Surprising, But Good: Facebook Enables PGP Encryption On Messages
from the didn't-see-that-coming dept
Okay, here’s something I never expected to see: Facebook is enabling the use of PGP email encryption on emails sent from Facebook to email accounts:
To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.
The full description at the link above has more details, but this is clearly a good thing. Combined with last year’s move by Whatsapp to implement full end-to-end encryption, it looks like Facebook is really taking this issue seriously. I know that it’s pretty standard to mock Facebook’s supposed lack of concern over users’ privacy, but these moves to roll out strong encryption for user communications is a really good thing.
Filed Under: encryption, facebook messages, pgp, privacy, surveillance
Companies: facebook
Comments on “Surprising, But Good: Facebook Enables PGP Encryption On Messages”
Pffft.
Like the NSA doesn’t already have a master key.
Re: Pffft.
Probably not for PGP, and Facebook cannot decrypt on command either, though obviously they have the plain text for anything that they send.
Re: Re: This is not end-to-end
@ That One Other Not So Random Guy
As AC replied, FB doesn’t need any key to “decrypt” the notification, it have the original. This is not end-to-end
@ AC
PGP Incorporated have harmed crypto standards more than most. I would not trust anything they make these days.
Most crypto-clients add the sender as one of the recipients by default.
So FB could both read the original directly, and decrypt and then read it. And it could store this key serverside to make the recipient unaware. And it could store the message key too, if it wanted. And it could … The list is endless
@ Mike (OP)
An actual end-to-end encrypted communication channel through FB might be possible, though I don’t know if anyone have tested it. Nor do I consider posting to FB to make much sense instead of sending it to the recipeints, IMHO. If someone choose recipients, encrypt a message with GPG (or PGP), and upload it to FB; does it get deleted?
It would be trivial to set up a system to decide whom could access the information within each message. No policy change would ever leak private information again!
Though FB could still do traffic analysis and other nasty stuff though.
Re: Re: Re: This is not end-to-end
https://www.google.com/search?q=pgp+compromised
Re: Re: Re: This is not end-to-end
As AC replied, FB doesn’t need any key to “decrypt” the notification, it have the original. This is not end-to-end
So end-to-end encryption only works if no one can read the message? It seems to me that this encrypts messages sent from Facebook to you.
Re: Re: Re:2 This is not end-to-end
“So end-to-end encryption only works if no one can read the message?”
“end-to-end” means that the only people who see the unencrypted message are the sender and the receiver. If anyone else has access to the cleartext, then it’s not end-to-end.
Re: Re: Re:3 This is not end-to-end
What I mean is that the article seems to say that Facebook is encrypting messages sent from Facebook to you. Since Socrates seemed to insist that it wasn’t end-to-end because Facebook, the apparent sender, had a copy, it wasn’t end-to-end. I jokingly asked if end-to-end encryption only worked if no one could read the message to illustrate my point that he seems to have confused who is sending the message.
Re: Re: Re:4 This is not end-to-end
Thanks for the clarification
If one considers FB to be an end you are correct.
My perspective is that FB is that FB is a “message-exchange-central”, in that FB relays information and notifications of information that originate elsewhere. If user X send you Y and this is sensitive information, then it should be hidden from FB. If FB sends you a notification about it, I still consider FB to be a middle man. In my view it is server-to-client encryption but not end-to-end.
LOL
That is one of the most hilarious statements I have read in a long time!
Re: Re:
I don’t see why it’s so funny…
Sure, encrypting notifications doesn’t protect much useful data, but it increases the encrypted packets being sent from Facebook to you, which means packets that can’t be swept up as metadata, and packets for whom nobody else on the wire can determine WHAT the exact contents are. I’m all for this mechanism, especially considering it means that PGPMail is being rolled out in yet another popular location, potentially solving the chicken and egg issue.
The more places that do this, the closer we get to REAL encryption wins.
Re: Re: Re:
Sure, encrypting notifications doesn’t protect much useful data, but it increases the encrypted packets being sent from Facebook to you, which means packets that can’t be swept up as metadata, and packets for whom nobody else on the wire can determine WHAT the exact contents are.
