The social network that launched a thousand privacy scares is giving you a way to send messages so private that neither the company nor anybody but your correspondent can decrypt and read them.
The catch: If you switch to this more secure mode, every message you encrypt runs the risk of self-destructing — even if you don’t want it to. But that could be a worthwhile tradeoff for knowing that your messages can’t be read by anybody but the recipient.
The social network has never offered that option before, although
How it works
First you’ll need the latest version of Facebook Messenger for Android or iOS; they’re the only ones that support Secret Conversations right now.
Then you’ll need a strong sense of which mobile device you will keep around for a while and keep secure — you can only enable encryption on a single phone or tablet, and anybody who can unlock it can read your secret chats.
Once the recipient designates a phone or tablet as their encrypted device, you’ll open a separate thread in which your messages appear in black bubbles instead of the usual blue.
What you won’t see is a request to generate an encryption key, exchange it with correspondents or do any of the other chores associated with
Facebook only gets an “identity key” confirming that you are you;
Facebook built this function using
A Secret Conversation can include photos, emoji, thumbs-up Likes and stickers, but not voice calls, video or group conversations.
You can also set a message to self-destruct after it’s been viewed — your options range from 5 seconds to a day — by tapping the clock icon to its right. A clock will count down on both devices, after which the message vanishes … unless the recipient takes a screenshot of it.
Note that you’ll keep sending self-destructing messages to this person unless you tap the clock icon again and switch the timer to “Off.”
Issues and limitations
Facebook’s Secret Conversation is vastly easier than other encrypted options — and has the virtue of coming in an app that, as Facebook just bragged,
(Security-minded Facebook friends, come at me.)
Unfortunately, Secret Conversations are chained to one device in a way that other encryption setups — including WhatsApp’s — are not. Enabling the app on a new device wipes previous encrypted messages off the old one, and even
“It’s not an unavoidable limit. It’s just that adding multiple devices adds a lot of complexity,” explained
For example, while
“Generally you don’t want to share the same key across multiple devices,” Green wrote (confession, we didn’t bother to PGP-encrypt our e-mails). “You want to have different devices with different keys, and then add or remove them from the identity that is ‘you’ so that they can receive messages from a sender.”
Adding encryption to the popular web version of Messenger would be even harder, as
All these hangups should explain why Facebook hasn’t made encrypted messaging the default — users would rebel at finding themselves cut off from chats.
But even though “Secret Conversations” is only optional, Facebook has put secure encryption in the hands of hundreds of millions of more people. That’s something politicians should think about before