
Facebook Messenger begins testing end-to-end encryption using Signal Protocol - mayneack
https://whispersystems.org/blog/facebook-messenger/
======
alva
From what is written, I understand this to mean that users can select this
feature for specific conversations. That not all messages are subject to this
encryption.

I am not usually one for paranoia, but is anyone else becoming more suspicious
about Facebooks motivations and involvement with gov? This feature is a
massive boost for intelligence services dealing with unsophisticated actors.
This reduces the haystack significantly, by users self flagging messages that
may be incriminating. Multi-millions of FB messages must be sent every day,
brute-forcing encryption on all of these is probably not possible. A small %
marked as 'secret conversation'? Much easier.

Why doesn't FB just apply encryption on all messages? Surely they have the
resources avail. Is it because this feature makes somebody else's job a lot
easier? If my suspicions are correct, what sort of threats would this pick up.
Are serious threats likely to use FB messages with 'secret conversation'
flagged to co-ordinate actions?

~~~
Techbrunch
Reasons from @alexstamos (CSO @ Facebook):

\- FBM is multi-device, and we'd like to see E2E usability improve to support
this. For now, pick one device and keys never leave it

\- Secret conversations don't currently support popular features like
searching message history, switching devices, voice/video, etc

\- Hundreds of millions use Messenger from a web browser. No secure way to
verify code or store keys without routing through mobile.

"We don't want to disrupt people's current experience."

Source: [https://twitter.com/alexstamos](https://twitter.com/alexstamos)

~~~
arximboldi

        Hundreds of millions use Messenger from a web browser.
        No secure way to verify code or store keys without 
        routing through mobile.
    

I wouldn't use the web version if they had not disabled Jabber access... and
then I could use OTR.

This trend makes me very sad... IM networks are getting more centralized as
ever. I don't feel thankful for this kind of development. End-to-end
encryption should not be a feature of the service provider, but the client.
The way this works with Whatsapp/FB/Google just requires us to believe that
their proprietary client is actually doing what it promises. And for me that I
don't have a smartphone they just don't even promise anything.

I just wish I could use XMPP or Matrix with my non-nerdy friends. There was
this time Google seemed to not be evil with GTalk/XMPP, but then... The
business cynicism that dominates this industry, allowing people to claim that
they "connect people" at the same time that they put everyone in digital
prisons, makes me really want to leave computing and go live in a cave.

~~~
rvense
I honestly find this centralization as worrying as mass surveillance itself.
I'm as afraid of the Facebooks of this world as I am of any government, and I
don't want all my communication locked in with one company.

This is why I will not use or recommend Signal. Moxie's anti-federation stance
is unacceptable to me. It's replacing one problem with another.

~~~
bogomipz
Can you elaborate on the "anti-federation" stance of Signal's creator? I'm not
familiar with this.

~~~
Arnt
You can't run your own signal server. All accounts use phone numbers in the
same namespace as ID, and all messages go from the phone to opensystems.org,
further on to google, and from google to the destination phone (with lots of
encryption being added and removed at various points). This has advantages
(it's difficult for the Man distinguish a received signal message from other
android notifications) but also disadvantage (moxie can do traffic analysis
and you can't do anything about it).

~~~
lorenzhs
You can totally run your own server for yourself and your friends:
[https://github.com/WhisperSystems/TextSecure-
Server](https://github.com/WhisperSystems/TextSecure-Server) (you'll have to
change the server's URL in the client's source as well and compile it
yourself, but that's really easy)

What you won't be able to do is federate with the official servers.

Oh, and there's also a WebSocket transport (used by the Desktop client) that
doesn't involve Google. That just doesn't provide a pleasant experience on
mobile.

~~~
eropple
_> you'll have to change the server's URL in the client's source as well and
compile it yourself, but that's really easy_

I'm sorry, but is this a joke? "To not use a centralized server that you can
neither audit nor trust, you have to _recompile the client, but that 's
easy_?"

This smacks of "oh, PGP for email is fiiiiiine." To say nothing of the
silliness of the inability to federate.

~~~
AckSyn
No, it's not a joke and you shouldn't treat it as such. Non-technical people
really shouldn't be whining that their "free service" doesn't cater to a
click-and-run crowd. The source is available to the public to create their
own, and changing a URL in the code is a single regex command away.

