Facebook has rolled out encrypted chat now, shortly after WhatsApp having done the same. They call it Secret Conversations (SC). It is based on the opensource Signal protocol developed by Open Whisper Systems (OWS).
OWS has their own encrypted chat app too, called Signal. It has some notable differences with the Facebook one, a major one being that Signal supports multiple people chatting all at the same time while SC only allows two. When you read below you will see that is a technical limitation imposed by FB. SC also does not allow for encrypted audio, but images sent over SC will be encrypted. Here we take a look at SC and at the Signal protocol.
Secret Conversations Encryption
SC runs inside the Facebook Messenger app. It does not work on the Facebook web page. One reason for that is SC uses a value that is unique to the hardware to calculate the user’s encryption key. Android and iOS devices are built with serial numbers that are unique to the device. That is not the case with PCs. Using that serial number to calculate an encryption key is also how Android and iOS disk encryption works.
Messages on FB are already encrypted at the transport layer, meaning SSL, just like encrypted web pages. But this encryption is different. This new encryption is actual PKI encryption such as you would have with encrypted email.
PKI works by both parties in a conversation presenting a key that uniquely identifies themselves. That private key is paired with a public key that the parties use to encrypt messages between them.
PKI only works between two people. A third person trying to read that traffic could not read it even if they stole someone’s key. So not even FB can read SC traffic when it passes through their computers.
Also what makes this encryption more secure is the key that identifies the parties are verified by a third party. So a hacker could not make up their own key and use that. In the case of FB, FB is that third party that issues and verifies the key.
SC Encryption Keys
SC uses several encryption keys. One is the Identity key. It uniquely identifies the user to FB. The others are session keys that are created on a rolling basis on the device and have a limited lifespan. So they timeout.
The Identity key is tied to one device. That device becomes the one and only one from which the user can run SC. If they want to use a different device then they pick a new Designated Device.
Conversations that were previously encrypted on another device cannot be read on the new Designated Device.
Also if someone loses their phone or it is stolen, someone else could not copy the data off the phone and read those messages. It only works when someone is logged into FB.
This whole system is secure enough that we can imagine terrorists and criminals will be using it and the American FBI will want access and perhaps file another lawsuit to gain that.
Criminals presumably would violate the FB terms of service which would cause FB to disable their key. Also users can report on other users such as with making threats or bullying to have their key disabled.
Facebook Under Fire, As Usual
There has been criticism of Facebook by not turning on encryption by default. FB is always under fire for issues related to privacy. Lawmakers and regulators have challenged the FB practice of requiring users to opt-out of features that intrude on privacy rather than making them specifically give their permission by opting in. Europeans regulators in particular want FB to follow the second option.
In this case, the criticism is that FB is not turning on encrypted chat by default. But this criticism of FB is not fair or warranted when you read how it works.
The company said, “Starting a secret conversation with someone is optional. That’s because many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone. Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”
Alex Stamos, the FB executive in charge of security, tweeted, “Hundreds of millions use Messenger from a web browser. No secure way to verify code or store keys without routing through mobile.”
For messaging to work across devices, FB would have to keep a copy of the key. That would subject them to hacking and government subpoenas. So they do not do that.
Unlike the Facebook app, Signal supports encrypted communications between more than one party at the same time. Reading their specs it is not clear why Open Signal can do that and FB either cannot or will not. You could deduce that doing this would require that each pair of persons in a chat issues session keys. But that would obviously make for a lot of session keys to generate as this is a geometric progression of powers of 2.
Like FB, Open Signal requires that a server be located between the two parties. Open Signal runs one of those. So it is not like server-less chat like Torchat.
For further reading, here are the technical details of SC written by FB.