Home Facebook Is Now Pushing For Stronger Encryption

Facebook Is Now Pushing For Stronger Encryption

Facebook has demonstrated as well as any company could that sometimes the left hand does not know what the right hand is doing. Take the news that Facebook is now supporting strong encryption in the emails it sends.

Yes, this from the company that broadcasts user location data within a meter in Facebook Messenger and requires the use of real names

Facebook now lets  users to add OpenPGP public keys to their profile, and to sign up for encrypted Facebook notifications.

PGP, or Pretty Good Privacy, is a program that lets people encrypt and decrypt emails, and allows users to authenticate messages with digital signatures. It was once banned by the US government as a “munition.” 

Though legal for decades now, intelligence agencies have warned that widespread use of strong encryption could endanger their data-gathering efforts. For Facebook, which has felt burned by revelations about government snooping on its users, that’s kind of the point.

See also: Understanding Encryption—Here’s The Key

Here’s how it works: Facebook now allows users to upload their public keys onto their profile, where they can be made visible to friends or to the public, just like other contact information is. Facebook  further offers the option of encrypting notifications it sends to your email account. This provides some added protection, and also prevents your email provider from learning what you’re doing on Facebook.

You can read more about the tool in the PGP section of Electronic Frontier Foundation’s Surveillance Self-Defense Guide, along with installation instructions for Linux, Windows, and Mac OS X.

“If you use Gmail and have configured Facebook to send you all the notifications you can possibly configure in your Facebook settings to your Gmail account, obviously Facebook would be feeding Google … lots of interesting information that Google could stuff into [its] database,” says security adviser Per Thorsheim, founder of the Passwords hacker conference. Encrypted notifications prevent that.

Using this feature further means that if your email account is hacked, or messages intercepted in transit, your Facebook notifications will be safe from prying eyes. Thorsheim believes that password reset requests are where this is most important. 

“The inbox has for a long time been a weak spot in attacking someone’s digital life,” he points out.

PGP to the Masses?

Will Facebook enabling encrypted notifications lead to widespread adoption of PGP?  

“I would love to say that the answer is yes, but we all know that PGP is really difficult to use compared to the other tools that are out there,” says privacy and security researcher Runa Sandvik. 

Critics are quick to point out that if a user is not paying for a product, they are the product, and of course encrypting notifications from Facebook won’t stop the social media behemoth from accessing all the data itself. The only way to protect one’s data from Facebook is to stop using Facebook. 

But encrypting notifications, and perhaps accessing Facebook over its Tor onion service, provides safer alternatives for those who won’t heed the rallying cry.

“It’s important to remember that we can’t tell people not to use Facebook because they’re going to use Facebook regardless,” said Sandvik. “That’s just the way it is. What we can do and what Facebook can do and is doing is making it safer and easier for people to securely use the platform.” 

Despite its addition of this feature, it’s worth pointing out that Facebook in itself is far from being a secure platform. For example, Facebook Messenger does not offer end-to-end encryption, lagging behind companies like Open Whisper Systems and Silent Circle. Even Apple’s iMessage offers encryption, as Apple CEO Tim Cook recently pointed out at EPIC’s Champions of Freedom event.

In addition, just because Facebook notifications sent to you are encrypted in your inbox, your responses to them can leak into your friends’ inboxes if they do not have the feature enabled. And even if your contacts have private key listed, this doesn’t mean they’ve signed up for encrypted notifications.

Who’s Next To Encrypt?

Google announced that it was working on a Chrome extension called End-to-End around a year ago. Twitter, in the past, was working on encrypting direct messages, and then halted the program for no apparent reason. But perhaps this development will encourage other companies to step up their game.

“I believe that companies are now slowly starting to realize how much privacy means to the public, and how privacy and security done right can actually be a selling point,” Sandvik says. “I don’t know how many will actually follow suit and enable [encrypted] email notifications, but I do believe that more will actually start to consider privacy from the get-go as opposed to trying to sprinkle it on top when it suits them later on.” 

Lead image by MKH Marketing

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.