize identities.
"I think they can solve this," says Fenton. "The biggest problem in my opinion is user confusion."
More great stories WIRED