Traditionally, if you were looking for end-to-end encrypted messaging, you'd stick with something like iMessage, WhatsApp, or Signal. However, if you already use Facebook Messenger, you have all you need for truly private chats with its built-in E2E encryption. It's available to all users, on Android and iOS — you just need to know where to look.
Unlike the aforementioned end-to-end encrypted chat apps, Messenger doesn't use E2E encryption by default, similar to how Telegram works. When you send a normal message in Messenger, it's encrypted on the way to Facebook's servers before being sent to the recipient, so Facebook has access to your communications.
Messenger's private chats are called "Secret Conversations," which not only allow you to create an end-to-end encrypted chat with your Facebook friends — without Facebook being able to have access — but messages also self-destruct if you want them to, effectively giving you a second way to unsend messages in the app.
Secret Conversations utilizes the Signal Protocol, developed by Open Whisper Systems — the same protocol that Signal itself uses in its messaging app, as well as WhatsApp. The feature first became available in Messenger in 2016, implementing device-to-device standards, but since then, all iOS and Android devices you use Messenger on can house Secret Conversations.
To get started, open a new chat in Messenger on your iPhone or Android phone. Next, tap either "Secret" (on iOS) or the lock (on Android) in the top right. You'll notice right away that you lose the option to choose multiple people since Secret Conversations are one-on-one only, not for groups.
Now, search or tap a name on your Choose Friends list to begin a new message. If this is your first time using Secret Conversations, you may need to tap "OK" on the welcome screen, but only if it appears.
From here, messaging is as simple as it typically is. You can send regular text-based messages, photos, stickers, videos, and voice recordings. However, you cannot send GIFs or payments in Secret Conversations, nor can you use voice or video calling.
You can leave the chat, then return at any time from the main window. The secret chat will appear separately from any normal chat you might have with your friend, identified by a lock that appears on the other user's profile picture, so you don't have to worry about which thread is which.
If there's something extra saucy or secretive that you don't want hanging around on your recipient's devices, you can set a message in your Secret Conversation to self-destruct, which Facebook calls "disappearing messages." Before sending the message, tap the stopwatch icon in the message field.
Next, select how long you'd like the message to last before it deletes itself from both your devices and their devices. Options range from 5 seconds to a full 24 hours.
Once you select a time, just write and send your message. Just like with regular messages in Secret Conversations, text-based messages, photos, stickers, videos, and voice recordings are all fair game here. The countdown won't start until the other person has opened the message.
If you doubt your message will actually be deleted, you'll see a timer next to your message, counting down how long it has before self-destruction. The other user will also see the countdown before it disappears.
Right now, Secret Conversations are only available in the Messenger app for iOS and Android, not in Facebook chats or on Messenger's website.
If you have multiple devices, such as an Android phone and an iPad tablet, you can simply sign in to Messenger on subsequent devices. After signing in on a new device, you won't be able to see any past Secret Conversations from previous devices. However, an alert will be posted in all your Secret Conversations letting you and recipients know that you've added a device.
Once you've added a device, all future Secret Conversations will sync between it and your previous devices, so you can secret message from any of the devices. Encryption is still device-to-device, but Facebook links all devices to the thread so you can send and receive from any of them securely.
Messenger's E2E encryption uses cryptographic keys on each user's devices to encrypt and decrypt messages. To see these keys on each of your devices (they will be different for each device), tap on the name or profile icon at the top of the secret thread, then tap "Your Keys." Then, on the recipient's device, they can do the same thing but choose "[Name]'s Keys," which will show your keys.
For extra security measures, compare the two keys and they should be the same. This can be done either verbally, in person, or in a screenshot. For instance, if your keys should up as "04 FG 45" on your device, and it also shows up as "04 FG 45" on the other person's device under your name, you're good. If they aren't the same, you may not be communicating with who you think you are.
For more details on this and how Facebook implements the Signal Protocol for Secret Conversations, check out its whitepaper on the topic.
Users aren't prevented from taking screenshots or recordings of regular or disappearing messages, so that person you sent an embarrassing video to can still share it outside your conversation if they were prepared and really wanted to. Also, aside from using disappearing messages, there's no way for you to delete regular secret messages you've sent on the other user's devices.
If you send someone something they consider harassing, spam, or the like, they can report you. While the conversation is end-to-end encrypted, the other user can tap your name/image at the top of the secret thread, choose "Block or Report," followed by "Something's Wrong" to tell Facebook why the message is bad. This basically sends what's in the conversation to Facebook by user choice, and it can even be done with disappearing messages a short time after they've disappeared.
While Secret Conversations are all end-to-end encrypted, a developer recently showed how it's only half-baked by Facebook in a way that Facebook could potentially still get your secret messages without someone sending a report. Is Facebook doing this? Likely not, but it's worth mentioning that Secret Conversations may need some further assurances by Facebook to put the issue to rest.
This article was produced during Gadget Hacks' special coverage on smartphone privacy and security. Check out the whole Privacy and Security series.