Facebook cares about your Privacy
The social network is rolling out a security for users to use the encryption standard OpenPGP to protect e-mail notifications sent by the company, and to share their public encryption keys with their friends or with the public. The feature is being rolled out to users starting June 1st 2015.
PGP, short for “Pretty Good Privacy,” is a way of scrambling emails or other chunks of text in such a way that, in theory, only the intended recipient can read. To use PGP, you create a pair of keys essentially long stings of letters and numbers used to encrypt and decrypt a message. One is a public key that you can share with everyone, and a private key that you keep a closely guarded secret. People can then use the public key to create a message that can only be deciphered using your private key. That way, even if someone is able to intercept your email, they can’t read the encrypted messages.
Incorporating PGP into Facebook could help protect activists who use the service for political organizing, though it won’t protect all Facebook communications.
Facebook can use PGP to encrypt emails it sends you, such as new message notifications from other users or password reset requests. But messages sent from you to other Facebook users through Facebook itself will remain unencrypted. That means that if someone gains access to your Facebook account or Facebook is forced to hand your account over to law enforcement those messages will be readable. Still, if someone only has access to your email account, and not to your private encryption key or Facebook account, they won’t be able to reset your password or read private notifications sent to you from Facebook.
This is the latest attempt by Facebook to tighten up its security and privacy credentials. Earlier this year Facebook announced that it will help fund the development of GnuPGP, an open source implementation of the OpenPGP standard. The company began encrypting all of its web traffic in 2013, making it harder for crooks and spies to eavesdrop on communications, and last year it added support for the concealment tool Tor. Moreover, WhatsApp, the messaging company Facebook acquired last year, incorporated an encryption system from Open Whisper Systems into the Android version of its app last year.
Meanwhile, Google and Yahoo have been developing a PGP based encryption system for web mail called End-to-End which could help bring PGP to a much wider audience.
Despite its limitations, privacy advocates are welcoming the new Facebook feature as an important step towards improving security online.
There are things that Facebook does that we don’t want. The advertising business requires that they collect more data than we want. However, their security team wants to work with the privacy community and there they can make a real difference. Although it’s tempting to say that people with serious security concerns simply shouldn’t use Facebook has a billion and a half users and they’re not going away. Facebook, even if it’s not going to be an organization platform, will always be an outreach platform. It will be a place where people go to do political work, and letting people secure the accounts they use to do that political work is really important. The most important thing for now may be getting more people to use PGP and improving the ecosystem of tools that support the standard. In my opinion Facebook is acting as a trend leader to drag other big platforms into this world. When you think about it if only a thousandth of a percent of Facebook’s users end up using this feature that’s still 15,000 people. By adopting these tools, Facebook is making it harder to for criminals to steal your credentials or read your messages and that’s a good thing because that improves the overall security of Facebook. These tools actually build a better internet for everyone.