More users want encryption, but the transition can be complicated for messaging apps – Marketplace

End-to-end encryption is a way to keep messages private. Its sometimes used by apps, which basically turn those messages into unintelligible chunks of data as soon as a user hits Send.

The idea is that no one except sender and recipient can access that message. Not hackers, not third parties, not even the app platform itself. And you have to have special keys stored on an individual device to decrypt it.

But many messaging platforms dont have this kind of encryption, and some provide it only as an option.

Kimberly Adams of Marketplace Tech spoke with Matthew Green, a professor at the Johns Hopkins Information Security Institute, about why more apps dont have end-to-end encryption by default. The following is an edited transcript of their conversation.

Matthew Green: One of the problems is that that services like Facebook Messenger, theyre designed to work across multiple different devices, right? And getting all of that to work with encryption is hard because it means you have to have encryption keys delivered to all those different phones. Thats challenging. And then law enforcement and platform abuse teams, theyre worried that people will break laws, send abusive pictures and so on. And end-to-end encryption is very nerve-wracking for those interests because they cant see the images.

Kimberly Adams: From a design standpoint, does it matter when you add encryption to a messaging service?

Green: Yes, it makes much more sense to add encryption from the beginning. If you design a new messaging service and it has encryption right from the start, like Signal, for example, then its really easy to deploy that. You can figure out each time you add a new feature, you say, How does this fit into the encryption? How do I do things? In the other direction, when youre basically going backwards to a very popular service that already does not use encryption, adding encryption can be challenging because you have to think about all these features you support, like multiple devices, working on arbitrary web browsers, bots, things like that. Each of those services has to be adapted to use encryption. And thats why Facebook Messenger in particular Facebook is now deploying encryption across all of its existing services its taking them a long time to figure out all those details.

Adams: How does money factor into the encryption debate? Because, I mean, these messaging services could potentially provide a lot of useful user data that could be monetized or used to create targeted ads. And I imagine if you have really good end-to-end encryption, that ability to monetize that content theoretically goes away, right?

Green: My impression is that a lot of these advertising-supported networks like Google and Facebook, they have more user data about you than they know what to do with. So for them, theres actually kind of a balance where, hey, yes, we could have access to all your private conversations and thoughts. But we already have so much data, do we really want to be the people who are mining your private conversations to get that? And thats why I think so many of these providers, particularly Facebook, are moving to encryption, is they just dont need that private conversation data. They already have enough.

Adams: What do you see as the demand moving forward by users, at least, for encrypted messaging apps and services?

Green: Well, one of the things thats been amazing to me is over the last year or so I use this app called Signal, which is a great thing. And I get notifications saying, So-and-so is on Signal. And it used to be that so-and-so was some computer scientist or technical person I work with. And nowadays, so-and-so is my neighbor who I dont even think knows how to use a computer. The impression I get is that people genuinely feel that private messages should be private. And so I think that now they know that the older systems arent very private, theyre happy to switch to these newer technologies that doesnt cause them any controversy or any pain.

Adams: As somebody who studies this all the time, how have you noticed, sort of, the public perception and knowledge around issues of encryption change?

Green: Encryption used to be one of those science fiction things. Youd see it on TV, you know, Star Trek, or youd see it on cop shows occasionally. But it was always a criminal using encryption. I think that whats really changed is that encryption has gone from this thing that was mostly used by mobsters or the bad guys on TV to something that everyone just kind of takes for granted. And we understand why, right? Because were all carrying our entire lives around with us, all our private conversations on this little computer in our pocket. And we really, really are sensitive to the fact, even if not consciously, were sensitive to the fact that all of our private information could go so easily. And I think nowadays, the people who think about this stuff, they think about encryption as basically the only antidote against, you know, losing everything that you care about. And so encryption has gone from being kind of an exotic, dirty word, to just being a technology that is there and protects us.

You may have heard last week that Meta is testing new encryption features in its Messenger app. The company has said it would take years to add more secure encryption to Messenger by default.

Meta made the announcement after it complied with court orders and released chat histories between a Nebraska woman and her teenage daughter. The messages are allegedly about the daughter seeking abortion services more than 20 weeks into her pregnancy, which is illegal in that state.

Meta has said its decision to roll out additional encryption features in Messenger is not related to that court order.

If you want to know how to test that new end-to-end encryption feature on your Messenger app, The Verge has a handy summary.

But if youre in the market to try an app thats already encrypted, PC mag published its take on the best, most secure messaging apps of 2022.

Theyre in no specific order: WhatsApp, Telegram and a favorite here in Washington, D.C. Signal.

Originally posted here:
More users want encryption, but the transition can be complicated for messaging apps - Marketplace