Facebook Messenger finally wants to make end-to-end encrypted the default

Facebook Messenger is testing ways to protect user privacy with a handful of new security features.

On Wednesday, the messaging platform announced it would begin testing "secure storage" of users' Messenger conversations on the company's server, so that users can still access their message history even if they've lost their device or want to restore message history on a new device. The company also said it would be expanding updates and tests on Messenger's preexisting end-to-end encrypted features and other security-related features.

Anytime Meta announces privacy or security developments is noteworthy, given the social media giant's shoddy track record. This rings especially true in light of Roe v. Wade being overturned and the lingering question of how Meta will protect its users' personal information and moderate abortion content on the platform.

Recently, Facebook complied with a search warrant to turn over private messages between a teenage girl and her mother who are now facing criminal charges for breaking the abortion laws in their state, Nebraska (the teen is being tried as an adult). In response, Meta issued a statement saying the warrants didn't mention abortion and that "court documents indicate that police were at that time investigating the alleged illegal burning and burial of a stillborn infant." Following the Supreme Court decision, Facebook began removing posts about abortion pills, and Media Matters reported that the social media platform allowed phony "abortion pill reversal" ads from anti-abortion organizations.

Currently, users' message history is stored on their own devices. Messenger's end-to-end encryption, which basically scrambles your messages in transit and unscrambles them for the receiver, is opt-in, which means that users must deliberately choose to activate it. With these new tests, users' message history would be be automatically end-to-end encrypted instead of opt-in, and that data would be securely backed up in Messenger's servers — also end-to-end encrypted, so Facebook can't access it there either. To access backups, users can create a PIN or generate a code. Meta does not have access to this PIN.

Making end-to-end encryption the default instead of opt-in could have a powerful impact, since most people don't opt-in and are unknowingly vulnerable. As Albert Fox Cahn explained to The Guardian regarding the case of the Nebraska teen and her mother, "True end-to-end encryption would have made it impossible for Facebook to hand over that data."

Other security features Messenger is testing include syncing deleted messages across all devices, the ability to unsend messages, a browser extension that verifies the authenticity of your web code, expanding end-to-end encrypted chat features to group chats and other countries, and removing vanish mode, a Snap-esque setting where messages are temporary. Messenger will keep the similar disappearing messages feature, since was built for end-to-end encrypted chats.

As of this week, Messenger will be testing secure storage on Android and iOS, but not yet on messenger.com, the desktop app, or chats are aren't encrypted. Users that are in the test group for default end-to-end encryption won't need to opt-in — and this will be the case for all users when the features goes live in 2023.

But even if everything is end-to-end encrypted, there's still the question of how Facebook storing your data on its servers sits with you. If the answer to that is "not well," there's always the option to opt out of Facebook altogether.