Facebook Messenger (and Facebook Messenger Kids)

Warning: *Privacy Not Included with this product

Video Call Apps

Facebook Messenger (and Facebook Messenger Kids)

Facebook
Wi-Fi

Review date: Sept. 8, 2021

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Super creepy

Facebook Messenger has features like video chat, the ability to record voice messages, text chats, group chats, photo, video sharing and a feature called Messenger Rooms that allows up to 50 people to chat over video at once even without a Facebook account. Messenger Kids is a messaging app targeted at kids under 13 who are not yet old enough to join Facebook. It lets kids video chat and message their friends through their parents' Facebook account. Facebook is pretty well known for vacuuming up users' personal data, including stating in its privacy policy it can use the camera feature to collect data on you. The company does say it won't use the content of your messages to serve you ads, so there's that. And with more kids stuck at home, using Messenger Kids to connect remotely with their friends, it’s always good to beware of Facebook’s poor track record protecting their users’ privacy.

What could happen if something goes wrong?

With Facebook-owned apps we always worry there is a good deal that could go wrong. Facebook has a long history of not handling people's personal data with care. In 2019, Facebook confirmed a report that it hired contractors to read and transcribe audio messages users sent through Messenger and Facebook. And earlier in 2021, the personal data of over 500 million Facebook users--information like phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses--was publicly posted on a hacker forum. Facebook says it doesn't use the content of messages to choose which ads to show you. But Facebook makes no such claim about the other types of insights tucked inside your messaging app — who you're speaking to, when you speak to them, and other types of metadata. Facebook sucks up a great deal of this type of data to use for ad targeting and reserves the right to share it with numerous third parties. There are no ads served to kids in Facebook Messenger and Facebook claims they don’t use data from the Messenger Kids app for ads in their other apps. It does still collect children’s data though, so be wary, as you’re trusting Facebook with information about your young children. Also, Facebook markets the Messenger Kids app to children under the age of 13, so parents who let their young children use Facebook Messenger Kids should pay close attention to what their kids share. All in all, if you do decide to use Facebook Messenger, it’s probably best to assume nothing you say or do is actually private.

  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

Either email or phone number are required.

What data does the company collect?

How does the company use this data?

Facebook claims to not sell its data, but it shares data with numerous third parties such as partners who use their analytics services, advertisers, measurement partners, partners offering goods and services in Facebook products, vendors and service providers, researchers and academics, law enforcement, and legal requests. Facebook also uses data on its own vast advertisement network.

How can you control your data?

Facebook claims to store data until it is no longer necessary to provide their services and Facebook Products or until your account is deleted – whichever comes first. Therefore, the only clear way for data deletion is deleting the Facebook profile. It can take up to 90 days to delete data.

What is the company’s known track record of protecting users’ data?

Bad

In August 2019, Bloomberg reported that Facebook hired contractors to transcribe audio messages users sent through Messenger and Facebook confirmed the report. In April 2021, it was reported that there was a personal data leak of about 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses. In January 2021, Google Project Zero security researcher Natalie Silvanovich discovered a logic bug in Messenger that would allow audio or video to be transmitted without user consent. The bug was promptly fixed.

Can this product be used offline?

N/A

User-friendly privacy information?

No

Facebook provides a privacy policy which is written in a simple language, in a Q&A format. An additional policy is issued for Messenger Kids. However, it provides rather vague answers to some important questions (e.g., types of data collected, ways to delete the data without deleting the profile, etc.). The nature and volume of sharing of data to third parties is also unclear from the policy, as well as usage of data for advertisement.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Messenger uses encryption but does not use end-to-end encryption by default. People using the Messenger app on iOS and Android can opt-in to "Secret Conversations" that do use end-to-end encryption for text, audio, and video chats. As for end-to-end encryption by default, here's what the company says, "While we expect to make more progress on default end-to-end encryption for Messenger and Instagram Direct this year, it's a long-term project and we won't be fully end-to-end encrypted until sometime in 2022 at the earliest."

Strong password

Yes

Messenger requires a strong password to login. However, calls cannot be password-protected.

Security updates

Yes

Manages vulnerabilities

Yes

Facebook has a bug bounty program

Privacy policy

Yes

Does the product use AI? information

Yes

Facebook employs "artificial intelligence to identify unusual behavioral patterns correlated with phishing, scamming, and other harmful activities to remove them from the platform."

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

No

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Messenger Updates End-to-End Encrypted Chats with New Features
    Facebook Link opens in a new tab
  • Facebook ramps up privacy efforts with end-to-end encrypted audio, video calling trials in Secret Conversations
    ZDNet Link opens in a new tab
  • Forget Zoom—children are using Facebook Messenger Kids to deal with coronavirus isolation
    MIT Technology Review Link opens in a new tab
  • Messenger Kids adds expanded parental controls, details how much kids’ data Facebook collects
    TechCrunch Link opens in a new tab
  • Facebook Says Encrypting Messenger by Default Will Take Years
    Wired Link opens in a new tab
  • Messenger Rooms are Facebook’s answer to Zoom and Houseparty for the pandemic
    The Verge Link opens in a new tab
  • Messenger Kids On Facebook Keeps Kids Connected, But Is It Safe? Experts Weigh
    Romper Link opens in a new tab
  • Bugs in Signal, Facebook, Google chat apps let attackers spy on users
    Bleeping Computer Link opens in a new tab
  • 533 million Facebook users' phone numbers and personal data have been leaked online
    Business Insider Link opens in a new tab
  • Facebook Updates Privacy Features on Messenger Kids App
    Consumer Reports Link opens in a new tab
  • Messaging Apps Have an Eavesdropping Problem
    Wired Link opens in a new tab
  • Facebook transcribed users’ audio messages without permission
    TechCrunch Link opens in a new tab
  • There’s no escape from Facebook, even if you don’t use it
    Washington Post Link opens in a new tab

Comments

Got a comment? Let us hear it.