Facebook users can add PGP keys to their profiles in order to receive “end-to-end” encrypted notification emails sent from Facebook.
On June 1, 2015, Facebook announced a new security feature to enhance the privacy of notification email content. Now, Facebook users are able to add PGP keys to their profiles in order to receive “end-to-end” encrypted notification emails sent from Facebook to their preferred email accounts. Also, this feature allows users to share OpenPGP keys from their profiles, with or without enabling encrypted notifications. Using PGP technology to send emails keeps potentially sensitive messages out of the hands of hackers and other snoopers.
As this feature is enabled, notification emails will be encrypted via the public keys provided by users. These may include account recovery notification emails. Therefore, if users cannot decrypt messages in the future due to loss of keys or other issues and if users also become locked out of Facebook, recovery of Facebook account may not be possible.
PGP stands for Pretty Good Privacy and created by Phil Zimmermann in 1991. This is known as one of the most popular email encryption standards that uses public key cryptography and Facebook has chosen to use GNU Privacy Guard – “GPG” – a widely used and free implementation of the OpenPGP standard.
Facebook took a major step forward to improve the privacy of users that is admired by security experts like Alex Stamos, Yahoo’s CISO.
After users enable this feature, Facebook send an email containing an attachment named encrypted.asc that must be decrypted to retrieve a required link for finalizing enablement of encrypted notification emails.
Facebook’s move will bring encryption to the fore, but the problem here, of course, is that most people have no idea how public-key cryptography works and how to even get started with it.
About the Author
Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.