The number of monthly active Facebook users is now close to 1.5 billion, and by my reckoning at least twelve of them are likely to be using PGP.
I’m joking, of course, but it must be a pretty funny Venn diagram seeing how many people are comfortable having an active Facebook account and are also determined to keep their email chats private with PGP.
PGP is, of course, the well-known standard for encrypting email communications. It’s beloved by privacy-conscious neckbeards, journalists and activists around the world, but notoriously painful for the uninitiated public to set up and understand.
But, when used and set up properly, the PGP (“Pretty Good Privacy”) end-to-end encryption standard should make it easy to scramble messages so they can only be read by their intended recipient – and allows the recipient to confirm that it really was you who sent it to them.
And so, for those people who have got their head around PGP, there is some good news from Facebook.
In a blog post, Facebook’s security team has explained that from now on, when the social networking site sends you sensitive emails such as password reset links or other notifications, it can encrypt them using PGP.
The feature, which Facebook describes as “experimental”, means that even if someone manages to access your email account, they should not be able to read the notification emails that Facebook has sent to you. Which means that the notification emails won’t reveal clues about how you might be using Facebook online.
If you wish to make use of the feature, all you have to do is open Facebook on a desktop computer (not on a smartphone), and update your profile’s Contact information: https://www.facebook.com/me/about?section=contact-info
There you should be able to paste in your PGP public key, and choose if you wish to enable encrypted notification emails.
And, of course, anyone who you are sharing your Contact information with via Facebook will now be able to see your public key, and use it to communicate with you securely via encrypted email if they wish.
Facebook says it is rolling the new facility out gradually to users – so don’t be surprised if you don’t see it on your account yet.
Last year, in another privacy move, Facebook announced it had added a Tor hidden access point to the site, ensuring communications remain cloaked via the anonymising service, and potentially opening up access to the site in countries where it has previously been blocked.
Over its history, Facebook has had a blemished record when it comes to security and privacy, but it’s hard to complain about this development – which can only be viewed as a good thing.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 27, 2024
December 24, 2024
December 19, 2024