The battle over your online privacy could get a lot messier very soon.
Buzzfeed obtained and reported on an early draft of an open letter to Facebook signed by several US, UK, and Australian lawmakers, urging the company to delay its plans to implement end-to-end message encryption for Facebook Messenger, Instagram DMs, and WhatsApp until it has consulted with governments and law-enforcement agencies. The goal of the letter is to get Facebook to engineer its planned encryption features in such a way that it would allow governments full “backdoor” access to user message data should they require it for an investigation.
So what does this mean for users? Tentatively, not much. In a statement responding to the open letter, Facebook states it has no intention of abandoning or changing its encryption plans, and criticized the lawmakers’ call for legal loopholes to be added. So, for now at least, we can still expect to see end-to-end encryption on Facebook’s messaging services, but that could change if multiple countries ramp up legal pressure on Facebook.
But—requests for governmental backdoors aside—do these lawmakers have a point?
While the letter acknowledges Facebook’s vigilant removal of dangerous and illegal content, it also makes it clear that even the slightest risk should be taken seriously. And they’re right—no matter how good the preventative measures are, you can’t wave off trauma, child exploitation, and violence. However, that doesn’t necessarily mean governmental backdoors are the right solution either.
The problem here isn’t with encryption per se, but rather with the precarious mix of public profiles and encrypted private messaging that this change would create. We champion apps with end-to-end encryption and strict privacy standards, but most of these apps are based on peer-to-peer communication where you must know their account name or phone number in order to send messages.
That model is very different than public social media platforms like Facebook or Instagram where most users are easily accessible. Unless you have intentionally changed your profile settings and limited the contact information on your account, most Facebook users can be found with a small amount of effort—and if you can find someone’s profile, it’s likely you can send them a message. If all messages are encrypted, then it becomes much more difficult to curb abuse; makes parental controls or activity monitoring less effective; and can hamper investigations into serious crimes.
Now, don’t take this as me being anti-encryption or pro-governmental backdoors—I am absolutely not saying that. But the open letter has a point: Facebook needs to do more to protect its users at all possible levels, rather than just focus on messaging encryption.
Increase your Facebook, Instagram, and WhatsApp privacy
Assuming Facebook’s plans move forward unimpeded and Messenger, Instagram, and WhatsApp are consolidated into a single encrypted messaging service, here are some privacy changes we recommend.
- You can change your Facebook privacy settings by going to Settings > Privacy on desktop and in the mobile app. We recommend setting your post and profile visibility to “friends only;” turning off message requests from people you don’t know; disabling the ability for people to find your profile using search engines; and limiting how much information can be used to find you using Facebook’s search.
- Delete as much contact information from your profile as possible, especially your phone number. You can hide this info by setting it to be “only visible by me,” but the data is still technically stored on Facebook that way. Deleting it is the wiser decision. You can edit your private information by going to Settings > Your Facebook Information.
- Don’t be afraid to use Facebook’s built-on block tools, which can be managed under Settings > Blocking.
- Go to your Instagram profile, then tap/click “Edit Profile” to open the account settings menu. In the “Edit Profile” tab, uncheck “Include your account when recommending similar accounts,” and remove any private information you do not need to include.
- Under the “Privacy and Security” tab, disable “Show Activity Status” and “Allow Sharing.” The best possible way to cut out unwanted messages or contacts is to also turn on “Private Account” especially if you mostly just use Instagram to share personal photos to your friends and family.
- Always block and/or report messages from accounts you don’t wish to be contact by.
- Go to Settings > Account > Privacy and change every option to “Nobody” (or to “only contacts,” if that’s the strictest option available).
- As with Facebook and Instagram, make liberal use of the block button if you need to.
While these are helpful for all users, we strongly recommend parents implement these settings on their child’s accounts. These settings are not perfect, but they’re far better than the default privacy settings available on these apps, and will go a long way to helping reduce the illegal and abusive activities that lawmakers and Facebook alike want to prevent.