Industry News

Finally everyone can encrypt their Facebook conversations. Here’s how

If you use Facebook Messenger, take a moment to ensure that you are running the latest version of the app on your Android or iOS devices. It’s important.

The reason why it matters so much as is that Facebook has finally finished rolling out “Secret Conversations” to their billion-or-so users, making it the biggest end-to-end encrypted messaging network on the internet.

As we have explained before, the great thing about end-to-end encryption is that your conversations are private. Really private.

Facebook can’t read them. Hackers and law enforcement agencies can’t intercept them.

The only people who should be able to read end-to-encrypted messages are you and the other person you intended to receive the message. You can even set a timer on the conversation, deciding how long each message will remain visible inside the chat service.secret-1

That’s the good news about Facebook’s Secret Conversations.

The bad news is that unlike other end-to-end encrypted chat systems like Signal, Apple iMessage or WhatsApp, Facebook forces you to choose to opt-in to Secret Conversations each and every time.

And, as you can probably guess, most people are either going to be ignorant of the importance of encrypting conversations or simply too lazy to do that. And, of course, if your friends aren’t running the latest version of the Facebook Messenger app you’re not going to be able to have a Secret Conversation with them.

One would have hoped that Facebook would have enabled end-to-end encryption by default. Here is hoping it will in the future, as concerns grow about overreaching law enforcement agencies and oppressive regimes snooping on innocent people’s communications.

My guess, however, is that Facebook may not have enabled end-to-end encryption by default in order to avoid getting into a direct fight with law enforcement agencies who make time a dim view of conversations being beyond their reach.

In the meantime, here is how you can encrypt your Facebook messages:

1. Open Facebook Messenger. You’re greeted with a list of recent conversations you have had. If you have had any encrypted conversations in the past you should see a small black padlock icon next to your friend’s avatar. If you don’t, well… let’s make sure you fix that in future Facebook Messenger conversations!


Tap on the compose new message icon in the top right of your screen.

You should be presented with a list of your Facebook Messenger contacts.secret-3

2. Tap Secret, and select the person who you wish to send an encrypted message. If they are not running a version of Facebook Messenger which supports end-to-end encryption you will not be able to send them an encrypted message.

3. Enter your message in the normal fashion.


4.Easy wasn’t it? If you like you can set a timer to have your messages self-destruct after a period of time.


About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment
  • Question now, is will Facebook store these communications on their servers the way they do with WhatsApp. If so, these communications can be requested by government agencies in the US from Facebook's servers unlike Signal which only keeps a few tidbits of information and no message content or metadata. Point to point encryption is great, but not when implemented with a dark backup solution the user may or may not be aware of.