Facebook Messenger Chats Now Offer End-to-End Encryption

Facebook is finally capitalizing on the promise it first made back in July, of making conversations on Messenger completely encrypted. The platform isn’t the first to offer such a feature but is definitely among the most used ones, even if it doesn’t offer it in full glory.

The feature, dubbed Secret Conversations, is now available to the billion or so active users of Messenger, as confirmed by Wired. It is turned off by default so it requires turning on manually. It also doesn’t make every conversation that has occurred in the past encrypted.

How to Activate:

In the latest version of Messenger, you’ll see a new secret icon in the top right corner of the app. Tap that and you can start an encrypted chat. Existing conversations can also be converted to secret ones, by tapping their name at the top, and toggling the Secret Conversations option.

Encryption Tech:

Messenger uses the renowned Signal encryption system, developed by the nonprofit Open Whisper Systems, which has already been implemented in the privacy-centered Signal Private Messenger. That app has the blessings of none other than Edward Snowden.

Of course, both the users need to update to the latest version of Messenger to use the updated security feature so first make sure that is done. The conversations can only be carried out on a single device at a time.

Room For Improvement:

The functionality of these conversations is a bit more limited in comparison to normal ones, with GIFs and videos not supported, yet.

The feature was first tested in beta in public back in July and only now is it arriving to the all users.

Messenger isn’t the first platform to offer such privacy, as Signal, Telegram and Whatsapp among others have had it for long. Though, it is certainly among the most used messaging apps. That will happen of course if you trust Facebook with your privacy in the first place.

Facebook Messenger Now Offers End-to-End Encryption for Chats

Following the recent surge in demand for secure apps, Facebook is now offering a new end-to-end encryption mode on Messenger, called Secret Conversations. The mode is currently available for a few users and could be in for prime time later this summer.

The mode brings Messenger in equal standing with competitors like iMessage, BBM and Whatsapp who already offer end-to-end encryption. Facebook highlights health and financial information as potential avenues where it could be used. It is not totally secure, but at least it demands a more sophisticated attack.

The mode resides inside the Messenger app, requiring no further installs. It will only work on one unique device at a time, be it your phone, laptop or desktop which makes sense as messages will only appear on the devices they’re delivered to. It will be very limited in terms of features at first, not supporting GIFs, payments, videos or any other Messenger features. Secret Conversations also won’t be turned on by default.

Users can time their messages to self-destruct after an allotted period, allowing greater controls over privacy.

Facebook, which came recently under fire from users for supposedly making their shared links on Messenger easy for marketers to find, is releasing the feature as a way to appease some of the bad press.

With 900 million users under its pocket, Messenger could be highly successful in getting encryption to larger populations. That is, if Facebook can shed away the trust issues to begin with.

Viber added End-to-End Encryption & PIN Protected Hidden Chats Features in Update

Viber, the popular mobile messaging app announced Tuesday that it has added full end-to-end encryption for video, voice and text message services for its millions of users.

Here, the end-to-end encryption means only you and the person you are communicating with can read the content, and nobody in between, not even the company and if court orders company to provide user data, they will get only the heaps of encrypted data.

Viber is the latest messaging platform to join WhatsApp, Telegram, and Apple iMessage, who strengthened their default privacy features in recent times.

Founded in 2010 and acquired by Japanese e-commerce titan Rakuten for $900 Million in 2014, Viber is currently being used by more than 700 Million users globally across Android, iOS, Windows Phone, and desktop, the company claimed in a blog post published today.

The move comes just a couple of weeks after Facebook-owned Whatsapp messaging app implemented full end-to-end encryption by default for its one billion users.

Besides offering end-to-end encryption on all communication, the company will also provide a new PIN-protected hidden chat feature to help its users hide conversations from the main chat list, as well as Contact Authentication feature to verify contacts you're talking to.

All users need to update their app with the latest version of the company's software, Viber 6.0, take advantage of the features.Once installed, your Viber app will now show you a padlock in conversations to confirm that your one-to-one and group messages are end-to-end encrypted.

However, users will probably need to wait few weeks before everyone's app updates to add the new end-to-end encryption on Android and iOS.

In the wake of Apple’s months-long battle with the Federal Bureau of Investigation (FBI) over an iPhone used by a San Bernardino terrorist, it seems like end-to-end encryption has become a trend and you’ll continue to see this in more applications and services.

5 things Google has done for Privacy & Security

Over the past few years, Google has increasingly improved the online security and protections of its Gmail users.

Besides two-factor authentication and HTTPS, Google has added new tools and features to Gmail that ensures users security and privacy, preventing cyber criminals and intelligence agencies to hack email accounts.

1. Enhanced State-Sponsored Attack Warnings

Apple vs. FBI case urged every company to beef up the security parameters to prevent their services from not just hackers but also the law enforcement.

Google for a while now has the capability to identify government-backed hackers, and notify potentially affected Gmail users so they can take action as soon as possible.

Google recently announced on its blog post that it will alert Gmail users about the possibility of any state-sponsored attack by showing them a full-page warning with instructions about how to stay safe — very hard to miss or neglect.