Don't casually disregard him because you or others can't understand basics of
doing what it takes to alter and run a service in your own private space.

~~~
eropple
I don't casually disregard him. I thoughtfully and with consideration
disregard him, and you as well. The idea that there is a priestly-class of
technical people and "non-technical people shouldn't whine" is silly. This is
not for technical people. This is _for_ non-technical people. I've been doing
this stuff for twenty years. But me being able to do it doesn't do a damned
thing to help the people who actually need help.

I don't need Signal to communicate with knowledgeable people. _We_ need
something to communicate with everyone else.

~~~
baudehlo
And yet the same argument has been made time and time again against SMTP.
Let's stand back for a second and understand why SMTP has stood the test of
time. Yes it has flaws that allow the "first contact" problem (ie spam). But
the people working on SMTP at least understand the weaknesses and advantages
of that.

------
Techbrunch
Reasons from not enabling it by default by @alexstamos (CSO @ Facebook):

\- FBM is multi-device, and we'd like to see E2E usability improve to support
this. For now, pick one device and keys never leave it

\- Secret conversations don't currently support popular features like
searching message history, switching devices, voice/video, etc

\- Hundreds of millions use Messenger from a web browser. No secure way to
verify code or store keys without routing through mobile.

"We don't want to disrupt people's current experience."

Source: [https://twitter.com/alexstamos](https://twitter.com/alexstamos)

~~~
moxie
Signal Protocol already supports multi-device. We've encouraged them to enable
that for Secret Conversations, and hopefully they'll continue to iterate
towards support for e2e by default.

~~~
nileshtrivedi
That's nice! :)

What did the OP mean by "No secure way to verify code or store keys (in web
browser) without routing through mobile" ?

~~~
pilif
There's no way for a site to securely store keys in the browser. The server
can't put them there because then the server would have them too. A client-
side script could generate them, but it can't store them without extensions
(or the server via some JS it sends) also having access to them.

This is why Signal and WhatsApp require the client to run on the phone - the
phones are doing the decryption for the web apps.

This is flaky, consumes a lot of battery and generally is somewhat error-prone
- probably not something FB wants to deal with.

~~~
nileshtrivedi
Server would have the keys _because_ the client-side code can send it to the
server. That's also possible in the native app, isn't it?

~~~
pilif
Yes. But let's assume FB doesn't want the keys (because if they have them,
then it's no longer E2E encryption), then client-side generated keys in a
browser are still exposed to XSS attacks and extensions.

Installing a malicious extension, tricking users into typing commands in the
developer tools, XSSing FB, all of these are much easier to do than attacking
a native app on a phone.

~~~
aianus
How is the possibility of XSS worse than the status quo (plaintext)? Thats
like saying SSL is useless on desktop because root kits and keyloggers exist
on desktop.

~~~
WorldMaker
A false sense of security can be more damaging than no sense of security.

Certainly it can be important to know when you have a "no compromises"
security option versus "mostly better than plaintext but maybe not secure".

It could be a UX judgment to not confuse users they have a "secure connection"
when in fact they might not. Look at all the various attempts over the years
browsers have made to keep the UX semi-reliable and easy for users to
understand whether or not their SSL connection is secure.

------
etiam
"End-To-End Encrypted ‘Secret Conversations’" in software that is ordinarily
used to harvest electronic phone books and rummage through user photos, from a
company that made its whole fortune trying to obliterate privacy as a part of
human culture?

It's going to be pretty high standards of proof to give this anything that
resembles credibility.

~~~
sweis
I am confident Facebook will meet your high standards when it comes to E2E
encryption for Messenger.

~~~
sweis
And we had some smart outside people review it:
[https://twitter.com/matthew_d_green/status/75140316340882636...](https://twitter.com/matthew_d_green/status/751403163408826368)

------
sigmar
This article doesn't mention it, but Facebook Messenger will be using the
Signal protocol: [https://whispersystems.org/blog/facebook-
messenger/](https://whispersystems.org/blog/facebook-messenger/)

also, here is the white paper (from the above post):
[https://fbnewsroomus.files.wordpress.com/2016/07/secret_conv...](https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf)

~~~
oluwie
I'm pretty sure (actually positively sure) the article mentions this.

~~~
lorenzhs
I think the mods merged two threads here, and the other article didn't mention
it

------
r2dnb
I've read the whole thread and I'm surprised that nobody mentionned how easy
it would be for Facebook to store the secret keys.

Page 10 of the white paper mentions that there is a remote key stored on
Facebook servers which can be used to decrypt the local key. If Facebook still
is to be trusted, I don't see what's the deal here.

I think that as soon as you put the words "end-to-end" encryption on a
marketing material, you have to be ready to open-source your client. This is
the cost that companies aiming to be credible can't escape.

End-to-end encryption without open-source has no value. It is a waste of
energy for the company doing that too - or perhaps a marketing cost.

