back to article Facebook flings PGP-encrypted email at world+dog. Don't lose your private key

Facebook can now powerfully encrypt notification emails sent to its users with PGP – keeping potentially sensitive messages out of the hands of hackers and other snoopers. The social network has also added a spot for people to share their public PGP keys via the HTTPS-protected website. "We are gradually rolling out an …

  1. Yet Another Anonymous coward Silver badge

    Security from whom?

    > make the risky environment in which journalists work a little bit safer

    Except facebook are encrypting the messages and can copy your key to any 3 letter agency who asks.

    There is no end-end user-user encryption - this does little more than an HTTPS facebook page.

    1. tom dial Silver badge

      Re: Security from whom?

      It is a public key, so concern about the government getting it is pretty much misplaced. In fact, if they weren't in cahoots with the likes of Turbo Tax and H&R Block, the IRS would arrange to allow filing of tax returns (and possibly payments as well) by GPG encrypted and authenticated email.

      Whether it is better than HTTPS or not is not clear. PGP in general, and OpenPGP in particular, have not had the number of major protocol and implementation flaws reported recently for HTTPS. On the other hand, theire use probably is several orders of magnitude less than HTTPS. But on the third hand, those PGP users, as a group, probably care at least as much and have at least as much technical expertise as do those who deploy HTTPS. Of course both actually implement encryption between endpoints of the message content, the endpoints in the case of Facebook notifications being Facebook and the Facebook account holder.

      Have to agree, though, that it is most unclear that this improves journalists' security in the least. Facebook seems a rather poor choice for conducting conversations you would want kept private.

    2. Christoph

      Re: Security from whom?

      The 3-letter agencies can see your public key, just like any other FB user can. So? How will that help them read messages encrypted with that key? As far as even Snowden knows they can't break PGP, and if they can they would be utterly paranoid about letting anyone know they can.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security from whom?

        The 3-letter agencies can see your public key, just like any other FB user can. So? How will that help them read messages encrypted with that key?

        I thought the same thing but then I thought the post over a little.

        I think what the OP is pointing out, is that two parties have access to the cleartext copy. Facebook, and the Facebook user.

        Only one of those parties holds the private key: true, so in order to see the message in transit or stored on a server, they need that information. However, nothing stops Facebook technically from sending a copy of the cleartext prior to encryption to a third party.

        In other words, one must trust Facebook to uphold the confidentiality of the original message.

        This is true of any application of cryptography, and not limited to Facebook or OpenPGP.

        1. tom dial Silver badge

          Re: Security from whom?

          "However, nothing stops Facebook technically from sending a copy of the cleartext prior to encryption to a third party."

          Exactly as is the case now. The difference is that the message will be hidden from the large number people and organizations who previously could view it while in transit, only one of them being the NSA. And someone who has your public key is not better off in being able to read the message than someone who does not.

    3. CommanderGalaxian

      Re: Security from whom?

      You misunderstand how PGP works - you are uploading your public key - whether to Facebook or a public searchable directory of keys - that then allows anybody (NSA/GCHQ included) to send you an encrypted message - but only you can decrypt that message with your private key.

      The public key cannot be used to decrypt a message sent by somebody else to you.

  2. tom dial Silver badge

    Works fine also with Enigmail/Chrome, which decrypted the return message and on request cheerfully imported the Facebook public key from the public key server at pgp.mit.edu. I haven't decided yet how much to trust it.

    All in all a good thing that might induce a few to care enough about privacy to actually do something.

  3. Anonymous Coward
    Anonymous Coward

    So pointless

    Ah, the sweet pretence of caring about your privacy, so you continue to allow them to see everything you do.

    I must say, this is about the most pointless use of PGP ever. Good marketing, but utterly, utterly pointless in reality.

    1. ZSn

      Re: So pointless

      Actually I disagree there. It does send password recovery messages so that only you can reset your password. Quite a nice implementation I think. However since I don't have a facebook account (hey, I have a life, despite commenting here!) all fairly moot for me.

      1. Anonymous Coward
        Anonymous Coward

        Re: So pointless

        Actually I disagree there. It does send password recovery messages so that only you can reset your password. Quite a nice implementation I think. However since I don't have a facebook account (hey, I have a life, despite commenting here!) all fairly moot for me.

