Slashdot Mirror
Facebook Now Supports PGP To Send You Encrypted Emails
An anonymous reader writes: You can now have Facebook encrypt email it sends to you by adding your PGP key to your profile. The PGP feature is "experimental" and will be rolled out slowly. The announcement reads in part: "...today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to 'end-to-end' encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."
In a web client? At a company that is known to work together with the NSA? And at a company that has spying on its "clients" as core business?
WTF?
a) Does anyone have Facebook notification emails turned on?
b) Is it really worth encrypting "Susie replied to your comment on Facebook! Click here to login and see."
Ahhh good another article from The Onion. Wait.... Seriously?
I just gotz to see it!
I consider this to be really good news, although the Facebook mails might not be the number one prio for applying encryption... besides when used for password recovery.
First it raises awareness about PGP which might cause more people to use PGP to encrypt and sign their emails.
Secondly I hope that more communities (LinkedIn, Twitter etc) follow this and thus raises even more awareness.
When will /. implement a similar mechanism?
Just added my keys. Not that I care about the notifications that "Billy scored X on Y Game", but anything that obfuscates and encrypts data on the wire is a good thing. It's not just the NSA, how many of you use gmail? This will keep them from scanning your mail.
>In fact I may enable a bunch more useless notifications and set up a rule to delete them at my end as they arrive.
Trolling is a art,
I'm wondering how they encode the messages, do they use PGP Inline or PGP/MIME? Has anybody tried it and can comment on that?
Then when I want to delete my account, I'll just change the key to something random and forget it. Facebook can warehouse an unreadable profile forever at that point.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
I mean what's next, salted client-side hashing for all our web passwords? Nah, that's way too sensible.
Right, that's exactly what you want to be doing if you are interested in encrypted communication... Share the list of other people who want communicate with you via encryption. That way the most intentionally invasive service in the world can build a giant graph of everyone who communicates via encryption. Then the NSA will know who to focus their efforts on just by who has had the most people download their public key or who is at the center of the largest clusters of connectivity.
This could possibly be countered by having everyone download lots of random people's keys. But only if FB doesn't require you to be "friends" before you can exchange keys.
The best way to counter it is to let all the sheeple use it, to give the NSA something to play with, while the astute "encryptionistas" ignore it.
I see the frist step not in encryption, but in verifiation in that the sender is who he claims he is.
If this helps to have more people use it that way, I am all for it.
e.g. I have a dedicated email adress for e.g. my bank bank.com@example.com. That way I can already filter out those who pretend to be my bank. It would be better if they used a PGP signature so I can verify if it really IS the bank sending me something (Or any other company) or if it just qn elite hqxor who changed the from adress.
To me email encryption is not the main factor, signing of emails/messages is.
Don't fight for your country, if your country does not fight for you.
It doesn't matter if the end-to-end transmission is 100% secure if the information can be compromised at the server via selling-out or hacking.
Never assume your data is safe unless it's on an off-line computer or device in your possession.
Get free satoshi (Bitcoin) and Dogecoins
Well, that's the end of PGP...
I wish more companies would support this. Even if it's just random status updates and reminders for services I use, I prefer absolutely everything to be encrypted.
In principle I agree with you. Unfortunately precisely none of the people I interact with on a daily basis have even the slightest interest in bothering with encrypting their communications. Worse, only a handful of them have the technical chops to do it properly. The rest wouldn't even begin to comprehend the need to jump through all the extra hoops. If they need to tell me something privately they simply do it in person where no one can listen. Using a tool like PGP securely is NOT simple and this will ensure it is never used except by a handful of crypto-geeks.
There currently is absolutely no way I am aware of to make public key encryption simultaneously simple AND secure. You can have one or the other but not both. It fails the "explain it to your grandmother test" badly. Until some clever soul can find a way to make it nearly transparent to use and still secure, end-to-end encryption will remain a play toy for paranoid geeks and the occasional clever n'er-do-well.
So how are you securely getting the email message to facebook to start with? I see an SSL connection that could easily have a "man in the middle" thing going on...
