Facebook’s new “all or nothing” legal fight with the U.S. government could be surprisingly bad news for the billion-plus people using Facebook Messenger. If you’re one of them, here’s why you should switch to an alternative for 2021.
SOPA Images/LightRocket via Getty Images
Facebook’s latest antitrust battle centers on the strategy behind its acquisitions of WhatsApp and Instagram, the threat being the forced divestiture of both. Right now, though, those two apps plus Messenger are in the midst of a protracted three-way integration to create the world’s leading messaging platform. First touted two years ago, this was the realization of CEO Mark Zuckerberg’s vision for “the future of communication [to] increasingly shift to private, encrypted services.”
You’ll have noticed that there’s a messaging war underway to attract users to these stickiest of platforms, while datamining and monetizing this vast, captive audience of interconnected users. Facebook dominates this landscape—WhatsApp and Messenger are the two largest platforms, having attained a cross-platform ubiquity unmatched by anything else. WhatsApp is secure by default, whereas Messenger is anything but—even snooping on your private content. Not exactly in keeping with Zuckerberg’s “privacy-focused vision for social networking.”
So, what’s the problem? Unlike WhatsApp, iMessage, Signal, even Google’s (currently beta) planned update to Android Messages, Facebook Messenger doesn’t offer end-to-end encryption by default. This isn’t some niche security setting for you to overlook, this is absolutely fundamental to the security and privacy of your information.
This messaging integration program would make it harder to force any kind of Facebook break-up, but buried within that program there’s the promise of a major fix for Messenger’s gaping security hole. And that fix is now looking unlikely anytime soon. This is even more likely to be the case given that securing Messenger has become a provocation to the government, and one that were it to progress would only fuel its campaign against the company.
Facebook has said that “privacy is at the heart of Messenger,” but it has also admitted to “spying” on user content to enforce its rules and even downloading private files. End-to-end encryption would stop those behaviors dead in their tracks. But any such update was already delayed, with no launch date in site, and that just got much worse.
When Facebook first announced that Messenger would become end-to-end encrypted by default, it was part of that plan to integrate the back-end platforms underpinning Messenger, Instagram and WhatsApp. The idea being that all Facebook’s messaging technologies would become interoperable, expanding the user base and, clearly, the opportunities to mine all that metadata and monetize all those eyeballs.
Messenger and Instagram have now been integrated, to an extent, but WhatsApp is different. Yes, Facebook’s moves to commercialize the app are irritating, but they don’t compromise its fundamental security. And, yes, there are weakness is how WhatsApp is set-up be default. But you can fix these by changing some of the settings.
WhatsApp Vs Facebook Messenger
WhatsApp still captures user metadata—data about messaging and contacts, albeit not the content of the messages themselves. But as you can see from Apple’s new privacy labels (see graphic above) for WhatsApp and Messenger, there’s a stark difference. Some of this is down to their very different approaches to user privacy, but a good deal is down to the limitations where end-to-end encryption is in place (see below).
Facebook knows that expanding end-to-end encryption has become a major provocation to the U.S. government and key allies, which argue that it provides a hiding place for serious criminals, sex offenders and terrorists. Facebook has become the biggest defender of such security, somewhat ironically. Against that backdrop it is not likely to accelerate its plans for Messenger, provoking more of a lawmaker backlash, especially when its ownership and integration of WhatsApp—the driver behind encrypting Messenger—is potentially at risk.
Earlier this year, before the latest legal escalation, Facebook told me that it remains “very committed to making Messenger end-to-end encrypted by default,” and that any delay “is consistent with what we’ve said since the launch—that it’s going to take time and we’re committed to doing this right.” But a lot has happened since then.
“People should be able to communicate securely and privately with friends and loved ones without anyone—including Facebook—listening to or monitoring their conversations,” assured Facebook product manager Jay Sullivan. “People should be able to send medical information, private financial or payment details, and other sensitive content with the confidence it will not fall into the hands of identity thieves or others with malicious intent.”
But Facebook’s hands, it seems, are fine—at least until those security protocols are added to keep your private information, well, private.“Facebook is committed to making such private communications broadly available,” Sullivan told lawmakers.
This month, the staggering extent of Facebook’s data harvesting machine was laid bare by Apple’s new privacy warnings. Let’s spell this out—if you use a Facebook platform, if your data is traversing Facebook’s servers without an end-to-end security wrapper, then that data can be monitored, mined, collected. Even if you tell Facebook not to track your collection, the data giant finds a workaround.
Facebook has in the past warned users or the risks when messages are not end-to-end encrypted. But right now, only its limited “secret conversations” offers any such security. Meanwhile, WhatsApp says that it “built end-to-end encryption into our app [to secure] your messages, photos, videos, voice messages, documents, and calls from falling into the wrong hands.” WhatsApp is owned by Facebook. Enough said.
According to uber-secure Proton Mail, “the best way to protect data is to not have access to it at all. The benefit of using end-to-end encrypted services is that data can be kept safe even in the event of the inevitable data breach because the service provider itself does not have the ability to decrypt user data. In effect, it is impossible for hackers to steal something that the service itself does not possess.” This is simple stuff.
Whatever happens with the U.S. antitrust wrangling, it is looking increasingly likely that to protect WhatsApp’s security, Facebook may need to sacrifice plans to expand that level of security to Messenger (and Instagram). For the company to continue with its plans could, it seems, push lawmakers too far. With Messenger the security case is also more complex than with WhatsApp. Facebook Messenger can be accessed on multiple platforms and doesn’t require a cell phone number. As such it is much easier for children to access. This is a key argument for monitoring and safety controls.
All of which leaves users with a simple equation—if you value your security and privacy, stop using Facebook Messenger and switch to a default end-to-end encrypted alternative. There’s no reason not to, especially with WhatsApp’s even bigger user base. And for those even more security-minded, there’s Signal. Don’t ignore this issue and continue to use Messenger (or SMS, which is worse), without giving this serious thought.
