Surprising, But Good: Facebook Enables PGP Encryption On Messages
from the didn't-see-that-coming dept
Okay, here's something I never expected to see: Facebook is enabling the use of PGP email encryption on emails sent from Facebook to email accounts:To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to "end-to-end" encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.The full description at the link above has more details, but this is clearly a good thing. Combined with last year's move by Whatsapp to implement full end-to-end encryption, it looks like Facebook is really taking this issue seriously. I know that it's pretty standard to mock Facebook's supposed lack of concern over users' privacy, but these moves to roll out strong encryption for user communications is a really good thing.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, facebook messages, pgp, privacy, surveillance
Companies: facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Pffft.
[ link to this | view in chronology ]
Re: Pffft.
[ link to this | view in chronology ]
This is not end-to-end
As AC replied, FB doesn't need any key to "decrypt" the notification, it have the original. This is not end-to-end
@ AC
PGP Incorporated have harmed crypto standards more than most. I would not trust anything they make these days.
Most crypto-clients add the sender as one of the recipients by default.
So FB could both read the original directly, and decrypt and then read it. And it could store this key serverside to make the recipient unaware. And it could store the message key too, if it wanted. And it could ... The list is endless
@ Mike (OP)
An actual end-to-end encrypted communication channel through FB might be possible, though I don't know if anyone have tested it. Nor do I consider posting to FB to make much sense instead of sending it to the recipeints, IMHO. If someone choose recipients, encrypt a message with GPG (or PGP), and upload it to FB; does it get deleted?
It would be trivial to set up a system to decide whom could access the information within each message. No policy change would ever leak private information again!
Though FB could still do traffic analysis and other nasty stuff though.
[ link to this | view in chronology ]
Re: This is not end-to-end
[ link to this | view in chronology ]
Re: This is not end-to-end
So end-to-end encryption only works if no one can read the message? It seems to me that this encrypts messages sent from Facebook to you.
[ link to this | view in chronology ]
Re: Re: This is not end-to-end
"end-to-end" means that the only people who see the unencrypted message are the sender and the receiver. If anyone else has access to the cleartext, then it's not end-to-end.
[ link to this | view in chronology ]
Re: Re: Re: This is not end-to-end
[ link to this | view in chronology ]
Re: Re: Re: Re: This is not end-to-end
If one considers FB to be an end you are correct.
My perspective is that FB is that FB is a "message-exchange-central", in that FB relays information and notifications of information that originate elsewhere. If user X send you Y and this is sensitive information, then it should be hidden from FB. If FB sends you a notification about it, I still consider FB to be a middle man. In my view it is server-to-client encryption but not end-to-end.
[ link to this | view in chronology ]
LOL
That is one of the most hilarious statements I have read in a long time!
[ link to this | view in chronology ]
Re:
Sure, encrypting notifications doesn't protect much useful data, but it increases the encrypted packets being sent from Facebook to you, which means packets that can't be swept up as metadata, and packets for whom nobody else on the wire can determine WHAT the exact contents are. I'm all for this mechanism, especially considering it means that PGPMail is being rolled out in yet another popular location, potentially solving the chicken and egg issue.
The more places that do this, the closer we get to REAL encryption wins.
[ link to this | view in chronology ]
Re: Re:
Maybe. These notifications are automatically generated, are they not? Using various templates for each notification type? An adversary could collect samples of each notification type, easily deduce the templates, and thus mount a known-plaintext attack against encrypted notifications. The attack's prospects would depend on a number of things, including how much plaintext is known, how much of it occurs at known (fixed) positions in the messages, the encryption algorithm, etc.
So I'm not sure I would go as far as "nobody else on the wire" -- I suspect there are adversaries with the resources to make credible (or better) attempts at this.
[ link to this | view in chronology ]
Re: Re: Re:
Maybe if targeted on a few thousand people, but not a viable technique against millions of people using different keys. When it comes to blocking bulk surveillance, it does not require all that much computer power per message to force targeted decryption of messages. Bulk surveillance requires being able to decrypt messages at the rate they are generated, otherwise messages pile up faster than they can be decrypted.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
My ISP recently implemented this kind of setup into their own web based e-mail system, which I like to use because A) I can use it anywhere and B) I don't need to install/maintain any e-mail software. While I'm happy for their effort, it suffers from the exact problem I just mentioned. They store both the public and private keys, and ask for your password every time an encrypted message is received. Even with HTTPS, it's too risky IMHO.
I prefer to use GnuPG on my PC instead and compose/encrypt all messages locally, then simply copy the already encrypted text into my ISP's web client for sending as an e-mail. Same for decrypting e-mails received; copy, paste, decrypt. My point is one should never ever trust others with their security, no matter what promises they make in their license agreements.
