Facebook Implements PGP-Encrypted Email Feature
Much can be argued about it, but the truth is, Facebook has become a part of everyday life. Some people will likely admit to checking their Facebook notifications even before their first sip of coffee in the morning, patiently scanning through a dizzying array of notifications and updates.
Of the reported 1.5 Billion active Facebook users today, a significant chunk might consider Facebook to be the axis by which their online presence rotates around. And that’s what makes it powerful—not just as a social network but as a platform. The fact that to many, Facebook serves as a repository of everything that makes up one’s online identity, gives rise to the high importance of privacy.
Recently, Facebook showed how they value users’ privacy by announcing a new option to enable PGP encryption on notification emails. Several features may have been devised by the company to improve security and privacy among users in the past, but the company recognizes that other channels play host to information that a user sends and receives. This new feature shows that they're putting a premium on safeguarding email accounts of users.
In their statement, Facebook notes, “We are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to ‘end-to-end’ encrypt notification emails sent from Facebook to your preferred email accounts.”
OpenPGP dates back 25 years ago with Phil Zimmerman at the helm. Dubbed as Pretty Good Privacy, it would later be known as the world’s most widely-used email encryption package that uses public key encryption. The implementation of this new option to the social network means that whenever Facebook sends emails containing information on account activities and especially those with sensitive data like password reset links, the sent mail is encrypted.
To enable the new feature, users are advised to update their Contact Information using a desktop via https://www.facebook.com/me/about?section=contact-info (the feature is not yet available on mobile devices).
From there, the user can upload a public key and choose to enable the encryption of notification emails. As soon as this is enabled, Facebook contacts that the user is sharing Contact Information with can see this public key that will be used to lock down communications through an encrypted mail. Users can then decrypt their received messages with the use of a private key, which should be in possession of the account owner at all times. Losing this private key would then result to the loss of access to the notifications sent the user’s way.
It can be remembered that in the past, other bigwigs have expressed their intent on making security a top priority among Internet users. Google has announced a similar end-to-end project that involves the creation of a browser extension that enables users to send secure end-to-end PGP-encrypted emails. Yahoo, as an indirect offshoot of the former’s earlier vision, followed suit.
However, it is Facebook that took the first steps to enact this move to privacy and security. And it seems like it’s a step towards the right direction. PGP encryption ensures that the email notifications sent to users are inaccessible to the prying eyes of unauthorized people, data mining companies, email providers themselves, and of course, hackers. With the new Facebook security feature, even with snooping eyes gaining access to one’s email account, notification emails sent by Facebook will not be accessed. Therefore, users can breathe easy knowing that no notification email can reveal traces of his or her Facebook online behavior.
But the real question is: How seriously do you take security? A secure bridge between notifications sent to a user’s email account is one thing. But a weakly-protected email account that's susceptible to snooping could be an even bigger issue. Ultimately, the adoption of the new Facebook security feature should serve as a reminder that Internet users should take a holistic approach to privacy and security.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases