At Meta, our messaging apps assist billions of individuals around the globe keep related to those that matter most to them. This scale brings potential threats from criminals and hackers, so we have now a duty to maintain individuals and their knowledge secure. We’re sharing a set of ideas to make sure that safety is central to the design of our messaging apps.
These are our 5 core safety ideas that information us in creating safe non-public messaging apps for individuals:
- Construct safe providers for all
- Safety by design and protection in depth
- Cut back the assault floor
- Be clear and invite scrutiny
- Construct for the longer term
These ideas function reference factors for personal messaging design selections and complement our broader enterprise-wide data safety practices. These ideas don’t dwell in isolation, and in lots of circumstances, we’re contemplating all 5 of them concurrently as we develop our messaging apps.
Construct safe providers for all
These providers are constructed for wide-scale use amongst those that use our applied sciences. We attempt to offer intimate, feature-rich, and user-friendly providers that present safe messaging for billions of customers, the place solely the supposed recipients can entry end-to-end encrypted messages.
Folks all around the world use our messaging apps, so we attempt to make them simple to make use of whereas additionally extremely safe. Some individuals use our apps in low-connectivity areas, utilizing unreliable networks and infrastructure, or solely have entry to gadgets with restricted performance, so it will be significant that our apps work successfully in these environments to maintain everybody’s non-public messaging safe.
Moreover, individuals rightfully anticipate management over their non-public communications, so we offer them with the flexibility to validate their safety the place potential. On the identical time, we intention to be clear and be certain that individuals utilizing our apps can maintain us accountable. Lastly, we work onerous to provide individuals management over how they use our apps and make it simple for them to make use of our safety instruments to assist shield their accounts.
Safety by design and protection in depth
Non-public messaging apps ought to be safe by design. Safety ought to be on the forefront of how we develop the providers and be layered all through our designs — not simply an afterthought.
Whereas no system can present absolute safety, we incorporate a number of layers of safety to maintain confidentiality and integrity. Additionally it is necessary for us to know our apps end-to-end, that means we have in mind every layer of the service when constructing safety into our merchandise – particularly factors the place knowledge might be saved. When designing our apps, we use secure-by-default frameworks in order that safety is integrated from the outset. These frameworks make it more durable to undertake unsafe approaches that may inadvertently undermine safety and privateness.
Cut back the assault floor
We need to reduce the alternatives for unauthorized entry to peoples’ knowledge, together with by us. We work to restrict the info we gather and cut back the chance of vulnerabilities by limiting complexity in our designs.
The place we do want to gather knowledge to ship providers, we anonymize or pseudonymize it wherever acceptable. We additionally try to restrict complexity for our engineers to scale back the probability of introducing bugs which will influence privateness or safety.
Be clear and invite scrutiny
We work to construct transparency into our providers and, the place potential, give individuals the flexibility to validate their safety. We frequently share challenges and plans, and empower the broader safety group to assist critique, develop, and shield our providers.
Our purpose is to construct transparency into our applied sciences. We intention to provide consultants the flexibility to debate our safety instruments and processes, share challenges and plans, and empower the broader safety group to assist critique, develop, and shield our group. We’ll proceed to interact straight with stakeholders on these points via roundtables with privateness consultants, responding to exterior papers on what we do, and publishing our personal whitepapers.
We additionally encourage and reward impartial researchers for locating any impactful safety vulnerabilities via our bug bounty program.
Construct for the longer term
Growing safe providers is an evolution. We should construct our providers with the flexibility to maneuver shortly to remediate assaults (or different vulnerabilities), incorporate new technological developments, and deal with upcoming threats.
We would like everybody who makes use of our messaging apps to really feel snug and safe. By sharing the 5 ideas that guarantee safety is at all times high of thoughts, we hope to create transparency and readability on our course of for creating our non-public messaging apps whereas innovating and bettering our safety. Our dedication to discovering and coping with safety points has allowed us to help billions of individuals and their messages globally.
Be taught extra about our safety ideas
You possibly can learn extra about our safety ideas in our whitepaper.