[ link to this | view in chronology ]
Re: Re:
I find that utterly amazing. I wouldn't touch that sort of system with a ten foot pole.
[ link to this | view in chronology ]
Re:
Facebook is encrypting notification emails they're already sending. Things like emailed notification of profile updates, password recovery emails, etc.
They will also function as an (optional) distribution point for the public key that people choose to upload to enable FB to send them encrypted notifications.
It's not perfect, but it's a start.
[ link to this | view in chronology ]
Why not for direct messages?
Given that this functionality has evolved into such a popular service that it has it's own standalone instant-messanging app, it would stand to reason that a huge number of people are conducting conversations using it -- conversations that would be much better encrypted.
[ link to this | view in chronology ]
Re: Why not for direct messages?
Precicely why I won't use such services, for anything important.
[ link to this | view in chronology ]
Re: Why not for direct messages?
https://developers.facebook.com/docs/chat
[ link to this | view in chronology ]
Weather report templates.
[ link to this | view in chronology ]
Re: Weather report templates.
Though,
should leaky FB fear a rainbow attack most?
If they salt the crib, would not the salt be a crib?
Then again, perhaps we all should feel safe, as FB have recieved National Security Letters
:)
[ link to this | view in chronology ]
Single point of failure
[ link to this | view in chronology ]
Re: Single point of failure
[ link to this | view in chronology ]
Re: Re: Single point of failure
And true for actual end-to-end encryption, instead of this facebook in the middle attack where facebook have everything in plaintext.
[ link to this | view in chronology ]
Re: Re: Re: Single point of failure
[ link to this | view in chronology ]
Holy shit.
[ link to this | view in chronology ]
the key word here is "experimental"
[ link to this | view in chronology ]
It's not surprising
[ link to this | view in chronology ]
Re: It's not surprising
[ link to this | view in chronology ]
Re: Re: It's not surprising
This encryption is for messages FROM FACEBOOK ITSELF. It does not stop FB from reading those messages, because they are the ones generating the original plaintext. For the same reason, it does not stop anyone with the ability to subpoena Facebook. The only party to lose access to your plaintext mail is your mail provider, which for Facebook translates into "the competition can't harvest the data we already know".
[ link to this | view in chronology ]
Re: Re: Re: It's not surprising
"People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications."
The PGP key servers work somewhat well for people who already know about them, although they include a tremendous amount of stale data. But for years there was no means of validating who was submitting them, etc.
By tying key distribution to well-known profiles, Facebook is altering the way the web of trust works to make it more intuitive and accessible for non-expert level users.
Addition of a GPG key - even a newly generated GPG key - to a well established Facebook account will allow potential key users and signers to have a higher degree of trust in said key, without having to go through the rigmarole of having to track down trusted associates in person, etc.
Clearly, there will be cases where these can be clandestinely replaced, and rubber-hose cryptography will always be a concern, but in the general case it's a good start, on a well known, well respected platform with a large user base.
[ link to this | view in chronology ]
Re: Re: Re: Re: It's not surprising
I don't feel this way, personally. The scheme requires you to trust Facebook, and I don't think Facebook is a trustworthy company.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: It's not surprising
I trust Facebook to act in a manner consistent with their best interests.
It is in Facebook's best interest to accurately match a persons online persona(s) with their actual identity, and frankly, Facebook does that ridiculously well.
So, if Facebook chooses to allow "accurately identified" (by their standards) and authenticated individuals to upload a PGP public key to their Facebook account and then distribute said key from that account (after the key submitter has validated that they have access to the notification-address-of-record _and_ can decrypt an activation link sent to that account), then for the "typical" person, Facebook effectively vouching that a particular account holder can decrypt a file encrypted to a particular public key is going to be sufficient for probably 95+% of their userbase.
For the average user, the degree of certainty that a key is legitimate will increase the longer an account has been around, and the more friends that account has.
At that point, it comes down to the use case: If I'm trying to buy drugs, or hire an assassin, or become the next Edward Snowden, that's probably an insufficient level of identify verification. For most other use cases, the general user will probably find the degree of certainty to be within their tolerance.
Now, clearly, there will be exceptions to this. Some people will never, under any circumstances, trust that PGP public key. But those individuals aren't facebook's primary target audience :)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: It's not surprising
Yes, this is me. There is no circumstance in which I would trust Facebook with any data about me at all, but particularly not something as sensitive as a crypto key.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: It's not surprising
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: It's not surprising
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: It's not surprising
[ link to this | view in chronology ]