~~~
jomamaxx
"End-to-end encryption without open-source has no value. "

Not quite.

It means nobody is going to be able to read your data other than:

A) A nefarious Facebook staffer who has hacked their internal systems

B) A government entity with a court order

It's a step up from no encryption

~~~
cyphar
> It means nobody is going to be able to read your data other than:

(Assuming it is properly implemented and doesn't have backdoors, which can
only be practically verified if the client is free software).

------
agd
It's worth remembering that this does not protect metadata. It's believed
(though not known for sure) that WhatsApp logs metadata for their encrypted
messages, and it looks like Facebook do the same here.

If you want to resist mass surveillance this is not a good solution.

~~~
wepple
I'd argue that WhatsApp and FBM adopting signal have been some of the highest-
impact movements toward resistance of mass surveillance, largely due to sheer
numbers and accessibility.

Sure, there is room for improvement, but having 0.000001% of t he population
using an ultra-secure messenger doesn't have the same impact.

And hopefully those improvements will happen in time.

~~~
agd
The point is that metadata is more valuable for mass surveillance purposes
than content. WhatsApp and FBM do nothing to protect metadata.

~~~
wepple
are you serious?

you're suggesting that the metadata of "alice messaged bob at 1:20am" is worth
more than "hey bob, I'm looking to have $100,000 laundered, same methods as
last time. I'll drop to the usual location. thanks, Alice."

~~~
Sylos
Well, yeah, without meta-data, you only know that _someone_ messaged _someone_
about laundering money. You have no clue who it is, so it's ultimately pretty
useless.

Whereas with just meta-data, you can still at least figure out who the guy is
talking to, even if you cannot figure out over this way that the guy is
laundering money.

~~~
Quiark
But the situation being compared is 'metadata' vs 'metadata + content'

------
SixSigma
I'm still sticking with the website version, thanks

[https://play.google.com/store/apps/details?id=com.facebook.o...](https://play.google.com/store/apps/details?id=com.facebook.orca&hl=en_GB)

Messenger, Facebook

This app has access to:

Identity

    
    
        find accounts on the device
        read your own contact card
        add or remove accounts
    

Contacts

    
    
        find accounts on the device
        read your contacts
        modify your contacts
    

Location

    
    
        precise location (GPS and network-based)
        approximate location (network-based)
    

SMS

    
    
        edit your text messages (SMS or MMS)
        receive text messages (SMS)
        send SMS messages
        read your text messages (SMS or MMS)
        receive text messages (MMS)
    

Phone

    
    
        read phone status and identity
        read call log
        directly call phone numbers
        reroute outgoing calls
    

Photos / Media / Files

    
    
        modify or delete the contents of your USB storage
        read the contents of your USB storage
    

Storage

    
    
        modify or delete the contents of your USB storage
        read the contents of your USB storage
    

Camera

    
    
        take pictures and videos
    

Microphone

    
    
        record audio
    

Wi-Fi connection information

    
    
        view Wi-Fi connections
    

Device ID & call information

    
    
        read phone status and identity
    

Other

    
    
        receive data from Internet
        download files without notification
        control vibration
        run at startup
        draw over other apps
        pair with Bluetooth devices
        send sticky broadcast
        create accounts and set passwords
        change network connectivity
        prevent device from sleeping
        install shortcuts
        read battery statistics
        read sync settings
        toggle sync on and off
        read Google service configuration
        view network connections
        change your audio settings
        full network access

~~~
StavrosK
I use Swipe for Facebook ever since they got rid of messages. It needs no
permission, and while the experience can't be as good as Messenger, it will at
least let me reply to the occasional message I receive.

I don't want to be encouraging Facebook's user-hostile moves, so I'll stop
using messages completely if they make my life hard enough, but Swipe is a
nice stopgap.

