Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Tuesday June 02 2015, @07:47AM   Printer-friendly
from the privacy-is-key dept.

It's the site that Soylentils love to hate, and it is now making end-to-end PGP-encrypted email a little easier:

Facebook announced that its users can now add their PGP public keys to their profiles, which should make discovery of people who use PGP much easier. Emailing them will still depend on using your own PGP client, such as GNU Privacy Guard (GPG) or Whiteout. That also means that there's no way for Facebook to intercept those messages in an unencrypted form.

Facebook will also start encrypting the notifications it sends to users via email. Facebook itself will be able to see these messages because it is the one encrypting them "end to end" (from Facebook to the user). The main purpose of this wouldn't be to protect the notifications from Facebook itself, but to protect users against phishing emails (where sites impersonate Facebook).

Despite still being one of the companies that collects the most data about us, Facebook has taken some positive steps to increase the security and privacy (from other entities) of its users lately. It has enabled HTTPS on its site with HSTS protection, it has provided a Tor onion site[1] for its service for those who want to have anonymous profiles on Facebook, and it has enabled STARTTLS encryption for emails going from its own datacenters to other email companies.

[1] Note that researchers recently used Facebook's hidden service to test an attack on Tor users.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by WillR on Tuesday June 02 2015, @02:35PM

    by WillR (2012) on Tuesday June 02 2015, @02:35PM (#191149)
    Are we assuming it's not simple for the various Three Letter Agencies to redirect specific IP ranges to a doctored version of keyserver.mit.edu?
    If you have a path across the web of trust that connects your key to everyone you want to talk to, PGP works. If you don't, it don't.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by kaszz on Tuesday June 02 2015, @09:40PM

    by kaszz (4211) on Tuesday June 02 2015, @09:40PM (#191288) Journal

    Exactly, there has to be something external to Facebook or any other keyserver that can authenticate that service. Preferably from multiple sources.

    The problem I find with this FB move is that it's just a publication of the key without any working authentication of that publication.