Maybe. These notifications are automatically generated, are they not? Using various templates for each notification type? An adversary could collect samples of each notification type, easily deduce the templates, and thus mount a known-plaintext attack against encrypted notifications. The attack’s prospects would depend on a number of things, including how much plaintext is known, how much of it occurs at known (fixed) positions in the messages, the encryption algorithm, etc.
So I’m not sure I would go as far as “nobody else on the wire” — I suspect there are adversaries with the resources to make credible (or better) attempts at this.
Re: Re: Re: Re:
Maybe if targeted on a few thousand people, but not a viable technique against millions of people using different keys. When it comes to blocking bulk surveillance, it does not require all that much computer power per message to force targeted decryption of messages. Bulk surveillance requires being able to decrypt messages at the rate they are generated, otherwise messages pile up faster than they can be decrypted.
As long as Facebook doesn’t have the private key, this is awesome.
Re: Re:
If Facebook implements a system for generating/storing a private/public key pair and decrypting any encrypted messages you receive, they could potentially abuse ones trust by storing a copy of the password for your private key, then giving it out to who knows when asked. Still, it’s good to see a big company like them take some interest. I deleted my Facebook account long ago due to security concerns, so I have no way to check this out… unfortunately.
My ISP recently implemented this kind of setup into their own web based e-mail system, which I like to use because A) I can use it anywhere and B) I don’t need to install/maintain any e-mail software. While I’m happy for their effort, it suffers from the exact problem I just mentioned. They store both the public and private keys, and ask for your password every time an encrypted message is received. Even with HTTPS, it’s too risky IMHO.
I prefer to use GnuPG on my PC instead and compose/encrypt all messages locally, then simply copy the already encrypted text into my ISP’s web client for sending as an e-mail. Same for decrypting e-mails received; copy, paste, decrypt. My point is one should never ever trust others with their security, no matter what promises they make in their license agreements.
Re: Re: Re:
“They store both the public and private keys, and ask for your password every time an encrypted message is received.”
I find that utterly amazing. I wouldn’t touch that sort of system with a ten foot pole.
Re: Re:
Um, re-read the article.
Facebook is encrypting notification emails they’re already sending. Things like emailed notification of profile updates, password recovery emails, etc.
They will also function as an (optional) distribution point for the public key that people choose to upload to enable FB to send them encrypted notifications.
It’s not perfect, but it’s a start.
Why not for direct messages?
While this is a step in the right direction, it would be substantially more useful to provide PGP encryption for direct messages sent to other users via the Facebook website or apps.
Given that this functionality has evolved into such a popular service that it has it’s own standalone instant-messanging app, it would stand to reason that a huge number of people are conducting conversations using it — conversations that would be much better encrypted.
Re: Why not for direct messages?
” — conversations that would be much better encrypted.”
Precicely why I won’t use such services, for anything important.
Re: Why not for direct messages?
Although little used, Facebook allowed for OTR encryption through its XMPP interface. Unfortunately, that service was discontinued earlier this year.
https://developers.facebook.com/docs/chat
Weather report templates.
Heil Hitler
Re: Weather report templates.
Certainly
Though,
should leaky FB fear a rainbow attack most?
If they salt the crib, would not the salt be a crib?
Then again, perhaps we all should feel safe, as FB have recieved National Security Letters
🙂
Single point of failure
As others have stated, I find it hard to believe Facebook is capable of keeping its private key secure. We all know what happened to Lavabit.
Re: Single point of failure
What private keys? They are encrypting using user provided public keys. They cannot decrypt the messages they send using public keys provided to them, and can only show the message that they sent by handing over the plain text and the key used to encrypt it, which will produce the transmitted encrypted message. That is one of the beauties of public key encryption, you do not need to keep the public key secret, you only need to keep the private key secret. So long as you keep the private key secure, anybody sending you messages can only tell others the contents of messages that they sent, assuming that they kept copies, and cannot enable messages sent by other people using the same key to be decrypted by giving up a secret key.