~~~
xufi
Coupled with how buggy its been on the iPhone platform since i got my phone I
don't use it at all

------
eyeareque
Moxie and team, bravo. You've made the snoopers jobs a whole lot harder.

Your goal of making encryption easy to use by the masses is coming come true.
It looks as if PGP's days are numbered.

~~~
StavrosK
> It looks as if PGP's days are numbered.

This seems gratuitously hostile (and, even worse, is irrelevant). PGP is a
very useful piece of software, and it does something completely different from
Signal, and I'm glad both exist.

~~~
justratsinacoat
>> It looks as if PGP's days are numbered

Comments like this are inevitable and represent Facebook's attempts to induce
us to route all of our communications though its platform. For the quoted
commenter, it's probably too late.

~~~
_yp
PGP has failed to provide "encryption for the masses".

~~~
cyphar
PGP fills a niche that OTR and Axolotl do not. It provides a bunch of
operations that are not supported by OTR (anything that requires signatures
that are verifiable by third parties). PGP is used by the masses (package
signatures and similar functions), it's just that they don't use PGP for
communication.

------
cdown
Here's the technical whitepaper:
[https://fbnewsroomus.files.wordpress.com/2016/07/secret_conv...](https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf)

------
eganist
I'm not immediately seeing any insight into whether this covers conversations
initiated in-browser. If this does exist, it'd be interesting to see how
they've tackled the security of crypto logic in-browser and compare it to what
Cyph has in place for in-browser code signing.

Reading the technical docs now
([https://fbnewsroomus.files.wordpress.com/2016/07/secret_conv...](https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf)).

 _Edit:_ Yep, this seems device-to-device; there doesn't seem to be a web
component here. Still useful given how many people use messenger primarily via
phone, and I suspect implementation wasn't hard given WhatsApp did it first.
It would be neat to see if Messenger and WhatsApp are ever bridged through
this.

~~~
evgen
Device to device. As you are aware, doing this in a browser in a manner that
is not begging for failure is next to impossible.

~~~
Omnipresent
Could you elaborate on why applying signal protocal in a browser is next to
impossible?

~~~
eganist
Well, the keywords there are _next to._ Like @remy_ implied, you need a
mechanism for guaranteeing that the logic you're executing in-browser is
protected from server compromise. That's where the Cyph example came in, since
as far as I can tell, Cyph is the team to have hacked together a solution to
that dilemma, though Cyph also is not using the Signal Protocol right now.

Anyway, there's an upcoming defcon talk which'll lightly touch on how web
standards were mangled and viciously abused to make that happen, but since the
talk is deliberately not vendor-specific, the focus on it will be brief.
Disclaimer on my end is that I was involved in the initial review of their
code-signing implementation.
[https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Za...](https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Zadegan)

~~~
DenisM
What is the difference between compromising a web server that serves js
library vs the one that serves device-native app binary?

This always s gets brought up when discussing in-browser crypto and could
never get a satisfactory answer.

~~~
eganist
For one, device-native binaries have to be signed in order to actually run on
the phone (well, without introducing some other tweak such as explicitly
permitting unsigned applications).

Implementing this with JS is far, far, far more difficult, and the only
solution known (touched on in my other comments) still pisses people off
because it's running in a web context that, if improperly mitigated, can still
facilitate disruption via code injection i.e. XSS.

That said, we're all conveniently ignoring the fact that all of this assumes
that the devices themselves haven't been owned. If you think you're a target
of entities capable of getting into a fully patched phone, you've got bigger
problems.

~~~
DenisM
So this is "whomever is signing the app gets compromised" vs "whomever is
hosting js gets compromised". Right?

Facebook could afford a security team just as capable as Apples security team,
and make sure the js server remains secure. And if they can't, their own
signing procedure can get compromised before the app is uploaded to Apple for
review.

I'm still not seeing the difference. Anyone?

------
jalami
If the messenger is not open sourced, it's trivial for Facebook to add
something to the client binary (now, with a flag or at some later date) before
the Signal libraries are hit. I'm not saying they are doing so, but without a
clear way to verify continually, this is just short of security theater. Then
there's Facebook facilitating the key exchange which of course is another
blind trust as well as all the juicy meta data. Maybe this will quiet some of
the nerves of privacy conscious individuals already on the network, but it
seems to me more like a marketing label.

