Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Now Supports PGP To Send You Encrypted Emails

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: You can now have Facebook encrypt email it sends to you by adding your PGP key to your profile. The PGP feature is "experimental" and will be rolled out slowly. The announcement reads in part: "...today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to 'end-to-end' encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."

4 of 138 comments (clear)

  1. Re:What use? by GoddersUK · · Score: 5, Interesting

    Your point? You only give them your public key - the whole point of which is that it's public. That's why we put them on keyservers. Mostly they will use it for the emails they send you... which they already know the contents of. They'll also be acting as a key distribution channel which is interesting - reliably distributing public keys is difficult and a social network account could act as a verified way to do this (although I wouldn't want to rely on it without being sure they hadn't switched the key out for another one).

  2. Signing of messages by houghi · · Score: 5, Insightful

    I see the frist step not in encryption, but in verifiation in that the sender is who he claims he is.

    If this helps to have more people use it that way, I am all for it.

    e.g. I have a dedicated email adress for e.g. my bank bank.com@example.com. That way I can already filter out those who pretend to be my bank. It would be better if they used a PGP signature so I can verify if it really IS the bank sending me something (Or any other company) or if it just qn elite hqxor who changed the from adress.

    To me email encryption is not the main factor, signing of emails/messages is.

    --
    Don't fight for your country, if your country does not fight for you.
  3. Too hard to use (unfortunately) by sjbe · · Score: 5, Interesting

    I wish more companies would support this. Even if it's just random status updates and reminders for services I use, I prefer absolutely everything to be encrypted.

    In principle I agree with you. Unfortunately precisely none of the people I interact with on a daily basis have even the slightest interest in bothering with encrypting their communications. Worse, only a handful of them have the technical chops to do it properly. The rest wouldn't even begin to comprehend the need to jump through all the extra hoops. If they need to tell me something privately they simply do it in person where no one can listen. Using a tool like PGP securely is NOT simple and this will ensure it is never used except by a handful of crypto-geeks.

    There currently is absolutely no way I am aware of to make public key encryption simultaneously simple AND secure. You can have one or the other but not both. It fails the "explain it to your grandmother test" badly. Until some clever soul can find a way to make it nearly transparent to use and still secure, end-to-end encryption will remain a play toy for paranoid geeks and the occasional clever n'er-do-well.

  4. Meanwhile by Enry · · Score: 5, Insightful

    Slashdot still doesn't offer https support.