Meanwhile, the company revealed that over 1 Million Gmail accounts may have been targeted by government-backed hackers so far.

Although Google has warned Gmail users of state-sponsored attackers since 2012, the company neither disclosed the exact number nor explained how it knows of such hacking attacks.

However, Google said that it knows who the targets are – the list often includes "activists, journalists, and policy-makers taking bold stands around the world."

2. SMTP Strict Transport Security (SMTP STS)

A new security feature dubbed "SMTP STS" has been on the bench of the Internet Engineering Task Force (IETF) to obtain a green signal.

This new email standard is developed in a joint effort by the engineers of top email services including Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development.

SMTP STS has been designed to enhance the email security by preventing Man-in-the-Middle (MitM) and encryption downgrade attacks that have compromised past efforts like STARTTLS at making SMTP a more secure protocol.

SMTP Strict Transport Security (SMTP STS) runs on top of the STARTTLS feature to strengthen SMTP standard.

SMTP STS will check if recipient supports SMTP STS and has valid and up-to-date encryption certificate. If everything goes well, it allows your message to go through. Otherwise, it will stop the email from sending and will notify you of the reason.

3. End-to-End Encryption (via Chrome Extension Only)

Google announced the End-To-End encryption for its users almost two years ago, but still, the novel feature is yet to release.

The idea is to develop a browser extension that ensures its users Privacy by implementing the complex, yet secure PGP (Pretty Good Privacy) encryption in an attempt to fully encrypt messages that even Google can not read, nor anyone else other than the users exchanging the emails.

With this goal in mind, the browser extension will let users create their private and public encryption keys within their browsers. The public key will be uploaded to Google's servers, while the private key will be stored locally in the browser.

How the End-to-End Chrome Extension Works:

When a user sends an email to the other user with a PGP key, his or her browser will automatically download the other user's public key from the server and encrypt the content of the email.

However, the work is still in progress, and the company has not revealed that when it is planning to release the browser extension.

Although Google made the source code for its End-to-End Chrome extension open source via GitHub almost a year ago, so that researchers can review it, the stable version is yet to release.

For now, you can try an alternative method to send encrypted emails. We have written a step-by-step tutorial article on how to send end-to-end encrypted emails to others.

If difficult, you can try a Swiss-based, ProtonMail, a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data safe.

4. Gmail's Red Padlock Alert

Previously there was no method to ensure whether the received email had been traversed via an encrypted channel or not, which could be subjected to scrambling or Man-in-the-Middle (MiTM) attacks.

But last month, Google introduced a security measure in Gmail service in the form of a small Red Padlock next to a sender's email address in an effort to highlight users if the message has been sent through an unencrypted channel.

If a Gmail user receives an email from other services that don't support TLS encryption, the feature gives warning by showing an open red lock next to the sender’s email address (as shown).

These unencrypted emails then went to spam, increasing Gmail security of its users.

5. Google Safe Browsing For A Quick Malware Check

One of Google's recent changes is the expansion of its 'Safe Browsing' notifications.

The malicious links spread via emails are an easy hit method to infect a large number of users after forcing them to visit malicious web pages controlled by hackers.

However, the Safe Browsing feature protects Gmail users by identifying potentially dangerous links in emails.

The automated agents in the mail scan the content of emails for spam and malware detection. And before opening the link, Gmail inspects the complete mail and prevents the user to open the malicious links in the main upon a quick scan.

The features that are being added by Google helps the privacy of Gmail users and stricken the email confidential policies.

FBI Directors Pleadge to Tech companies don't offer for End to End Encryption

FBI declared War against Encryption.

Encryption is defeating government intelligence agencies to detect terrorist activities and after the recent ISIS-linked terror attacks in Paris and California, the issue has once again become a political target in Washington.

Meanwhile, Kazakhstan plans to make it Mandatory for its Citizens to Install Internet Backdoor, allowing the government to intercept users' traffic to any secure website and access everything from web browsing history to usernames and passwords.

FBI: For God's Sake, Don't Use End-to-End Encryption

At a Senate hearing on Wednesday, FBI's Director James Comey called for tech companies currently providing users with end-to-end encryption to reconsider "their business model" and simply stop doing that, reported The Intercept.

Yes, instead of asking companies for a "backdoor" this time, Comey suggested them to adopt encryption techniques that help federal agencies intercept and turn over end-to-end encrypted communications when necessary.

"The government doesn't want a backdoor, but [it] hopes to get to a place where if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own the best way to do that," said Comey.

Comey: Keep Readable Version of Customers' Messages

End-to-end Encryption is a secure communication that encrypts the data on the sender's system before passing it to a company server. The company then passes the encrypted data to the intended recipient, who is the only person who can decrypt it.

Nobody in between, be an application service provider, an Internet service provider (ISP), hacker, or even law enforcement officials, can read the data or tamper with it.

However, Comey is asking for the technology companies to retain a readable version of that initial data, just in case the authorities need it.

"There are plenty of companies today that provide secure services to their customers and still comply with court orders," he said. "There are plenty of folks who make good phones [and] are able to unlock them in response to a court order."