I still find it hard to believe so many people trust what they believe to be
private communication with close-lipped advertisement companies.

------
ge0rg
Now that the Signal Protocol is deployed in so many different places, is there
a proper specification of the (current) protocol? (The old axolotl spec and
the GPL implementation don't qualify)

What are the licensing conditions / restrictions for using the protocol?

~~~
uph
[https://github.com/whispersystems/libsignal-
protocol-c#licen...](https://github.com/whispersystems/libsignal-
protocol-c#license)

~~~
ge0rg
Sorry, but an implementation is not a specification. It is not only much
harder to read, but it is also a moving target. It is borderline impossible to
make an independent implementation of the protocol this way.

Besides, the fact that it is licensed under the GPL might mean that somebody
porting the protocol to a different platform / language might be creating a
"derived work" which also must be licensed under the GPL.

------
grandalf
While this is a great step, let's not forget that all FB has to do is track
who chooses to use encryption and it can easily use that metadata to aid law
enforcement.

------
AdmiralAsshat
Genuinely thrilled to see the Signal protocol adopted for Facebook and Google
stuff (albeit optionally). Now if we can just get Microsoft and Amazon to hop
on-board, we might actually have a shot at getting this standard to be
pervasive.

------
marak830
Last I heard, didn't their messenger app pull a ton of not required
permissions on Android?

~~~
jmme
The Messenger app has Android M permissions model now. you can say no to all
of the prompts if you want. I have all of Camera, Contacts, Location,
Microphone, Phone, SMS, and Storage permissions disabled.

~~~
marak830
Except my phone does not have the update yet (note 3). I really need to root
this sucker.

------
jswny
As much as this is a step in the right direction, you have to specifically
enable encryption for individual conversations in Messenger. This
implementation seems a little sketchy to me. They really should just encrypt
every conversation automatically. Otherwise, encryption only encourages
scrutiny.

~~~
soapdog
If they end-to-end encryption all the conversations then they won't be able to
mine all that data for advertising purposes...

~~~
jswny
True, however my point would be that when you have to selectively enable
encryption, it only allows the government to more quickly find out who they
consider suspect.

------
shmapf
I've been wondering about this for a while.

Now both whatsapp and Facebook have this, but surely they have the encryption
keys too, or how else would they seamlessly fetch your messages and decrypt
them when you get a new phone?

If they do, then what's the point?

~~~
danielschonfeld
I don't know about either anything factual, but I believe it was said that
WhatsApp crux in the e2e is the iCloud backup. I believe that's where your old
message get restored from.

I believe you can also disable that iCloud backup and thus the ability to
retrieve those messages with a new phone.

End-to-End means encrypted in transport and not saved (in any form that is
decryptable) on their servers. To that, I believe whatsapp fulfills their end
of the bargain.

------
znpy
When it was still possible to use the Facebook chat via XMPP I used to use
Pidgin as client, and chat securely using the Pidgin OTR plugin.

Message appeared in the Facebook page as "encrypted message".

I guess you hardly can get better than this.

------
em3rgent0rdr
I'll use if could communicate with non-Facebook programs implementing Signal
protocol.

~~~
em3rgent0rdr
I've found the blog post where moxie argues against federation:

[https://whispersystems.org/blog/the-ecosystem-is-
moving/](https://whispersystems.org/blog/the-ecosystem-is-moving/)

"One of the controversial things we did with Signal early on was to build it
as an unfederated service. Nothing about any of the protocols we've developed
requires centralization; it's entirely possible to build a federated Signal
Protocol based messenger, but I no longer believe that it is possible to build
a competitive federated messenger at all."

------
em3rgent0rdr
How can I verify my device is indeed running the signal protocol? Messenger is
a proprietary app.

~~~
evgen
If you need to ask this question then you don't have the skills to verify that
your device is running a secure protocol even if I handed you the source code.
There are people out there who do have the skills, and you can be certain that
they will be reverse-engineering the distributed binaries as soon as possible.
I would be extremely surprised if there was not a lightning talks or two at
DefCon or BH this year going over the actual on-device code and how closely it
hews to the known protocol.

