It's the site that Soylentils love to hate, and it is now making end-to-end PGP-encrypted email a little easier:
Facebook announced that its users can now add their PGP public keys to their profiles, which should make discovery of people who use PGP much easier. Emailing them will still depend on using your own PGP client, such as GNU Privacy Guard (GPG) or Whiteout. That also means that there's no way for Facebook to intercept those messages in an unencrypted form.
Facebook will also start encrypting the notifications it sends to users via email. Facebook itself will be able to see these messages because it is the one encrypting them "end to end" (from Facebook to the user). The main purpose of this wouldn't be to protect the notifications from Facebook itself, but to protect users against phishing emails (where sites impersonate Facebook).
Despite still being one of the companies that collects the most data about us, Facebook has taken some positive steps to increase the security and privacy (from other entities) of its users lately. It has enabled HTTPS on its site with HSTS protection, it has provided a Tor onion site[1] for its service for those who want to have anonymous profiles on Facebook, and it has enabled STARTTLS encryption for emails going from its own datacenters to other email companies.
[1] Note that researchers recently used Facebook's hidden service to test an attack on Tor users.
(Score: 3, Interesting) by WillR on Tuesday June 02 2015, @02:35PM
If you have a path across the web of trust that connects your key to everyone you want to talk to, PGP works. If you don't, it don't.
(Score: 2) by kaszz on Tuesday June 02 2015, @09:40PM
Exactly, there has to be something external to Facebook or any other keyserver that can authenticate that service. Preferably from multiple sources.
The problem I find with this FB move is that it's just a publication of the key without any working authentication of that publication.