Are your DMs safe? New report and open letter flags which companies are protecting your messages with default end-to-end encryption – and which aren’t.
Using End-To-End Encryption
End-to-end encryption prevents anyone other than the sender and recipient from accessing shared messages and files. Without it, company employees, hackers, and law enforcement are able to access “private” conversations. Simply put, our DMs aren’t safe.
Meta, Slack, Google, Apple, and more have failed to fully secure their users’ messages with end-to-end encryption, placing untold numbers of people at risk—including, in a post-Roe world, pregnant people in places where abortion is newly illegal.
To give just one harrowing example, last month, a Nebraska teenager was charged with a felony under the state’s aggresive anti-abortion law after Facebook turned over her unencrypted messages to the police.
States are rushing to criminalize all aspects of seeking or providing abortions, including even talking about them online. Gender affirming healthcare and free expression at school are also on extremist legislators’ chopping block.
Black activists and other people of color have been under disproportionate levels of police surveillance for decades. By not securing users’ messages, tech companies are playing ally to anti-rights crackdowns and enabling mass-scale digital surveillance.
“Security experts know that using end-to-end encryption in more places makes all of us more safe. When our messages are protected from interlopers, we can communicate freely, without the fear of being watched.
Tech companies should want to cultivate places where privacy and authenticity is the norm,” said Caitlin Seeley George (she/her), Fight for the Future’s Campaigns and Managing Director.
“As our new report outlines, though, there’s a disturbing lack of adoption of end-to-end encryption by major messaging providers. Some services, like Meta’s WhatsApp and Signal, already use end-to-end encryption by default—but the rest are way behind the demands of the times.
After the reversal of Roe v. Wade and with more rights cutbacks on the way, tech companies are throwing their users to the wolves by allowing company employees, cops, and other third parties to access unprotected messages. Defaulting end-to-end encryption is a concrete step tech companies can take to show they care about protecting human rights in an uncertain time.”
Companies That Have Adopted oR Lagging Behind Implementing End-To-End Encryption
Fight for the Future’s report provides an overview of how companies have adopted or are lagging behind at implementing end-to-end encryption:
- Meta is facilitating arrests of abortion-seekers by turning over private messages from Facebook Messenger to the cops. Although some of Meta’s messaging services are encrypted by default, Instagram and Facebook Messenger are not. Because people mix-and-match their messaging apps, making end-to-end encryption the default across Meta’s portfolio is essential.
- Twitter’s DMs are not end-to-end encrypted, meaning that a company employee could access your private messages (a concern supported by testimony from the recent whistleblower indicating that thousands of Twitter employees likely have access to users’ personal conversations). The company has only announced the vaguest of plans for making end-to-end encryption the default.
- While Google has made end-to-end encryption the default for Google Messanger (it’s texting app), Google Chat is not end-to-end encrypted.
- Most people think of Apple as the pro-privacy tech company, but the truth shows the cracks in this marketing persona. Messages sent between two iMessage users are end-to-end encrypted, but that protection doesn’t exist for texts sent to an Android user. Apple could address this flaw by implementing RCS, which allows for implementing end-to-end encryption between different devices, but thus far the company has refused to do so. Instead of addressing this very real concern, Tim Cook’s latest suggestion is for people to buy an iPhone for everyone they know.
- Neither Slack nor Discord have not implemented end-to-end encryption for their messaging systems, with both companies indicating that it isn’t a priority for users (despite evidence suggesting it is).
- Signal is a true workhorse in end-to-end encrypted messaging, and the open source Signal Protocol is being used by platforms including Google Messages and Facebook Messenger.
Technology is a deeply-ingrained part of our lives and individual users shouldn’t bear the responsibility of defending themselves against surveillance. The solution is simple—end-to-end encryption must become the new standard.