~~~
moxie
We've verified that FBM is using the unmodified open source Signal Protocol
libraries we distribute at open whisper systems. Hopefully others will verify
the same!

~~~
em3rgent0rdr
OK, I'll wait for independent verification, thanks!

~~~
wmccullough
I'd pretty much call the creator of the Signal protocol an independent
verification. It's not like he's employed by Facebook.

------
myf
dumb question: how do we (know|prove) a message is encrypted with signal when
we use facebook, google allo etc. etc.

------
anotheryou
I'd be very glad. I keep facebook for the people who don't have any proper IM
(and for the in my view much more legit micro blogging on FB).

I'm scared of what will be possible to extract from my chat logs in a few
years, but the benefit of being able to IM people that only have FB feels
greater right now.

Biggest problem I see so far is the multiple devices issue, but for most it
will be just Desktop and Mobile, so why can't you send each message twice,
encrypted separately for each device (automatically, not manually)? Does OTR3
have this feature?

------
dang
A user complained that the title was misleading compared to
[https://newsroom.fb.com/news/2016/07/messenger-starts-
testin...](https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-
to-end-encryption-with-secret-conversations/), so we replaced "deploys" with
"begins testing" above. If someone suggests a better (i.e. more accurate and
neutral) title, we can change it again.

------
amq
I would still use other means of communication for something really private
until this becomes the default, because by opting-in I would essentially mark
myself as suspicious.

------
secfirstmd
I wonder by "end-to-end" do they mean they will be implementing Signal
Protocol, that would be a pretty awesome increase in security (for most
peoples threat models)...WhisperSystems are genuinely amazing at what they do,
they have like less than 5 staff and very little budget but they are literally
saving hundreds if not thousands of lives. Any chance some rich HN member will
recognise this and open up the chequebook to OWS?

~~~
Frank2312
Looks like it is :
[https://news.ycombinator.com/item?id=12055375](https://news.ycombinator.com/item?id=12055375)

------
jsn117
Facebook still keeps the messages, and uses the App to track you. Unless the
Signal protocol is against FB itself, I don't see how this is news.

------
uola
One thing I don't understand how Signal implemented by platform providers is
supposed to work with lawful interception? Either it doesn't work, in which
case we expect law enforcement to just give up the right to wiretap things
with a warrant (which seems unlikely) or it does work and is less private than
one would expect.

~~~
evgen
It does not support interception, and LEOs are going to have to learn to live
with just metadata or use targetted attacks to compromise endpoints.

~~~
uola
I find that very unlikely in the long run. As long as you there's a company to
put pressure on it will happen sooner or later.

------
birdmanjeremy
If this is why they are pushing me away from using messenger in the mobile
browser, I'm suddenly way less upset.

------
curiousgal
I downloaded Signal only to find out it doesn't support phones with dual SIM
cards when sending unsecured SMS.

------
Sir_Substance
That's great! Since they're thinking of rolling out a (relatively) standard
protocol, maybe we could have the ability to message our friends on facebook
from other services again?

Ya know, now that it won't be such a pain to support another protocol and all,
since they're doing it anyway.

------
akerro
So what. It's metadata that counts.

------
sandstrom
Awesome news!

They should call it 'private conversations' instead of 'secret conversations'
though.

------
Tharkun
This is worse than useless as it doesn't encrypt browser initiated messages
and doesn't work cross device. It's yet another attempt to force FB users to
switch to the very shady FB Messenger app. I'm still not touching it with a
ten foot pole.

------
em3rgent0rdr
Ill try Facebook messenger on emulated android without a google account. Not a
chance that I share all my phone contacts and everything else in permissions,
simply so I can talk privately with my friends that are stuck in Facebook.

~~~
cm3
Can't you use a phone-only google account which you otherwise don't use for
anything else? I haven't used Android, but would you be able to use your real
email account in K9, while using a dummy account for the device itself?

~~~
em3rgent0rdr
> Can't you use a phone-only google account which you otherwise don't use for
> anything else?

Yes, good point!

> I haven't used Android, but would you be able to use your real email account
> in K9, while using a dummy account for the device itself?

The problem is that would prevent me from utilizing my android's contact list
when emailing. When someone texts me, I like to easily click the name and then
click on that contact's email address, which routes me to K9.

But your suggested has md thinking that since newer androids support multi-
users, I could setup a separate account on my android specifically for
Facebook messenger.

