On Monday, Facebook began allowing users to publicly display PGP keys on their About page.
PGP, or “Pretty Good Privacy,” allows for end-to-end encryption of email messages. The popularity of PGP encryption technology grew substantially following the first disclosure by Edward Snowden about National Security Agency spying in June 2013. By the end of July, up to 1,600 new keys were being added daily, according to Kristian Fiskerstrand, who runs the website sks-keyservers.net.
Strong encryption, like that provided by PGP, protects users from surveillance by criminals, spies at the National Security Agency (NSA), or law enforcement. Because of this, the Federal Bureau of Investigation (FBI) has pushed for companies to install so-called “backdoors,” or weaknesses in the code, into their encrypted products. The proposal has been roundly shot down by security experts and politicians, who say that it’s impossible to weaken encryption for only the “good guys,” thus putting encryption users at risk of exploitation by criminals and other governments.
“It’s very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure,” the company writes in its announcement. “For instance, this is why we run connections to our site over HTTPS with HSTS and why we provide a Tor onion site for people who want to enjoy security guarantees beyond those offered by HTTPS.”
Facebook unveiled its Tor-friendly onion site (facebookcorewwwi.onion) last November. Using Tor, an anonymity service primarily used to hide one’s identity online, to access Facebook, which requires users to display their real names, seems counterintuitive, but it does allow users to mask their location by concealing their true IP address.
To add your public key, which senders must have before they can send you encrypted emails, you simply edit your About page to include your public key, as seen above. Just as users can do with regular status updates, they can choose to hide their PGP key, or display it to friends, or to the public.
Additionally, Facebook users can opt-in to receive encrypted email notifications from Facebook.
For those unfamiliar with PGP, Facebook recommends a how-to published by the Electronic Frontier Foundation, which you can find here. For a quick guide to setting up email encryption, see here.
Public key management is not currently supported on mobile devices, says Facebook. “We are investigating ways to enable this.”
Illustration by Max Fleishman