Meta Expands Test of End-to-End Encryption Features in Messenger

pcmag.com:

Meta is testing additional end-to-end encryption (E2EE) features in Facebook Messenger—and not just because it has been roundly criticized for not enabling these protections by default.

"We’re working hard to protect your personal messages and calls with end-to-end encryption by default on Messenger and Instagram," Meta says(Opens in a new window). "Today, we’re announcing our plans to test a new secure storage feature for backups of your end-to-end encrypted chats on Messenger, and more updates and tests to deliver the best experience on Messenger and Instagram."

The marquee change is the introduction of encrypted backups. Messenger currently stores E2EE messages on a single device; there is no way to access them on another device. (At least in theory.) This can be inconvenient for people who lose their primary device, but if the company had backed up the messages without encrypting them, Messenger users would be at risk.

That isn't a theoretical problem(Opens in a new window). Apple uses E2EE for iMessage, but many people choose to back up their message histories via iCloud. That backup isn't encrypted, so even though the messages rely on E2EE in transit, someone can access those messages via iCloud. Meta avoids that problem with Messenger by restricting E2EE messages to a single device.

Now the company is testing what it calls Secure Storage. This encrypted backup will allow people to recover their messages using the method of their choice—supplying a PIN or entering a generated code—if they lose access to their device. Meta says it will also let Messenger users back up their E2EE messages to "third-party cloud services," if they prefer.

"For example, for iOS devices you can use iCloud to store a secret key that