Surprising, But Good: Facebook Enables PGP Encryption On Messages

from the didn't-see-that-coming dept

Okay, here's something I never expected to see: Facebook is enabling the use of PGP email encryption on emails sent from Facebook to email accounts:
To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to "end-to-end" encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.
The full description at the link above has more details, but this is clearly a good thing. Combined with last year's move by Whatsapp to implement full end-to-end encryption, it looks like Facebook is really taking this issue seriously. I know that it's pretty standard to mock Facebook's supposed lack of concern over users' privacy, but these moves to roll out strong encryption for user communications is a really good thing.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    That One Other Not So Random Guy, 1 Jun 2015 @ 2:47pm

    Pffft.

    Like the NSA doesn't already have a master key.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2015 @ 2:51pm

      Re: Pffft.

      Probably not for PGP, and Facebook cannot decrypt on command either, though obviously they have the plain text for anything that they send.

      reply to this | link to this | view in chronology ]

      • identicon
        Socrates, 1 Jun 2015 @ 4:15pm

        This is not end-to-end

        @ That One Other Not So Random Guy
        As AC replied, FB doesn't need any key to "decrypt" the notification, it have the original. This is not end-to-end

        @ AC
        PGP Incorporated have harmed crypto standards more than most. I would not trust anything they make these days.

        Most crypto-clients add the sender as one of the recipients by default.

        So FB could both read the original directly, and decrypt and then read it. And it could store this key serverside to make the recipient unaware. And it could store the message key too, if it wanted. And it could ... The list is endless

        @ Mike (OP)
        An actual end-to-end encrypted communication channel through FB might be possible, though I don't know if anyone have tested it. Nor do I consider posting to FB to make much sense instead of sending it to the recipeints, IMHO. If someone choose recipients, encrypt a message with GPG (or PGP), and upload it to FB; does it get deleted?

        It would be trivial to set up a system to decide whom could access the information within each message. No policy change would ever leak private information again!

        Though FB could still do traffic analysis and other nasty stuff though.

        reply to this | link to this | view in chronology ]

        • identicon
          That One Other Not So Random Guy, 1 Jun 2015 @ 5:51pm

          Re: This is not end-to-end

          reply to this | link to this | view in chronology ]

        • identicon
          Just Another Anonymous Troll, 2 Jun 2015 @ 7:51am

          Re: This is not end-to-end

          As AC replied, FB doesn't need any key to "decrypt" the notification, it have the original. This is not end-to-end
          So end-to-end encryption only works if no one can read the message? It seems to me that this encrypts messages sent from Facebook to you.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 2 Jun 2015 @ 8:21am

            Re: Re: This is not end-to-end

            "So end-to-end encryption only works if no one can read the message?"

            "end-to-end" means that the only people who see the unencrypted message are the sender and the receiver. If anyone else has access to the cleartext, then it's not end-to-end.

            reply to this | link to this | view in chronology ]

            • identicon
              Just Another Anonymous Troll, 3 Jun 2015 @ 7:33am

              Re: Re: Re: This is not end-to-end

              What I mean is that the article seems to say that Facebook is encrypting messages sent from Facebook to you. Since Socrates seemed to insist that it wasn't end-to-end because Facebook, the apparent sender, had a copy, it wasn't end-to-end. I jokingly asked if end-to-end encryption only worked if no one could read the message to illustrate my point that he seems to have confused who is sending the message.

              reply to this | link to this | view in chronology ]

              • identicon
                Socrates, 3 Jun 2015 @ 8:01pm

                Re: Re: Re: Re: This is not end-to-end

                Thanks for the clarification

                If one considers FB to be an end you are correct.

                My perspective is that FB is that FB is a "message-exchange-central", in that FB relays information and notifications of information that originate elsewhere. If user X send you Y and this is sensitive information, then it should be hidden from FB. If FB sends you a notification about it, I still consider FB to be a middle man. In my view it is server-to-client encryption but not end-to-end.

                reply to this | link to this | view in chronology ]

  • identicon
    Socrates, 1 Jun 2015 @ 3:16pm

    "end-to-end" encrypt notification emails sent from Facebook


    LOL

    That is one of the most hilarious statements I have read in a long time!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2015 @ 3:22pm

      Re:

      I don't see why it's so funny...

      Sure, encrypting notifications doesn't protect much useful data, but it increases the encrypted packets being sent from Facebook to you, which means packets that can't be swept up as metadata, and packets for whom nobody else on the wire can determine WHAT the exact contents are. I'm all for this mechanism, especially considering it means that PGPMail is being rolled out in yet another popular location, potentially solving the chicken and egg issue.

