Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Now Supports PGP To Send You Encrypted Emails

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: You can now have Facebook encrypt email it sends to you by adding your PGP key to your profile. The PGP feature is "experimental" and will be rolled out slowly. The announcement reads in part: "...today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to 'end-to-end' encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."

8 of 138 comments (clear)

  1. Re:What use? by GoddersUK · · Score: 5, Interesting

    Your point? You only give them your public key - the whole point of which is that it's public. That's why we put them on keyservers. Mostly they will use it for the emails they send you... which they already know the contents of. They'll also be acting as a key distribution channel which is interesting - reliably distributing public keys is difficult and a social network account could act as a verified way to do this (although I wouldn't want to rely on it without being sure they hadn't switched the key out for another one).

  2. Re:The Onion by CronoCloud · · Score: 3, Insightful

    Srsly!

    Wonder who will be first to make a "Finger Facebook for my Public Key" joke.

    It does serve a purpose in being another means to easily distribute a pubkey, especially to those who might not be familiar enough with pgp/gpg to use keyservers, or prefer not to use them.

    After all, we can put our precious pgp pubkeys in our Slashdot profiles as well.

    https://slashdot.org/users.pl?...

    You can find them at:

    http://slashdot.org/~usernamefoo/pubkey

  3. Re:A small step in the right direction by CronoCloud · · Score: 3, Informative

    When will /. implement a similar mechanism?

    It already did, years ago, there's a field for it in:

    https://slashdot.org/users.pl?...

    You can then find them at:

    /http://slashdot.org/~usernamefoo/pubkey

  4. Share your "encryption network" with Suckerberg! by GrantRobertson · · Score: 3, Insightful

    Right, that's exactly what you want to be doing if you are interested in encrypted communication... Share the list of other people who want communicate with you via encryption. That way the most intentionally invasive service in the world can build a giant graph of everyone who communicates via encryption. Then the NSA will know who to focus their efforts on just by who has had the most people download their public key or who is at the center of the largest clusters of connectivity.

    This could possibly be countered by having everyone download lots of random people's keys. But only if FB doesn't require you to be "friends" before you can exchange keys.

    The best way to counter it is to let all the sheeple use it, to give the NSA something to play with, while the astute "encryptionistas" ignore it.

  5. Signing of messages by houghi · · Score: 5, Insightful

    I see the frist step not in encryption, but in verifiation in that the sender is who he claims he is.

    If this helps to have more people use it that way, I am all for it.

    e.g. I have a dedicated email adress for e.g. my bank bank.com@example.com. That way I can already filter out those who pretend to be my bank. It would be better if they used a PGP signature so I can verify if it really IS the bank sending me something (Or any other company) or if it just qn elite hqxor who changed the from adress.

    To me email encryption is not the main factor, signing of emails/messages is.

    --
    Don't fight for your country, if your country does not fight for you.
  6. Re:It took mine. by CastrTroy · · Score: 3, Informative

    Download the message using their IMAP servers. I use GMail, but very rarely to I actually log into the web UI anymore. All messages are either read on my phone or read on my computer with an actual email client. You avoid the ads, and you can read encrypted email. Not that I've ever bothered with encryption.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  7. Too hard to use (unfortunately) by sjbe · · Score: 5, Interesting

    I wish more companies would support this. Even if it's just random status updates and reminders for services I use, I prefer absolutely everything to be encrypted.

    In principle I agree with you. Unfortunately precisely none of the people I interact with on a daily basis have even the slightest interest in bothering with encrypting their communications. Worse, only a handful of them have the technical chops to do it properly. The rest wouldn't even begin to comprehend the need to jump through all the extra hoops. If they need to tell me something privately they simply do it in person where no one can listen. Using a tool like PGP securely is NOT simple and this will ensure it is never used except by a handful of crypto-geeks.

    There currently is absolutely no way I am aware of to make public key encryption simultaneously simple AND secure. You can have one or the other but not both. It fails the "explain it to your grandmother test" badly. Until some clever soul can find a way to make it nearly transparent to use and still secure, end-to-end encryption will remain a play toy for paranoid geeks and the occasional clever n'er-do-well.

  8. Meanwhile by Enry · · Score: 5, Insightful

    Slashdot still doesn't offer https support.