Now some idiot VP early adopter of anything with the flag TRENDY, will want to move all the company's e-mail system to Facebook because it has mentioned PGP.
Share the list of other people who want communicate with you via encryption.
If only you had read the summary you would realize that isn't the case. It just encrypts the notification emails that Facebooks sends to you. Messages people send you on Facebook are not encrypted, only the notification email telling you that a message has arrived is.
Optionally you can share your public key on your profile, the same as if you pasted it into the "about me" box or whatever Facebook uses. Same as publishing it on your web site or a key server.
If you are wondering why Facebook doesn't encrypt messages between users, it's because a) they think their internal network is secure against the NSA (LOL) and b) they want to mine those messages themselves.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Fail. "You" is dative, not a typo for genitive "your".
Maybe you're right. But for me pgp encryption needs marketing so a lot of people start using or at least being aware of it. It needs to become mainstream. It needs to be considered(in the minds of the general populace) as essential, like email. So what better way of pushing than Facebook (and gmail) advertising it? The potential benefits are far more than the disadvantages.
Slashdot still doesn't offer https support.
This would be nice if it applied to the private messages as well, and it would be even nicer Facebook made some effort at making PGP mainstream (by educating users or making it optional to post facebook updates in PGP) so NSA and those *eckers stop spying on us.
Im thinking an agent sitting quitely in systray, with the PGP key loaded translating everything that looks PGPish. Like Pageant (http://www.chiark.greenend.org.uk/~sgta/putty/download.html) does for private keys ?
It is one (albeit very very small) step in the right direction I guess.
I suspect that the NSA, which hoovers up everything, already has a far bigger graph of encryption users than Facebook could ever hope to assemble. The NSA already knows exactly who communicates with whom via encryption, because they already have all the traffic.
This is just a FB marketing stunt to cash in on fear of the NSA. If Facebook really, really wanted to promote encryption, they'd be signing S/MIME and SSL certs for users: they already have the users' personal data and can, presumably, validate the e-mail and telephone; they could also do host ownership validation like Google does for its webmaster tools.
Maybe you're right. But for me pgp encryption needs marketing so a lot of people start using or at least being aware of it. It needs to become mainstream.
Why not S/MIME? - Seems like a better technology to me, since you can encrypt entire MIME parts (including attachments and (some) headers) rather than just body text.
http://blog.nexusuk.org
errr, so i want to send a communication, ok? it's supposed to be private, right? but it's a web service: facebook could, at any time (even under secret fascist subpoena) change or be forced to change (without informing us) the user interface so that the encrypted message is no longer encrypted, but is in fact entirely in cleartext.
you might think, "ok, well, surely we could then just have a messenger service or app which does the job, and we could trust that, right?" and the answer is "well no, absolutely not you can't... not unless the entire source code is available, and a chain of trust is established that guarantees a verifiable and traceable compile and distribution chain".
which, basically, means you need a software libre distribution (such as debian) because those have full source available, and GPG-signing right the way from the developers (whose identities are verified via key-signing parties that involve showing proof of ID on each signing), all the way through to distribution where a "Release" file containing the MD5 checksums of every package is, once again, GPG-signed by provably verified individuals.
the bottom line is that just because facebook *says* it's secure doesn't actually make it so, and announcing "yeah we provide a secure encrypted email service" is actually a dangerous DISSERVICE. you can't *EVER* guarantee that the servers have been compromised, and web browser *implicitly* trust what the servers give them to run.
the best thing that facebook could do is provide a programming API via which encrypted emails *may* be sent, and then sponsor software libre teams such as mutt, and everyone else, to provide 3rd party (entirely software libre) applications that deliver *and receive* encrypted mail. the only hurdle to get over there would be whether the software libre teams would view working with facebook to be endorsement of SaaSS (service as a software substitute - http://www.gnu.org/philosophy/...) which i can guarantee in advance that any GNU project will *not* do.
Unfortunately, cut and paste an ascii-armoured public key into the box and it's rejected as invalid. Despite the fact it just came straight out of gpg --export -a ...
Is there some restriction on key types/sizes that they don't declare, or is it just buggy at the moment?
