Not too long ago Facebook added another security change by making the site accessible via Tor onion service and now the spotlight is on OpenPGP. In 1991 Phil Zimmermann created PGP (Pretty Good Privacy), which was created to scramble messages so that it can only be read by the intended recipient. OpenPGP derived from PGP and is the most widely used email encryption standard. In order to encrypt and decrypt messages with OpenPGP you have to have a pair of keys. One is a public key that is available to the public and helps to encrypt the message, which can only be opened by the private key that is known privately by the user. Below is an excerpt from Facebook’s blog about why the changes are occurring:
“To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.”
Now Facebook is able to send notifications in an encrypted state and public keys can be updated on a desktop or laptop at:
Publically, Facebook wants their users to feel safe and secure while using their site and sharing information. The reality is that this is yet another way for Facebook to push its messenger service, especially given that it has had privacy concerns before. It does also mean that hacking someone’s Facebook account doesn’t provide access to their messages.
So, does this spell the end of email as everyone rushes to use Facebook to communicate? No, it really doesn’t, but it is an important move by Facebook and it does show that the post-Snowden world is just as much about individual and corporate privacy as it is security concerns. To find out more about what encryption means for you or your business, talk to us at Webheads – we look after millions of pounds of transacted data each year and take both security and privacy seriously.