First reaction: is this really a sea change for Facebook? (Unlikely.)
Second reaction: anybody have any confidence that Facebook, with it's history of horking up any and all information it can gather and sell, is really going to pursue this as a corp?
Third reaction: anybody have any confidence that Facebook, with it's history of privacy related bugs, will do very complicated crypto right?
In the end, I suspect that this will be a momentary fad at Facebook, until they realize that providing this service is in direct conflict with their base model. I don't see it as a major change, but a momentary media distraction to try and deflect attention from their ongoing privacy problems.
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
However, this sows literally a lot of self doubt too, as to their real intentions given that Whatsapp, and Instagram is notoriously insecure anyhow and legislatively, they cannot use any cryptographic algorithm, which the authorities of the that particular country cannot actually crack or obtain for monitoring purposes.
So what is their real intent here? Stay in business, or make amendments for their dysfunctional approach to data? I also noticed an IAPP piece on whether encryption of private data would be acceptable or not.
The argument is concluded by stating the following: "Let’s hope that the supervisory authorities and European Data Protection Board see the light and officially conclude that, when processed by parties that do not have access to the encryption key, encrypted data should not be considered personal data under the GDPR."
How do they prove they do not have access to the encryption key, i.e. they may have the means to actually read the content, but not actually tell anyone about etc.