Re: Re: Single point of failure
True (,but they can encrypt to as many public keys as they want)
And true for actual end-to-end encryption, instead of this facebook in the middle attack where facebook have everything in plaintext.
Re: Re: Re: Single point of failure
including their own
Hmm
Holy shit.
“today we are gradually rolling out an experimental “
the key word here is “experimental”
It's not surprising
Facebook is attempting to block the competition from reading what they already know in plaintext. This isn’t about protecting a user’s privacy. This is about Facebook wanting to be a walled garden a la AOL in its prime.
Re: It's not surprising
Facebook also would be prevented from seeing the plaintext.
Re: Re: It's not surprising
Here is a piece of plaintext you obviously prevented yourself from seeing: “encrypt notification emails sent from Facebook to your preferred email accounts.”
This encryption is for messages FROM FACEBOOK ITSELF. It does not stop FB from reading those messages, because they are the ones generating the original plaintext. For the same reason, it does not stop anyone with the ability to subpoena Facebook. The only party to lose access to your plaintext mail is your mail provider, which for Facebook translates into “the competition can’t harvest the data we already know”.
Re: Re: Re: It's not surprising
And here’s the other piece people aren’t reading:
“People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.”
The PGP key servers work somewhat well for people who already know about them, although they include a tremendous amount of stale data. But for years there was no means of validating who was submitting them, etc.
By tying key distribution to well-known profiles, Facebook is altering the way the web of trust works to make it more intuitive and accessible for non-expert level users.
Addition of a GPG key – even a newly generated GPG key – to a well established Facebook account will allow potential key users and signers to have a higher degree of trust in said key, without having to go through the rigmarole of having to track down trusted associates in person, etc.
Clearly, there will be cases where these can be clandestinely replaced, and rubber-hose cryptography will always be a concern, but in the general case it’s a good start, on a well known, well respected platform with a large user base.
Re: Re: Re:2 It's not surprising
“Addition of a GPG key – even a newly generated GPG key – to a well established Facebook account will allow potential key users and signers to have a higher degree of trust in said key”
I don’t feel this way, personally. The scheme requires you to trust Facebook, and I don’t think Facebook is a trustworthy company.
Re: Re: Re:3 It's not surprising
trustworthy may not be the right word.
I trust Facebook to act in a manner consistent with their best interests.
It is in Facebook’s best interest to accurately match a persons online persona(s) with their actual identity, and frankly, Facebook does that ridiculously well.
So, if Facebook chooses to allow “accurately identified” (by their standards) and authenticated individuals to upload a PGP public key to their Facebook account and then distribute said key from that account (after the key submitter has validated that they have access to the notification-address-of-record and can decrypt an activation link sent to that account), then for the “typical” person, Facebook effectively vouching that a particular account holder can decrypt a file encrypted to a particular public key is going to be sufficient for probably 95+% of their userbase.
For the average user, the degree of certainty that a key is legitimate will increase the longer an account has been around, and the more friends that account has.
At that point, it comes down to the use case: If I’m trying to buy drugs, or hire an assassin, or become the next Edward Snowden, that’s probably an insufficient level of identify verification. For most other use cases, the general user will probably find the degree of certainty to be within their tolerance.
Now, clearly, there will be exceptions to this. Some people will never, under any circumstances, trust that PGP public key. But those individuals aren’t facebook’s primary target audience 🙂
Re: Re: Re:4 It's not surprising
“Some people will never, under any circumstances, trust that PGP public key. But those individuals aren’t facebook’s primary target audience”
Yes, this is me. There is no circumstance in which I would trust Facebook with any data about me at all, but particularly not something as sensitive as a crypto key.
Re: Re: Re:5 It's not surprising
Oops, and I forgot to add, I would not trust a public key that Facebook claims belongs to another user. It may be excellent at identifying them, but I have no trust that it’s actually their key. It could be a Facebook MITM key.
Re: Re: Re:6 It's not surprising
Fair Enough 🙂
Re: Re: Re:6 It's not surprising
I second this.