Facebook letting users opt-in to receive encrypted emails

1 Jun, 2015 15:33 / Updated 10 years ago

Users of the world’s largest social networking site can start receiving updates, notifications and other account information in the form of encrypted emails, Facebook announced.

On Monday, Facebook deployed a new feature that enables its one-billion-plus account holders to post their PGP public keys on their personal profiles.

Invented in the 1980s, PGP—short for Pretty Good Privacy—is a widely used protocol that enables emails to be sent across the internet in an encrypted format that renders the messages illegible to unintended eyes.

Facebook has not implemented any new features to encrypt messages sent between users, but enabling account holders to share their public keys makes it possible for sensitive emails concerning their profiles to be protected as never before.

“It's very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure,” the website said on Monday when announcing the new feature.

Who would have thought that we in 2015 would see the Patriot Act expire, @facebook support GPG, and @privacyint push for export control.

— Runa A. Sandvik (@runasand) June 1, 2015

Once a public key is shared, the Facebook user who posted it can check a box that will render all further emails sent from the social network site readable only if the recipient has the corresponding private key. So alerts from Facebook containing updates on the activities of acquaintances, new friend requests or pending wall posts can be encrypted, diminishing the likelihood that an eavesdropper can access your social networking info by rifling through a hacked inbox.

Additionally, any Facebook user who can view the public key of another individual can then import that information into an applicable email client and use that key to externally send their acquaintance a message that’s end-to-end encrypted.

"Security tools like PGP encryption are most effective when they are used widely," Geoffrey King, the internet advisory coordinator for the Center to Protect Journalists, said in a statement. "Facebook has taken an important step to help protect users' private communications by default, and make the risky environment in which journalists work a little bit safer."

But, seriously, this is a great first step from Facebook. Will they now integrate OTR into Facebook Messenger?

— the grugq (@thegrugq) June 1, 2015

Last year, classified documents disclosed to the media by Edward Snowden, a former government contractor for the United States National Security Agency, suggested that PGP is among the protocols the US intelligence community has had the biggest problem cracking.

“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said. "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."

In early 2013, Snowden used PGP-based encryption to reach out to filmmaker Laura Poitras in his effort to establish a secure avenue of communication between himself and Glenn Greenwald, the journalist who soon after began analyzing the trove of NSA documents supplied by the contractor.

According to a report published earlier this year by Poynter, 8 percent of investigative reporters and journalists have started using techniques to encrypt their emails and instant messages in the wake of Snowden’s disclosures, but three-quarters of those surveyed had not.