The social network has added another layer of security for the cautious: encrypted notification emails.
In July 2013, soon after the Edward Snowden revelations revealed to the world the widespread nature of US government snooping, Facebook turned on HTTPS by default, making communication between users’ computers and Facebook’s servers safe from peering eyes. In October last year, Facebook made its site available over Tor, a network used to cloak its users’ identities and commonly referred to as “the dark web,” to further aid anonymity and security. Today, the social network has added another layer of security for the cautious: encrypted notification emails.
Depending on your notification settings, Facebook may email you to notify you of a friend’s birthday, when someone “likes” your post, mentions you, or sends you a direct message. Those messages are sent in the clear, so anyone with access to a user’s email provider, account, or network, can read the contents of these emails.
To prevent its emails from being read from anyone but the intended recipient, Facebook now offers the option of encrypting notification using PGP, a widely used open standard for encrypting emails in transit. To do this, users need to submit their public encryption key to Facebook and choose to receive encrypted notification emails.
Users who take advantage of the new feature can also add their public key to their Facebook profiles, which, in addition to allowing Facebook to send them encrypted emails, also acts as a safe place to publicize the key. Security professionals advocate displaying public PGP keys—which are needed to encrypt a message—on well-known third-party websites rather than on personal websites. It is much harder to hack into Facebook and alter a key than it is your personal website.
The new update will be of use only to the small minority of people who use encrypted email, a cumbersome system that puts off many non-technical users. But increased exposure to PGP keys via Facebook may help bring it ever so slightly more into the mainstream.
The Committee to Protect Journalists, an American non-profit, hailed the move as “a substantial improvement in safety and usability for journalists who use Facebook to disseminate news, connect with sources, and communicate with colleagues.”
(Image via Gil C/ Shutterstock.com)