Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Now Supports PGP To Send You Encrypted Emails

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: You can now have Facebook encrypt email it sends to you by adding your PGP key to your profile. The PGP feature is "experimental" and will be rolled out slowly. The announcement reads in part: "...today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to 'end-to-end' encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."

2 of 138 comments (clear)

  1. Re:What use? by GoddersUK · · Score: 5, Interesting

    Your point? You only give them your public key - the whole point of which is that it's public. That's why we put them on keyservers. Mostly they will use it for the emails they send you... which they already know the contents of. They'll also be acting as a key distribution channel which is interesting - reliably distributing public keys is difficult and a social network account could act as a verified way to do this (although I wouldn't want to rely on it without being sure they hadn't switched the key out for another one).

  2. Too hard to use (unfortunately) by sjbe · · Score: 5, Interesting

    I wish more companies would support this. Even if it's just random status updates and reminders for services I use, I prefer absolutely everything to be encrypted.

    In principle I agree with you. Unfortunately precisely none of the people I interact with on a daily basis have even the slightest interest in bothering with encrypting their communications. Worse, only a handful of them have the technical chops to do it properly. The rest wouldn't even begin to comprehend the need to jump through all the extra hoops. If they need to tell me something privately they simply do it in person where no one can listen. Using a tool like PGP securely is NOT simple and this will ensure it is never used except by a handful of crypto-geeks.

    There currently is absolutely no way I am aware of to make public key encryption simultaneously simple AND secure. You can have one or the other but not both. It fails the "explain it to your grandmother test" badly. Until some clever soul can find a way to make it nearly transparent to use and still secure, end-to-end encryption will remain a play toy for paranoid geeks and the occasional clever n'er-do-well.