~~~
em3rgent0rdr
Tried it out...works!

------
free2rhyme214
Facebook took the same route as Google by providing secret conversations.
However you look at this, this is a good step in the right direction. I still
prefer Whatsapp and Signal because they both use E2E encryption by default.

------
hatsunearu
End to End as in from Facebook user to Facebook user?

This is insane--I thought the whole model of Facebook chat was that they are
grabbing all sorts of info from the messages for ads. What the fuck?

------
kalsk
How susceptible is this Signal Protocol to a man-in-the-middle attack? Because
if Facebook is going to be the man in the middle, then this feature is
pointless.

~~~
xnull2guest
Here Facebook isn't even a man-in-the-middle. They are a 'man-on-the-box'.
They get to generate the nonces, keys, etc.

It's pointless to add encryption if Facebook is your root of trust.

------
DavidWanjiru
Me, if I was working at Facebook, I'd have called it "Private Conversations."
But hey, what's in a name?

------
justcommenting
Kudos to moxie for building free alternatives that people (Signal) and
companies (Signal Protocol) can freely choose.

------
dylanops
Telegram needs you to opt in too, I though?

~~~
schlowmo
Kind of, but you can only "opt-in" by using so called "secure chats". From
their FAQ at [https://telegram.org/faq#q-so-how-do-you-encrypt-
data](https://telegram.org/faq#q-so-how-do-you-encrypt-data):

"We support two layers of secure encryption. Server-client encryption is used
in Cloud Chats (private and group chats), Secret Chats use an additional layer
of client-client encryption."

It seems like many people (especially users/advocates of telegram) are
confused by this, since telegrams marketing sounds like it's fully end-to-end
encrypted.

------
thefastlane
what's the difference between

\- Messenger

\- plain vanilla messages i get in Facebook web site

\- 'chat' messages, were I to turn on 'chat' in Facebook web site

i'm not asking rhetorically. i honestly can't keep up with all the messaging
avenues availabale today...

~~~
evgen
In theory they are the same, but with this recent release there is now a class
of messages that are send device-to-device and cannot be viewed via the web
interface.

------
awqrre
But the Facebook app and Android still have access to unencrypted messages ...

------
calinet6
_Can 't stop the Signal._

Cute.

------
jswny
I'm really skeptical about this. First of all, Facebook collects more user
data than just about any company out there. They make most of their money off
of advertising and harvesting user data and metadata. Facebook is just about
the last company I'd trust to encrypt data of mine. It's like them saying,
"hey, I know we make most of our revenue off of collecting user data but I
think we should throw away a huge portion of that."

Additionally, from what I've gathered, they are going to role this out so that
you have to specifically tell Messenger you want to encrypt a chat. Why would
they not just make encryption universal? If anything, this makes it __even
easier __for the government or other entities to target "suspicious activity."
I'm far too skeptical of Facebook and how they are going about this whole
process to be happy about it.

~~~
evgen
It is opt in because there is a huge base of users who use Messenger via the
web, and trying to do E2E in that environment is a fool's errand. If you had
ever tried to deliver a crypto improvement to an actual shipping product I am
sure you would know what sort of limitations one needs to operate within, but
please feel free to continue risking other people's lives for the sake of
feeling smug in your ignorant dismissal of this effort.

~~~
justratsinacoat
>but please feel free to continue risking other people's lives for the sake of
feeling smug in your ignorant dismissal of this effort

OK, I'll bite. How does this commenter's opinion (which is, to be clear, that
the feature does not make him/her happy) risk the actual lives of other
conscious, living humans?

~~~
evgen
I replied above, but there are few communication tools with such a wide
userbase that have forward-secrecy and similar strong E2E crypto built in and
available. People die because of what they post to Facebook or what they send
in Messenger, I know this for a fact. With E2E security locked to devices it
means that in the few seconds it takes me to wipe my phone while someone is
knocking on the door with a gun then the other party to the conversation is
not going to be compromised. Is that sufficient?

~~~
justratsinacoat
A totally satisfying explanation! I apologize, you had every right to invoke
the risking of lives. However, I hope your hopefully hypothetical dissident
who is saying the things that cause armed men to knock knows to avoid Facebook
altogether (you know, that company predicated on watching the things that you
do and turning that knowledge into actionable data in exchange for money).
Failing to do that is indeed an existential risk if one thinks one's speech is
that threatening to $AUTHORITY_IN_BED_WITH_FB.

I'll admit, too, that my reaction to your statements is colored by my other
comment in this thread, which consists of being shirty about a dude who
pontificated about PGP being unnecessary because of FB's new feature, which of
course is ridiculous. Lives wouldn't be being lost, I reasoned, because only
the foolhardy and unprepared dissident uses a surveillance network to organize
dissent.

