Why You Should Stop Using Facebook Messenger

0 37
Avatar for Aduk
Written by
4 years ago

SOPA IMAGES/LIGHTROCKET VIA GETTY IMAGES

If you’re one of the hundreds of millions using Facebook Messenger, then now would be a good time to think about alternatives. While the platform heralded a major security update this week, with the addition of biometric device locks on iOS, the sad truth is that Messenger is seriously lacking on the security front. And this is a problem which is both getting worse and which Facebook cannot easily fix.

[bad iframe src]

In announcing its latest feature updates, Facebook told users that “privacy is at the heart of Messenger—where you can be yourself with the people who matter most to you.” The company said that App Lock would “add another layer of security to your private messages to help prevent other people accessing them.” Unfortunately, this update is akin to adding extra locks to the front door of a bank, while leaving the vault wide open. It’s peripheral at best. There are now alternatives that offer most of the same functionality without the risks. It’s time to switch.

So, what’s the problem. In a word—encryption. Don’t take my word for it—Facebook itself warns users of the risks when messages are not end-to-end encrypted. This security measure, the company admits, would mitigate the compromise of server and networking infrastructure used by Messenger—Facebook’s included.” The company issued that warning in 2017, when introducing its “secret conversations.”

Zero width embed

Secret conversations enable opt-in end-to-end encryption for specific person-to-person Messenger chats, not for groups and not by default. “A secret conversation in Messenger is end-to-end encrypted and intended just for you and the person you’re talking to,” Facebook says, implying that messages which are not “secret” risk being accessed by more than “just you and the person you’re talking to.”

Facebook has created a serious problem for itself with Messenger. The company has become the world’s leading advocate for end-to-end encryption, even CEO Mark Zuckerberg has personally lauded its benefits. But the company has also admitted that the technical complexities of adding this level of security to Messenger will take years. So—you’re not as secure as you should be, but if you can just hang on a few years, we’ll be sure to get that sorted for you. Really?

Zero width embed

Just look at WhatsApp’s explanation for why it’s needed: “Some of your most personal moments are shared with WhatsApp,” it says, “which is why we built end-to-end encryption into our app. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.” WhatsApp is of course owned by Facebook. Enough said.

This issues aren’t limited to Facebook Messenger, of course. SMS messaging is even worse. But that has become fairly well understood now. The straightforward advice is to stop using SMS if possible. Apple’s iMessage and Google’s rumoured encryption plans for RCS—an SMS replacement—both provide an end-to-end encryption update option for SMS, still the world’s most pervasive mobile messaging platform.

But Messenger has more than a billion users—and unlike SMS it presents as an updated and fully featured alternative to legacy messaging. “Users choosing to communicate via Messenger must understand the real threat to their information within such apps,” warns ESET cybersecurity guru Jake Moore. “Although many may think the content in their messages isn’t personal, the real issue is that any information on you is open to abuse in the wrong hands.”

If you have any doubts, take a look at Twitter’s recent public shaming. No-one should be surprised at Twitter’s admission that the recent hack of more than 100 users also tapped into private messages for 36 accounts. Twitter DMs are not end-to-end encrypted—just like Messenger, it’s been stuck on the roadmap for years.

Zero width embed

Twitter is not a private messaging platform—its volume of DMs is a fraction of those sent over Messenger. But take it as a warning. “After the recent complications with Twitter,” Moore says, “it highlights once again the importance of end-to-end encrypted messages and privacy focused messaging platforms.”

The Twitter attack specifically framed the vulnerability when a platform holds the keys to decrypt your private conversations. They may use those keys if asked by law enforcement, but there is also a risk that rogue or tricked employees may do the same. Facebook told me that “our servers are only in a handful of countries that have strong rule of law. We also have strong data protections and safeguards in place that secures data at rest and restricts employee access to message content.”

But, as uber-secure ProtonMail points out, “the best way to protect data is to not have access to it at all. The benefit of using end-to-end encrypted services is that data can be kept safe even in the event of the inevitable data breach because the service provider itself does not have the ability to decrypt user data. In effect, it is impossible for hackers to steal something that the service itself does not possess.”

There’s a warning in there for even the more secure messaging apps. Apple and Google messaging back-ups are not end-to-end encrypted, they basically store a copy of your phone’s decrypted data. And when you use the current WhatsApp cloud back-up feature, you run that same risk—this, though, is now being fixed.

1
$ 0.00
Sponsors of Aduk
empty
empty
empty
Avatar for Aduk
Written by
4 years ago

Comments