Meta (Facebook)How Advanced Browsing Protection Works in Messenger
Read Full ArticleSummary
The article discusses the implementation of Advanced Browsing Protection (ABP) in Messenger, focusing on the technical challenges and infrastructure necessary to protect user privacy while analyzing potentially malicious links. It details the use of cryptographic primitives such as private information retrieval (PIR) and oblivious pseudorandom functions (OPRF) to ensure that user queries remain confidential. The authors describe how URL-matching queries are handled, the importance of balancing database buckets to maintain efficiency, and the use of AMD's SEV-SNP technology for confidential computing. Additionally, the article covers the lifecycle of ABP requests, including pre-processing steps and the integration of a third-party proxy to enhance privacy.
Key Learnings
- 1The implementation of ABP employs cryptographic techniques to ensure user privacy while analyzing links in Messenger.
- 2Balancing database buckets is crucial to prevent information leakage and maintain efficient query processing.
- 3Using AMD's SEV-SNP technology allows for secure processing of sensitive data in a trusted execution environment.
- 4The integration of a third-party proxy with Oblivious HTTP enhances privacy by de-identifying client requests.
Who Should Read This
Senior Security Engineers focusing on privacy-preserving technologies and cryptographic implementations in messaging applications.
Test Your Knowledge
What are the trade-offs between privacy and efficiency in the ABP system's design?
How does the use of oblivious pseudorandom functions (OPRF) improve the security of URL-matching queries?
What challenges arise from balancing database buckets in the context of URL analysis?
In what ways does AMD's SEV-SNP technology contribute to the confidentiality of client queries?
How does the pre-processing ruleset generation impact the performance and privacy of the ABP system?
Topics
More articles about Encryption
Explore Encryption engineering →Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Stop reacting to breaches and start preventing them with User Risk Scoring
The article presents a proactive approach to cybersecurity by integrating User Risk Scoring into zero trust network access (ZTNA) policies. It outlines how Cloudflare One's platform allows security...
Introducing the 2026 Cloudflare Threat Report
The 2026 Cloudflare Threat Report outlines significant shifts in the cybersecurity landscape, emphasizing the transition from brute force attacks to high-trust exploitation strategies employed by...
Bringing more transparency to post-quantum usage, encrypted messaging, and routing security
The article introduces new features and tools on Cloudflare Radar aimed at enhancing transparency in post-quantum encryption, encrypted messaging, and routing security. It details the expansion of...
Toxic combinations: when small signals add up to a security incident
The article explores the concept of 'toxic combinations' in cybersecurity, where seemingly harmless signals can converge to create significant security incidents. It highlights how minor...
More from Meta (Facebook) Engineering
View Meta (Facebook) engineering blogs →Investing in Infrastructure: Meta’s Renewed Commitment to jemalloc
Meta has reaffirmed its commitment to jemalloc, a high-performance memory allocator, recognizing its importance in the software infrastructure. The article outlines Meta's strategic focus on reducing...
FFmpeg at Meta: Media Processing at Scale
The article discusses the extensive use of FFmpeg at Meta for media processing, highlighting the challenges and optimizations involved in transcoding and encoding videos at scale. It details how Meta...
RCCLX: Innovating GPU communications on AMD platforms
The article introduces RCCLX, an open-source library developed to enhance GPU communications on AMD platforms, building on the previous RCCL framework. It integrates with Torchcomms to facilitate...
The Death of Traditional Testing: Agentic Development Broke a 50-Year-Old Field, JiTTesting Can Revive It
The article introduces the concept of Just-in-Time Tests (JiTTests), a transformative approach to software testing that leverages large language models (LLMs) to generate bespoke tests automatically...
Building Prometheus: How Backend Aggregation Enables Gigawatt-Scale AI Clusters
The article discusses the implementation of backend aggregation (BAG) in Meta's Prometheus AI clusters, highlighting its role in interconnecting thousands of GPUs across multiple data centers. BAG...