      The more places that do this, the closer we get to REAL encryption wins.

      reply to this | link to this | view in chronology ]

      • identicon
        Rich Kulawiec, 1 Jun 2015 @ 3:38pm

        Re: Re:

        Sure, encrypting notifications doesn't protect much useful data, but it increases the encrypted packets being sent from Facebook to you, which means packets that can't be swept up as metadata, and packets for whom nobody else on the wire can determine WHAT the exact contents are.

        Maybe. These notifications are automatically generated, are they not? Using various templates for each notification type? An adversary could collect samples of each notification type, easily deduce the templates, and thus mount a known-plaintext attack against encrypted notifications. The attack's prospects would depend on a number of things, including how much plaintext is known, how much of it occurs at known (fixed) positions in the messages, the encryption algorithm, etc.

        So I'm not sure I would go as far as "nobody else on the wire" -- I suspect there are adversaries with the resources to make credible (or better) attempts at this.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Jun 2015 @ 4:28pm

          Re: Re: Re:

          An adversary could collect samples of each notification type, easily deduce the templates, and thus mount a known-plaintext attack against encrypted notifications. The attack's prospects would depend on a number of things, including how much plaintext is known, how much of it occurs at known (fixed) positions in the messages, the encryption algorithm, etc.

          Maybe if targeted on a few thousand people, but not a viable technique against millions of people using different keys. When it comes to blocking bulk surveillance, it does not require all that much computer power per message to force targeted decryption of messages. Bulk surveillance requires being able to decrypt messages at the rate they are generated, otherwise messages pile up faster than they can be decrypted.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2015 @ 3:33pm

    As long as Facebook doesn't have the private key, this is awesome.

    reply to this | link to this | view in chronology ]

    • identicon
      Lord of the Files, 3 Jun 2015 @ 4:15am

      Re:

      If Facebook implements a system for generating/storing a private/public key pair and decrypting any encrypted messages you receive, they could potentially abuse ones trust by storing a copy of the password for your private key, then giving it out to who knows when asked. Still, it's good to see a big company like them take some interest. I deleted my Facebook account long ago due to security concerns, so I have no way to check this out... unfortunately.

      My ISP recently implemented this kind of setup into their own web based e-mail system, which I like to use because A) I can use it anywhere and B) I don't need to install/maintain any e-mail software. While I'm happy for their effort, it suffers from the exact problem I just mentioned. They store both the public and private keys, and ask for your password every time an encrypted message is received. Even with HTTPS, it's too risky IMHO.

      I prefer to use GnuPG on my PC instead and compose/encrypt all messages locally, then simply copy the already encrypted text into my ISP's web client for sending as an e-mail. Same for decrypting e-mails received; copy, paste, decrypt. My point is one should never ever trust others with their security, no matter what promises they make in their license agreements.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 3 Jun 2015 @ 8:16am

        Re: Re:

        "They store both the public and private keys, and ask for your password every time an encrypted message is received."

        I find that utterly amazing. I wouldn't touch that sort of system with a ten foot pole.

        reply to this | link to this | view in chronology ]

    • icon
      sigalrm (profile), 3 Jun 2015 @ 7:59am

      Re:

      Um, re-read the article.

      Facebook is encrypting notification emails they're already sending. Things like emailed notification of profile updates, password recovery emails, etc.

      They will also function as an (optional) distribution point for the public key that people choose to upload to enable FB to send them encrypted notifications.

      It's not perfect, but it's a start.

      reply to this | link to this | view in chronology ]

  • identicon
    Tony, 1 Jun 2015 @ 3:58pm

    Why not for direct messages?

    While this is a step in the right direction, it would be substantially more useful to provide PGP encryption for direct messages sent to other users via the Facebook website or apps.

    Given that this functionality has evolved into such a popular service that it has it's own standalone instant-messanging app, it would stand to reason that a huge number of people are conducting conversations using it -- conversations that would be much better encrypted.

    reply to this | link to this | view in chronology ]

  • icon
    Bill Silverstein (profile), 1 Jun 2015 @ 4:04pm

    Weather report templates.

    Heil Hitler

    reply to this | link to this | view in chronology ]

    • identicon
      Socrates, 1 Jun 2015 @ 4:49pm

      Re: Weather report templates.

      Certainly

      Though,
      should leaky FB fear a rainbow attack most?
      If they salt the crib, would not the salt be a crib?

