Facebook’s PGP Email Encryption Will Anonymize Email

Facebook has added support for OpenPGP keys on its email alerts in a bid to secure them against prying cyber criminals and government spooks.

Facebook announced the news in a public post, claiming that will protect emailed data currently being stored as insecure plaintext.

“Whilst Facebook seeks to secure connections to your email provider with TLS, the stored content of those messages may be accessible as plaintext (with attachments) to anyone who accesses your email provider or email account,” read the post.

“To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile.”

The move will let Windows, Mac OS and Linux users install the free GNU Privacy Guard (GPG) implementation of OpenPGP and encrypt emails sent from Facebook to their email accounts.

Facebook is a supporter of GPG, claiming that its use will protect customers.

“Facebook’s OpenPGP key comprises a long-term primary key with short-term subkeys. This allows us to frequently rotate our operational keys whilst maintaining the web of trust and a consistent identity over time,” read the blog post.

“Where encrypted notifications are enabled, Facebook will sign outbound messages using our own key to provide greater assurance that the contents of inbound emails are genuine.”

The GPG standard is already used by Facebook to protect notifications data.

PGP is an encryption standard created by Phil Zimmermann, now Silent Circle chief executive, over 25 years ago.

The GPG email feature currently works only on desktop operating systems, but Facebook is adding the protection to mobile platforms.

The news follows widespread concerns about Facebook’s data retention that erupted in 2013 when leaked PRISM documents showed that Facebook was one of the companies from which the NSA collected web user data as part of its mass surveillance operations.

Facebook has since attempted to be more transparent about its part in PRISM and rolled out several security upgrades to its services.

Facebook created a link that lets people access the service from the anonymising Tor network in November 2014, following reports that the US government was still demanding vast amounts of customer data.

Facebook was one of 140 companies to sign an open letter to US president Barack Obama in May urging him to block new legislation that would let intelligence agencies collect and decrypt customer data.

This article was originally published on V3.

Related reading

instagram
email3-1
screen-shot-2016-09-13-at-10-20-04
hp
<