~~~
evgen
As a former FB employee I can empathize with the desire to avoid the mass data
trawling that is involved in using the product, but having seen things from
the inside I also know that people working there really, honestly do have
users best interests at heart. During my tenure I worked on the effort to
create Tor hidden nodes so that people could use FB via secure channels and
watched the E2E effort go from Alec's wild idea to an actual product ready to
ship. There are risks in using any centralized service, but having also poured
almost a decade of money and sweat into an actual secure service only to see
it wither because most people really didn't care I have finally come around to
the idea that the efforts which will have the most long-term impact are the
ones that subvert a popular service into providing the sort of security and
privacy from government agencies that we all hope to eventually see. At some
point you have to decide who is a greater threat, and FB doesn't have an army
and really does try to do their best to resist overly-broad efforts by LEOs to
gain access to user data. I understand why you would have absolutely no reason
to believe any of this, but those of us who spent a bit of time toiling away
inside will still keep trying to fight the good fight to deliver what people
really need even if we have to put it in a sometime unpleasant wrapper.

~~~
justratsinacoat
>As a former FB employee

Oh shit, sorry dude D:

>I understand why you would have absolutely no reason to believe any of this

Well, it's not really that. Most serious tech-folk have realistic conceptions
of privacy issues (he said in a comment on HN, but whatever), and your
response above shows that you likely do, too. The controlling suits, however,
typically have different priorities. Thanks for your response!

------
eps
Is this some sort of elborate trolling?

Can an exact match for a FB-provided binary be recreated from the open source
code? If it's a No, then it's back to trusting FB to do the right thing and it
doesn't make a slightest difference what exact protocol it's running or if the
source was peer-reviewed behind closed doors.

~~~
evgen
As moxie has stated elsehwere in the comments here, they have confirmed that
Messenger is using their open-source libs and I am sure that other people will
do a bit of disassembly on the on-device binaries to confirm this fact.

~~~
abcd_f
It makes no difference what moxie said or seen.

Facebook may have an offshore account set up for moxie, they may simply be
showing alternative source, they may have a rigged build system that builds
from the patched source, etc. Seeing the source is the first necessary step to
establishing any sort of real trust in a compiled binary.

You are also gravely mistaken in thinking that other people will take apart
the binaries. It took several years for someone to try and verify a TrueCrypt
build, which has a far more technical and privacy-minded following than the
Facebook app. And even if some altruistic soul will do a binary audit of
Messenger, it's all for naught as it's not a sustainable process. Every build
needs to be verifiable _and_ the source needs to be routinely peer reviewed
for the binaries to be trustworthy. Doubly so in the Facebook's case given the
very nature of their business.

~~~
wmccullough
While I agree that we cannot simply take anyone at their word, your example of
how the alternative could be pulled off is nothing short of Reynold's wrapped
goodness.

------
danesparza
So ... no comment on the choice of picture in the blog post? I hadn't heard of
Jules Bonnot, but found the wikipedia article illuminating:
[https://en.wikipedia.org/wiki/Jules_Bonnot](https://en.wikipedia.org/wiki/Jules_Bonnot)

This seems like it's a subtle endorsement for using Open Whisper Systems for
criminal activities. Is it just me, or does that seem like the wrong image to
gravitate towards?

~~~
roflc0ptic
Moxie Marlinspike, public face of Open Whisper Systems, identifies with
anarchism. They include political radicals in most of their images of the
application. It's not promoting criminality, except insofar as opposing state
repression is criminal. Opposing state repression is the raison d'etre of OWS.
I can't speak for them, but I suspect the fact that they're using software to
do it is a secondary consideration.

------
xnull2guest
Yeah no thanks. I don't trust Facebook with anything. I consider any software
touched by Facebook backdoored.

They deserve that reputation.

