A big change could be coming to Facebook and the other platforms under its capacious umbrella. By 2020, according to a story in the New York Times on Friday, Zuckerberg wants the company to integrate the messaging services of Facebook Messenger, Instagram, and WhatsApp. He’s also ordered that all three include end-to-end encryption, a level of security that usually means communications can only be read in two places: the sender’s and the receiver’s device. While the apps themselves aren’t going to be merged, their messaging infrastructure will be, according to the Times, meaning someone on Instagram would be able to send an encrypted message to someone on WhatsApp.
The business logic here is probably to pull users even more tightly into the Facebook ecosystem. If you want to send a friend a photo you took on Instagram, Zuckerberg would probably prefer you send it via Facebook Messenger than through Apple’s iMessage. Integrating all three services could also help Facebook better monetize the massive user bases of WhatsApp and Instagram, which aren’t nearly the cash cows that Facebook’s main platform and app are. It would also allow the company to make a better privacy argument to users: Improved encryption and data protection are definitely steps in the right direction for a company that has often been fairly cavalier about data collection and made some serious privacy blunders—in October of last year Facebook admitted 29 million users’ personal data may have been stolen off the platform. Better encryption means better privacy, and that’s a good thing. But integrating and building cross-platform encryption for all Facebook messaging services isn’t an easy lift, and depending on how it’s implemented, the endeavor might benefit Facebook more than users looking for better online protections.
One main reason for this is that tying together the messaging features of the three services will likely mean sharing data between them. “WhatsApp users may have had a certain privacy expectation about data being resold, and with the change you no may longer have that,” said Praveen Sinha, the chief technology officer of Equality Labs, a nonprofit cybersecurity consulting organization. Neither Instagram nor WhatsApp currently requires people to use their real names, and integrating these services “could mean that all communications will be tied to how you identify on Facebook,” Sinha said. In other words, if you enjoyed anonymity on Instagram or WhatsApp, that could be compromised by people being able to message your private Facebook account, which has your name on it. It’s still not clear what shape the interoperability will take or if people will be able to toggle it on and off, but having your accounts linked together opens the possibility of personal data spilling between them.
From a technical perspective, integrating these services isn’t going to be easy either. Facebook is reportedly assigning thousands of people to work on the project, and any overhaul this big won’t necessarily be seamless. Of particular concern is how the end-to-end encryption will work between the web browser on Facebook and the various apps. “Web browsers and web apps in general are one of the biggest barriers that we’re still facing to pervasive deployment of end-to-end encryption and strong cryptography for all kinds of online services,” said Erinn Atwater, research director at Open Privacy, an online privacy research and advocacy nonprofit.
The architecture of Instagram, Facebook, and WhatsApp all differ radically, too, according to Sinha, particularly when it comes to how messages are forwarded, which will be a huge hurdle for security engineers figuring out how to interoperate encryption across them. With WhatsApp, for example, messages can be forwarded in chains to multiple people. With Instagram, messages can be sent in reaction to Stories or posts, but not forwarded to others. Those messages can also be unsent. And on Facebook, people can have group conversations, but you can’t forward a message to someone else from a private conversation. Creating end-to-end encryption that can hold all those different features across platforms is no simple task, according to Sinha, which might be why the New York Times cited sources who said Zuckerberg’s plan has faced some internal dissent.
But tying accounts with identifying information to an encrypted service like WhatsApp might be useful in at least one regard. One of the major problems Facebook has struggled with when it comes to preventing the spread of dangerous misinformation has been WhatsApp’s anonymity combined with its encryption. Not knowing the identity of original senders or being able to see what people are sharing has made curbing the spread of such dangerous information a massive challenge, so tying some level of identifying information to WhatsApp accounts could help to ferret out bad actors.
There’s a lot that could go wrong. Then again, Facebook has a lot of money to invest in the research and engineering necessary to build truly cross-platform end-to-end encryption that maintains diverse functionality. More encryption on communications products is very important, to protect both from hackers and from unwanted government surveillance. But the hitches will be in the particulars here. Linking accounts means losing some anonymity and end-to-end encryption hosted by Facebook won’t stop Facebook from reading your metadata to further target ads across platforms. And knowing Facebook’s long history of sharing personal data that was supposed to be kept private, none of this is quite comforting.