Seems like a better technology to me, since you can encrypt entire MIME parts (including attachments and (some) headers) rather than just body text.
Why do you think PGP can't do that, because it can. That's what PGP/MIME is for.
If only you had read between the lines of said summary, based on FB's past behavior. If you share your public key on your profile, I guarantee you that FB WILL keep track of everyone who downloads it.
The safest way to share your public key is to share it ubiquitously on your web page, in your e-mail signature, etcetera. Then no one can find out who is actually using it and who is ignoring it. (OK, other than deep scans of your traffic.)
I think it was on a story about Facebook's .onion site, someone made a comment that also applies here:
"That's like putting a condom over the car you drive to the whorehouse."
"When information is power, privacy is freedom" - Jah-Wren Ryel
The easiest way would be to look at your e-mail and see who is sending you PGP encrypted e-mails.
This doesn't prove who sent the message. A message must be encrypted with the receiver's public key and encrypted again with the sender's private key. Once again, all security depends on the integrity of the public-key server. Such servers can't prevent man-in-the-middle attacks.
Maybe you're right. But for me pgp encryption needs marketing so a lot of people start using or at least being aware of it. It needs to become mainstream.
Why not S/MIME? - Seems like a better technology to me, since you can encrypt entire MIME parts (including attachments and (some) headers) rather than just body text.
A PKI is required (or at least strongly encouraged, if users don't want to self-sign keys) for S/MIME. CA-issued keys typically cost money and expire at regular intervals. Outside of corporate environments with managed keyservers, S/MIME is quite uncommon. PGP is hardly common as it is, but it's likely more so than S/MIME.
Facebook can (and does) use PGP/MIME, which has the advantages of S/MIME that you mention while avoiding the downsides.
PGP was created and promoted 20 frickin' years ago and mainstream websites are just now noticing? LMFAO.
Anyone who encrypts mail to me does it from their own machines. This is for Facebook mail to you. If a user grabs your keys they can also send you mail directly without going through Facebook.
Facebook lets you control your public keys as if it were any other information: public, friends only, etc.
Trolling is a art,
First it raises awareness about PGP which might cause more people to use PGP to encrypt and sign their emails.
No it won't. The only people that will do it are crypto-geeks. It will not result in widespread adoption. Most people A) don't give a shit, B) don't understand public key encryption, C) can't be bothered even if they do understand it, and D) the people they communicate with think A, B and C as well. The value of it is not commensurate with the difficulty of using it to most people most of the time.
Tying a public key to your social media account is a good way to prove ownership without having to trust these notoriously dubious certification authorities.
You still have to trust DigiCert, the CA that signed the facebook.com certificate. That's on top of trusting Facebook, as you pointed out.
KEYID: DEE958CF
Fingerprint: 31A7 0953 D8D5 90BA 1FAB 3776 2F38 98CE DEE9 58CF
The link Facebook gives is for a web proxy to the pgp.mit.edu keyserver, which tends to not be all that reliable when accessed directly and may be Slashdotted. So you might want to try doing this instead, on Linux anyway:
gpg --recv-keys DEE958CF
or if you have pgp-tools installed:
keylookup DEE958CF
or: with Seahorse it's Remote>Find Remote Keys
In GPA (Gnu Privacy Assistant) it's Server>Retrieve keys
Or with Kleopatra (the default gpg GUI on Windows), you select "Lookup Certificates on Server"
In KGPG it's "Key Server Dialog"
CA-issued keys typically cost money
StartSSL issues individual S/MIME certificates without charge.
PGP is hardly common as it is, but it's likely more so than S/MIME.
Perhaps it's uncommon because its proponents have failed to give a clear answer to this question: If someone doesn't regularly fly to key signing parties, how should he get his PGP key signed into the strongly connected subset of the web of trust?
The only way to get a decrypted copy would be to break into his PC
Web advertising networks have been providing the service of breaking into viewers' PCs for years.
