Even though Messenger uses the same encryption technology as WhatsApp (Signal Protocol developed by Open Whisper Systems) to prevent snooping on conversations, it doesn’t promise full security as its adopted sibling.
In other words, the end-to-end encryption on WhatsApp ensures that no snooper, eavesdropper, law enforcement agency or even WhatsApp itself can peep into your conversations, the same technology doesn’t guarantee the same level of security on Messenger.
Why? Read on.
First, What’s End-to-End Encryption?
Before we delve into why Facebook Messenger is not as foolproof as WhatsApp, it is imperative to understand what is end-to-end encryption.
End-to-end encryption secures your messages with a lock and ensures that only you and the person you are communicating with can read those messages, and no one else. For every message that is sent, a unique key is generated that is needed to unlock and read those messages. As complicated as it may sound, but it all happens automatically without requiring the user to do anything about it.
Security: WhatsApp > Messenger
Despite the fact that the same technology powers end-to-end encryption on both WhatsApp and Messenger, the level of security on both the apps varies. WhatsApp is more secure and less prone to prying eyes than Messenger. There are a couple of reasons:
Firstly, WhatsApp offers full end-to-end encryption, by default, without requiring the user to do anything about it. This means that all the messages exchanged on WhatsApp can only be viewed by the sender and the recipient.
Messenger, which recently opted for end-to-end encryption, offers a limited encryption offering - and not full. This means that unlike WhatsApp that encrypts all messages by default, Messenger has an opt-in model that requires users to enable the encryption feature if they want a particular conversation to be read only on devices at either end of a conversation. (Users can also choose to set a timer to control the length of time each message that is sent remains visible within the conversation.)
So it means that only a particular set of messages can be encrypted (called, a secret conversation by Facebook) and not all, unlike in WhatsApp.
While many would argue that users can only have secret conversations to get the benefit of full end-to-end encryption on Messenger, it is to be noted that secret conversations are protected by a unique key, and therefore, can only be read on one device. This is because Facebook currently has no secure way to distribute that unique key across multiple devices.
And given that Messenger is used by people on multiple devices - both via the web and the app, it is not a wise idea to have all chats on Messenger as secret conversations. "Secret conversations can only be read on one device and we recognise that experience may not be right for everyone," Facebook said in a statement. In addition, secret conversations don’t currently support content like GIFs, videos, payments, and other popular Messenger features.
While WhatsApp is also used on the desktop (a device other than the phone), it routes that through mobile. The user syncs it by scanning a QR code with the phone and messages get mirrored on the browser.
But Facebook currently has no intention to do the same with Messenger. “That would fundamentally change the way everyone who already uses Messenger. We didn’t want to make such drastic changes to our user experience,” Motherboard quoted Tony Leach, product manager, Facebook Messenger, as saying.
Secondly, advertising is believed to be another reason that would stop Facebook from implementing full end-to-end encryption in Messenger. While Facebook cites a technical reason for Messenger to not have default encryption, it is also suspected that the company would not make it fully encrypted even if there was a way out. This is because it could adversely affect the company's revenue earned from advertising. Can Facebook afford to not know the user behaviour, choices, and preferences?
As WhatsApp is already ad-free, making it fully encrypted would not affect the company’s earnings.
End-to-end encryption, until a few years ago, was limited to a niche subculture, but it has now started to emerge as a wider trend getting attention from both users and companies. The technology is slowly coming under the radar of law enforcement agencies.