Are the servers downloading entire files, or only a small amount to show the preview? If they’re downloading entire files, do the servers keep a copy, and if so for how long? And are these copies stored securely, or can the people who run the servers access the copies?”
Although these servers are trusted by the app, there’s no indication to users that the servers are downloading whatever they find in a link. This could be bills, contracts, medical records, or anything that may be confidential. This somehow shows that Facebook admits that the way link previews are treated in the normal chats may impact user privacy.”Īs the researchers explain in their report, “links shared in chats may contain private information intended only for the recipients. “All the vulnerabilities we discovered in Facebook Messenger occur in normal chats. As the report explains, “when you send a link, the app will first send it to an external server and ask it to generate a preview, then the server will send the preview back to both the sender and receiver.” But this is a potential security nightmare. “Facebook Messenger doesn't provide link previews at all in its secret conversations, which are end-to-end encrypted,” Mysk told me. Which brings us to the final option, the Facebook Messenger approach-server-side link previews.
