On June 1, 2015, Facebook announced a new security feature to enhance the privacy of notification email content. Now, Facebook users are able to add PGP keys to their profiles in order to receive “end-to-end” encrypted notification emails sent from Facebook to their preferred email accounts. Also, this feature allows users to share OpenPGP keys from their profiles, with or without enabling encrypted notifications. Using PGP technology to send emails keeps potentially sensitive messages out of the hands of hackers and other snoopers.
As this feature is enabled, notification emails will be encrypted via the public keys provided by users. These may include account recovery notification emails. Therefore, if users cannot decrypt messages in the future due to loss of keys or other issues and if users also become locked out of Facebook, recovery of Facebook account may not be possible.
PGP stands for Pretty Good Privacy and created by Phil Zimmermann in 1991. This is known as one of the most popular email encryption standards that uses public key cryptography and Facebook has chosen to use GNU Privacy Guard – “GPG” – a widely used and free implementation of the OpenPGP standard.
Facebook took a major step forward to improve the privacy of users that is admired by security experts like Alex Stamos, Yahoo’s CISO.
“Great work by the Facebook team!” he twitted.
After users enable this feature, Facebook send an email containing an attachment named encrypted.asc that must be decrypted to retrieve a required link for finalizing enablement of encrypted notification emails.
Facebook’s move will bring encryption to the fore, but the problem here, of course, is that most people have no idea how public-key cryptography works and how to even get started with it.
About the Author
Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.
Edited by Pierluigi Paganini
(Security Affairs – Facebook , PGP)
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.