      Then again, perhaps we all should feel safe, as FB have recieved National Security Letters

      :)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2015 @ 4:20pm

    Single point of failure

    As others have stated, I find it hard to believe Facebook is capable of keeping its private key secure. We all know what happened to Lavabit.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2015 @ 4:48pm

      Re: Single point of failure

      What private keys? They are encrypting using user provided public keys. They cannot decrypt the messages they send using public keys provided to them, and can only show the message that they sent by handing over the plain text and the key used to encrypt it, which will produce the transmitted encrypted message. That is one of the beauties of public key encryption, you do not need to keep the public key secret, you only need to keep the private key secret. So long as you keep the private key secure, anybody sending you messages can only tell others the contents of messages that they sent, assuming that they kept copies, and cannot enable messages sent by other people using the same key to be decrypted by giving up a secret key.

      reply to this | link to this | view in chronology ]

      • identicon
        Socrates, 1 Jun 2015 @ 5:02pm

        Re: Re: Single point of failure

        True (,but they can encrypt to as many public keys as they want)

        And true for actual end-to-end encryption, instead of this facebook in the middle attack where facebook have everything in plaintext.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2015 @ 7:15pm

    Hmm

    Holy shit.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2015 @ 8:44pm

    "today we are gradually rolling out an experimental "

    the key word here is "experimental"

    reply to this | link to this | view in chronology ]

  • identicon
    Mike Coles, 1 Jun 2015 @ 9:29pm

    It's not surprising

    Facebook is attempting to block the competition from reading what they already know in plaintext. This isn't about protecting a user's privacy. This is about Facebook wanting to be a walled garden a la AOL in its prime.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jun 2015 @ 6:52am

      Re: It's not surprising

      Facebook also would be prevented from seeing the plaintext.

      reply to this | link to this | view in chronology ]

      • identicon
        Case, 2 Jun 2015 @ 10:29am

        Re: Re: It's not surprising

        Here is a piece of plaintext you obviously prevented yourself from seeing: "encrypt notification emails sent from Facebook to your preferred email accounts."

        This encryption is for messages FROM FACEBOOK ITSELF. It does not stop FB from reading those messages, because they are the ones generating the original plaintext. For the same reason, it does not stop anyone with the ability to subpoena Facebook. The only party to lose access to your plaintext mail is your mail provider, which for Facebook translates into "the competition can't harvest the data we already know".

        reply to this | link to this | view in chronology ]

        • icon
          sigalrm (profile), 2 Jun 2015 @ 3:46pm

          Re: Re: Re: It's not surprising

          And here's the other piece people aren't reading:

          "People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."

          The PGP key servers work somewhat well for people who already know about them, although they include a tremendous amount of stale data. But for years there was no means of validating who was submitting them, etc.

          By tying key distribution to well-known profiles, Facebook is altering the way the web of trust works to make it more intuitive and accessible for non-expert level users.

          Addition of a GPG key - even a newly generated GPG key - to a well established Facebook account will allow potential key users and signers to have a higher degree of trust in said key, without having to go through the rigmarole of having to track down trusted associates in person, etc.

          Clearly, there will be cases where these can be clandestinely replaced, and rubber-hose cryptography will always be a concern, but in the general case it's a good start, on a well known, well respected platform with a large user base.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 3 Jun 2015 @ 8:19am

            Re: Re: Re: Re: It's not surprising

            "Addition of a GPG key - even a newly generated GPG key - to a well established Facebook account will allow potential key users and signers to have a higher degree of trust in said key"

            I don't feel this way, personally. The scheme requires you to trust Facebook, and I don't think Facebook is a trustworthy company.

            reply to this | link to this | view in chronology ]

            • icon
              sigalrm (profile), 3 Jun 2015 @ 1:33pm

              Re: Re: Re: Re: Re: It's not surprising

              trustworthy may not be the right word.

              I trust Facebook to act in a manner consistent with their best interests.

              It is in Facebook's best interest to accurately match a persons online persona(s) with their actual identity, and frankly, Facebook does that ridiculously well.

              So, if Facebook chooses to allow "accurately identified" (by their standards) and authenticated individuals to upload a PGP public key to their Facebook account and then distribute said key from that account (after the key submitter has validated that they have access to the notification-address-of-record _and_ can decrypt an activation link sent to that account), then for the "typical" person, Facebook effectively vouching that a particular account holder can decrypt a file encrypted to a particular public key is going to be sufficient for probably 95+% of their userbase.

              For the average user, the degree of certainty that a key is legitimate will increase the longer an account has been around, and the more friends that account has.

              At that point, it comes down to the use case: If I'm trying to buy drugs, or hire an assassin, or become the next Edward Snowden, that's probably an insufficient level of identify verification. For most other use cases, the general user will probably find the degree of certainty to be within their tolerance.

              Now, clearly, there will be exceptions to this. Some people will never, under any circumstances, trust that PGP public key. But those individuals aren't facebook's primary target audience :)

              reply to this | link to this | view in chronology ]

              • icon
                John Fenderson (profile), 3 Jun 2015 @ 2:55pm

                Re: Re: Re: Re: Re: Re: It's not surprising

                "Some people will never, under any circumstances, trust that PGP public key. But those individuals aren't facebook's primary target audience"

                Yes, this is me. There is no circumstance in which I would trust Facebook with any data about me at all, but particularly not something as sensitive as a crypto key.

                reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.