Slashdot used to offer HTTPS to subscribers, at a price of half a cent per page view (source: FAQ). But the subscription page is not only well hidden but also unavailable: "Buying or gifting of a new subscription is not available at the moment." The reason it was for subscribers only was that most advertising networks were HTTP-only, and browsers would block HTTP ads in HTTPS pages as "mixed content". Only in the past couple years did ad networks start to offer HTTPS.
if users don't want to self-sign keys
Self-signed keys offer the same level of security as PGP, with no additional drawbacks, and don't require additional software.
S/MIME was introduced as an alternative to PGP because all of the software required to implement it was already included in email clients that support SSL connections to servers. Because the implementation is simpler, S/MIME is superior to PGP in pretty much every way.
You have an awfully high opinion of yourself, for someone who misses the obvious.
If the NSA wants to know with whom you exchange encrypted email, they can get that information by watching your email. PGP and SMIME don't encrypt SMTP envelope data (metadata).
Any graph that FB builds would hardly be useful. It would be incomplete, because there are many established means of sharing public key data. And beyond that, viewing someone's key isn't a strong indication that you will email them with encryption. It is more likely to mean that you received a signed message and want to verify the signature.
Drop the "sheeple" attitude, please. It isn't helping to secure, well, anything. It isn't good advocacy. It makes you look bad, and by extension, it makes everyone who advocates for secure communications look bad.
S/MIME is better than nothing, but if a CA gets compromised, it is worthless. OpenPGP is a superset of S/MIME, because it can support a real web of trust, not just assuming one key is 100% trustworthy.
I prefer to pack my own parachute, and if one does keysigning parties properly, it ensures that knowing other people's key IDs is as iron-clad as one can get.
No one wants to make your communications safe from them. And if they did the government would come knocking and put a stop to it.
It is not a technical problem.
Wrong. That sound you just heard was the NSA's head asploding. These guys are *not* fans of end-to-end encryption by the public, or any entity other than themselves. It doesn't matter if they supposedly know who to focus on if they don't have the ability to decrypt the communications (unless they manage endpoint intrusion, but that's a separate problem). They want communications to be either a) unencrypted, or b) encrypted with a backdoor. Nevermind the fact that criminals and black hats would be just as happy to intercept communications, and are only slightly less well positioned to do so. The NSA is leaning heavily on tech companies to abandon end-to-end encryption; even Apple's version, which was intentionally made vulnerable to MITM.
But even if you don't care if the NSA intercepts your communications -- many people don't, and I respect that position -- let's agree that that's the very best case. It could just as easily be China, Russia, or Joe Hacker. Any one of them would be happy to lean on you if they can piece together that you have access to anything they want. Interception of communications is just as big of a risk to national security as it is a tool to protect it. It's a double-edged sword, and I don't think we're respecting that to the degree that we should. So far, by most indications, we've managed to stay ahead of most of the world, but past performance is no guarantee of future results. You don't bet on a team to win the Super Bowl next year just because they won last year.
https://www.eff.org/https-everywhere
https://xkcd.com/1181/
My point is that Facebook should not be trusted with anything related to encryption.
I think the entire point of (properly done) encryption is that you don't have to trust Facebook. At all. And frankly based on their behavior and that of certain three letter agencies you really shouldn't trust them. I certainly don't but my answer to that is to not use Facebook.
The problem with good encryption is really more in the usability of it than the technology. The technological problems are well understood. The problem is that no one has come up with a way to make encryption both easy to use and simultaneously secure. Making a key pair, storing the private key securely, encrypting your message, ensuring the software has no backdoor, etc all require significant technical chops. Even if you do that the person you are communicating with has to have all those same technical chops AND the motivation to use them.
What stop FB from making a client that encrypts local but sends the private key to the NSA?
Nothing but you can use a different client. The key doesn't care what client you created it in. Frankly I have no idea why anyone would regard FB as a trusted party. FB should never ever see the private key. If they do then you may as well presume your encryption is broken.
In the meantime focus on the tools and the generally (after 20 years time) still ridiculous state-of-affairs in terms of usability.
