Reports
2024

Meta’s Implementation of Default Encryption on Facebook Messenger Remains Incomplete Six Months Since Rollout

In a survey of more than 80 Facebook Messenger users, Accountable Tech found that two-thirds of users have not seen Meta’s implementation of end-to-end encryption by default for all messages on Facebook Messenger.

KEY FINDINGS

  • Approximately six months after Meta announced that they would be encrypting all Facebook messages by default, the Accountable Tech team surveyed 80+ Facebook users to assess Meta’s actual progress towards this announcement.
  • Accountable Tech found that two-thirds of Facebook users still have not seen end-to-end (E2E) encryption by default on Facebook Messenger, approximately six months since the company’s announcement.
  • Nearly 50 percent of users reported having seen a pop-up message notifying them of the update. However, 39 percent said they got the notification but did not see an E2E label on their message chats — thus providing a false sense of privacy and security to these Messenger users.

OVERVIEW

On December 6, 2023, Meta announced they had begun to roll out end-to-end (E2E) encryption for all messages on Facebook Messenger. The update came after years of pressure from privacy advocates and on the heels of a case in Nebraska in which a mother and daughter faced felony charges for assisting with an illegal abortion and having an illegal abortion respectively. During this case, police sent a warrant to Facebook requesting access to their private messages, which provided evidence of the illegal abortion in Nebraska. As this example shows, police can subpoena and acquire access to private communications on non-encrypted messaging services making data privacy even more important in post-Roe America.

Meta’s December 2023 policy update was praised by privacy groups and the press with headlines like “Meta Launches End-To-End Encryption For Messages On Facebook And Messenger” from Forbes and “Facebook and Messenger to automatically encrypt messages” from BBC. However, an assessment by Accountable Tech performed by surveying more than 80 Facebook users worldwide finds that this policy update has been slowly rolled out with two-thirds of surveyed users still not seeing all their Facebook messages encrypted by default.

The incomplete rollout of this policy update flies in the face of public communications from the company. On December 6, 2023, Meta CEO Mark Zuckerberg posted on Facebook, that “after years of work rebuilding Messenger, we’ve updated the app with default end-to-end encryption for all personal calls and messages. Huge congrats to the team on making this happen.” While Meta’s Newsroom has indicated this rollout would take “months” to enact, it has been piecemeal, slow, and confusing for surveyed users. Despite the headlines from last year, Meta’s implementation of default encryption on Facebook Messenger remains incomplete approximately six months since its rollout announcement.

META’S POLICY UPDATE

December 6, 2023: “We are rolling out default end-to-end encryption for personal messages and calls on Messenger and Facebook, as well as a suite of new features that let you further control your messaging experience. We take our responsibility to protect your messages seriously and we’re thrilled that after years of investment and testing, we’re able to launch a safer, more secure and private service […] Because there are over a billion Messenger users, not everyone will get default end-to-end encryption right away. It will take a number of months to complete the global roll-out.”

MARK ZUCKERBERG’S FACEBOOK POST

December 6, 2023: “After years of work rebuilding Messenger, we’ve updated the app with default end-to-end encryption for all personal calls and messages. Huge congrats to the team on making this happen.”

SURVEY RESULTS

Starting in late April 2024, we sent a survey to staff and partners to assess Meta’s progress on their commitments to encrypt messages by default on Facebook Messenger. The survey was completed between April 25 and May 19 by more than 80 Facebook users around the world.

 

In the survey, we posed two questions to Facebook users. First, we asked if they had seen a pop-up notifying them of the update. This pop-up informs users of the update to Facebook Messenger, stating “Messages and calls will be secured with end-to-end encryption.” Nearly 50 percent of users reported having seen this pop-up on their Facebook Messenger account.

Second, we asked Facebook users to navigate to the Messenger app, click on an existing chat, and tap on the person’s icon at the top of chat to see if the message was encrypted by default. If the message was encrypted by default, users would see an “End-to-end encrypted”’ label as shown in the visual below.

Only one third of those surveyed — 33 percent of users — reported seeing the E2E label at the top of a message on Facebook Messenger. Two-thirds — 67 percent of users — reported not seeing the E2E label on the chat. Of the 54 respondents who did not see the E2E label on the chat, 21 users — 39 percent — responded that they had received the pop-up notification for end-to-end encryption.

While Meta has made clear this rollout of encrypted messages by default on Facebook Messenger would take months, our survey results indicate that they have provided notice to some users of the update even when E2E was not yet the default for the notified users.

In addition, throughout the survey process, many users notified us that they felt confused and uncertain by Meta’s announcement and rollout of this critical new privacy feature. Some of the notes from survey respondents below demonstrate significant inconsistencies and uncertainties from users in Meta’s rollout.

Notes From Survey Respondents

“Noting I received the pop-up but did not enact it. It wasn’t clear what it was really for.”

“Just completed the survey and wanted to flag that some of my chats show the E2E but not all.”

CONCLUSION

It appears as if Meta’s rollout of E2E on Facebook Messenger is incomplete and inconsistent. At a time when police and other authorities have become increasingly reliant on information from private messages, Facebook messages can undermine the privacy and safety of people seeking or assisting with abortion care. Meta’s piecemeal, slow, and confusing rollout of encrypted messages by default on Facebook Messages threatens the bodily autonomy and reproductive freedom of millions of people in the U.S.

For more information on how to better secure one’s own personal data, check out Digital Defense Fund’s Guide to Abortion Privacy here

More Recent Reports

Public Support for AI Consumer Protections
Reports
Jul 18, 2024

Gauging Public Support for AI Consumer Protections

Consumer Sentiment on AI Technologies
Reports
Jul 09, 2024

Consumer Sentiment on AI Technologies

Meta’s Political Content Limit Causes Steep Drop in Reach for Accounts
Reports
Aug 12, 2024

Meta’s Political Content Limit Causes Steep Drop in Reach for Accounts

Join the fight to rein in Big Tech.

Big Tech companies are some of the most powerful and profitable companies in history, presenting new threats to the safety of communities and the health of democracy. We’re taking them on through legislation, regulation and direct advocacy.