Loki Foundation

Facebook Messenger Rooms privacy security issues Zoom Skype Microsoft Teams

Rooms for improvement: Facebook Messenger Rooms vs. the videoconferencing competition

As COVID-19 lockdowns and quarantines drag on around the globe, the group video chat market is heating up. Zoom, initially hailed as the solution to our work-from-home woes, has been beset by privacy issues and a seemingly lackadaisical approach to security. Microsoft Teams and Google Meet rushed to fill the gap as people started to move away from Zoom, but Teams and Meet are both distinctly enterprise-focused. What about chatting with friends and family? The social side of life also needs a safe, secure digital space.

Facebook Messenger Rooms: New contender from an old vendor

Enter Facebook’s Messenger Rooms. Launched in the US on 14 May, and in the process of rolling out worldwide, Messenger Rooms promises to one-up Zoom with what Facebook calls a “privacy-first” approach to drop-in, drop-out video conferencing. Messenger Rooms has a number of features that make it attractive for anyone seeking a solution for casual group video calls. There are comprehensive admin controls to prevent the resurgence of “zoombombing”-type privacy invasions. You can initiate a Rooms call from the Facebook app or site, the Messenger app, or from Facebook-owned Instagram. And (surprisingly, given Facebook’s notorious habit of gobbling up personal info whenever possible) you don’t need a Facebook account to join a Messenger Rooms call  — though you do need an account to create one. 

So, is Messenger Rooms the solution to our group chat privacy woes?

The short answer: No.

Messenger Rooms Zooms ahead — or does it?

The long answer: While Rooms does make a number of meaningful improvements over Zoom and other competitors when it comes to protecting your privacy, there are still some serious issues to be aware of before you move your weekly Zoom catch-ups over to Messenger Rooms. 

For one, Rooms isn’t end-to-end encrypted (E2EE). Audio and video data is encrypted in transit, but decrypted once it gets to Facebook’s servers, meaning that Facebook — along with any other entities with access to their servers — can see and hear everything going on in a Rooms call.

Rooms is also closed-source. This means that it’s impossible for third parties to inspect Rooms’ code and independently verify any of Facebook’s privacy and security claims. And with no indication of Facebook ever intending to open-source Rooms’ code, this is unlikely to change in future.

Messenger Rooms: The ghost of privacy woes past 

No E2EE? Closed-source code? This is sounding awfully familiar. In our breakdown of remote work and study platforms, we talked about how lack of E2EE, and closed-source codebases, are the downfall of most current video conferencing options — and in these respects, Rooms isn’t all that different to Zoom, Microsoft Teams, or many other competitors in the field. And while Rooms does have the option of using the service without an account, Facebook has stated that they will still collect information about the devices Rooms is used on — account or no account. 

Messenger Rooms does make some meaningful improvements over other platforms in terms of admin controls and a semi-accountless participation system. But between the glaring lack of E2EE and Facebook’s abysmal privacy track record, it may be worth exploring other options before you trade away your privacy.