I'm not optimistic that the problem is solvable. I honestly do not see any way to make encryption both easy to use and secure/trustworthy. Any solution that makes it easy to use necessarily for most people involves trusting a third party that they do not know. Do you REALLY trust the company that wrote/compiled the encryption software you are using? I'm not a coder and even if I was I don't have the time or expertise to review the code. The whole point of encryption is that you don't want to trust third parties. So you can either make it really complicated to use or you can make it secure but I don't see a credible way to make it be both at the same time.
Furthermore, unless it is REALLY easy to use (near transparent) most people aren't going to use it. Not even enough to get a decent installed base will use it. Hell, I *love* the idea of encryption my data and communications and even I don't see myself using it because it's too much of a pain in the arse.
We don't want you as our internet service provider. KTHXBYE.
No, the CA doesn't do much in the S/MIME chain except to verify that the owner of the key had control of the e-mail account at one point in time. After that, the key is wholly independent of the CA and works just like a PGP key: the fact that I, and only I, an encrypt messages with my key continues to validate my possession of that private key, which is unknown to the CA. All a compromised CA could do is issue a S/MIME cert for an attacker with my e-mail address on it, but that cert couldn't decrypt messages that I send and would have a different public key, and I couldn't decrypt messages with the attacker's key, so it would be quickly obvious that someone was tampering with our communications. Think about the possible uses of a fake key:
1) The attacker wants to spoof my identity. If he doesn't have access to my e-mail, then it isn't a problem, because the e-mail addresses won't match up. Besides, if I get an e-mail at my address that I can't decipher, I know that an attacker has spoofed me and I can warn the other party. If the attacker does have access to my e-mail, then he can spoof me, but that's of limited value for as much trouble as he's gone through already by both compromising a CA and breaking into my account. At that level of play, we're probably talking about state actors, against whom resistance is likely futile in any scenario.
2) The attacker wants to decrypt my mail. His shiny new fake cert does him no good, period.
to trump all features:
Login with GPG authentication!
Especially on a behemoth like FB, that would move things tremendously forward!
And something, that would actually provide a visible benefit for even non-technical folks ('If you have this, you can log in to dozens of sites with this one passphrase').
But.. do you decrypt the content on a air gapped workstation or something ? NSA knows it's easier to steal the private key than break encryption.
I'm not sure that's what's happening here. Providing Facebook with your public key doesn't share with Facebook (or anyone else) anyone else that may use encryption to communicate with you. After all, it IS your public key, and one you should be willing to share to anyone that wants to send you encrypted email. Facebook and the NSA already knows who your friends are - so this just provides a way to help distribute your public key. I would prefer if Facebook required you to be friends first, since the public key is tied to the email address. And allowing people to scrape public keys (which would require associating it to your Facebook email address) would just be an email harvesters wet dream.
Using JavaScript, FB can tell if someone selects your public key that is posted on your profile. (Yes, IF you choose to post it as well as just let FB use it. However most people are very likely to do so.) Have you ever clicked in a field that said "Search," or whatnot, only to have those words disappear as soon as you clicked there? That is JavaScript doing that. It is just as easy to have said JavaScript save the current user and the page's user and store them in a database. FB can then use this database to build a directed graph of who is copying who's public key. Sure, it is an incomplete graph, but all social data is incomplete and useful information is still drawn from it. Sure, the NSA could do a deep packet scan of everyone's e-mail and dig out the same, or better, information. However, that is far, FAR more resource intensive and expensive than adding a field to FB's database and some more JavaScript to the profile page.
So, once FB has built their, admittedly incomplete, graph, the NSA can look for the clusters of interconnectedness in said graph and focus their deep packet scanning efforts and resources there. Thus making the NSAs efforts far more effective.
I guess, if you want to save the taxpayers some money, go ahead and post your public key to FB. If you really want to promote encryption, include your public key and links to free software and incredibly easy to follow instructions in all your emails to your non-techie friends and family. If said relatives are conservative nutjobs then you could also include a comment about how the socialist, terrorist-loving, Nigerian, Muslim, presidential imposter (read: black guy) is reading all their personal e-mails and building a list of where to send the black helicopters. I have many such relatives. Believe me, they still believe that crap.