#Facebook Enables End 2 End Email Encryption For Users

Posted: June 1, 2015 in Tech

Facebook-Guns

It’s very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure; for instance this is why we run connections to our site over HTTPS with HSTS and why we provide a Tor onion site for people who want to enjoy security guarantees beyond those offered by HTTPS.

However these technologies protect only the direct connections people make to Facebook. People also receive information from us over channels such as email. Whilst Facebook seeks to secure connections to your email provider with TLS, the stored content of those messages may be accessible as plaintext (with attachments) to anyone who accesses your email provider or email account.

To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.

You will be able to update your own public key, using a desktop browser, at:

One commenter asks is data at rest encrypted as well?

In what secure manner are these key pairs stored on Facebook servers or contractors’/affiliates’ servers, incl. at rest and in transit? What is Facebook’s private key generation policy (incl. expiration times)? which outside parties’ requests/demands for key pairs will be fulfilled by Facebook?

He is asking if the emails themselves are stored as easily accessible plaintext or encrypted.  The question remains unanswered.

Source: [Facebook]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s