        You're missing the point. THEIR implementation may be nice, but getting the average home user to use Windows properly is already a challenge, let alone installing PGP/GPG. It's gotten MUCH better over the years with stuff like OpenPGP, but you still need a baseline of knowledge about keys and key servers to really make it work, so the amount of people that will actually use it is minimal.

  4. trenchfoot
    FAIL

    Csss.. yvxr gung'yy ernyyl jbex!

    1. Christoph

      Rira vs AFN pna oernx vg gurl ner abg tbvat gb nqzvg gung gurl pna ol yrggvat lbh xabj gurl'ir ernq lbhe zrffntr.

    2. Afernie

      Ignoring the TLA aspect, it's still better than nothing, and a lot better than ROT13

      1. charlie-charlie-tango-alpha

        "a lot better than ROT13"

        Personally I prefer ROT26 - 'cos, you know, double encryption has got to be better.

        1. Phil W
          Coat

          As is double penetration testing.

  5. Decade
    Facepalm

    PGP is not security

    What I find frustrating about these OpenPGP efforts is that they are largely futile. PGP is effective for hiding the content of email, but it’s not effective for normal communications.

    I think the real Snowden revelation was just how important the metadata are. Who’s sending messages of what sizes to whom, when. OpenPGP does nothing to secure that. Snowden used PGP to hide the leak, but he used proxies and temporary email addresses to hide his identity as the leaker. And he only trusted that for a short time. To provide privacy, we need the metadata to be hidden for everyday email. We need a comprehensive replacement for SMTP email.

    The biggest problem with encryption in SMTP is that it is bolted onto the protocol ad-hoc. Communicating with end-to-end encryption vs communicating with everything where the server can see it: The difference can be observed, decreasing security. Discussing whether to use SSL to communicate with the server: It can be disrupted, decreasing security. Even server-to-server communication is not entirely secure. We need to replace SMTP with a protocol that is actually designed for security.

    I’m hoping that Darkmail works out. So, of course, now everybody is hopping onto the OpenPGP train. If I were more paranoid, I would wonder whether this were a conspiracy to keep metadata in the clear. Instead, I’m just hoping we can convince everybody to switch to actually secure email, after going through the pain of working with PGP.

    1. Anonymous Coward
      Anonymous Coward

      Re: PGP is not security

      On it's own, no, it isn't, but it's a step in the right direction.

      A certain amount of metadata has to be in the clear, otherwise how does a public mail server know how to route your email? It at the very least needs to know what domain to send it to. So maybe metadata encrypted with a public key for that domain, then the server in that domain can route it to the appropriate user.

      The hardest issue you'll face is that SMTP is heavily entrenched in the Internet. It was invented in the days when the Internet was a little village, and thus makes a lot of naïve assumptions. Displacing it will not be easy, as everyone, has to more or less agree on the standard that gets proposed. Just ask D. J. Bernstein how QMTP is going.

      1. Decade
        Boffin

        Re: PGP is not security

        A certain amount of metadata has to be in the clear, otherwise how does a public mail server know how to route your email? It at the very least needs to know what domain to send it to. So maybe metadata encrypted with a public key for that domain, then the server in that domain can route it to the appropriate user.

        This is exactly what Darkmail proposes. The protocol has separate keys for the sender, so the message could be authenticated, for the sending server, so it knows which domain to send the message to, for the receiving server, so it knows which user to send the message to, and for the user. The sending server doesn’t know which user is the recipient, unless it’s on the same server, and the receiving server doesn’t know which user is the sender.

        The specs (pdf) take a lot of words to describe the system, and it’s still not usable. At least it’s a collaborative effort, so if it works, I’m expecting there would be more services providing it in a federated fashion, like the current mail system and unlike all those secure messaging apps.

      2. Daniel B.
        Boffin

        Re: PGP is not security

        A certain amount of metadata has to be in the clear, otherwise how does a public mail server know how to route your email? It at the very least needs to know what domain to send it to. So maybe metadata encrypted with a public key for that domain, then the server in that domain can route it to the appropriate user.

        It can be hidden right now, with current tech, but both the sending and receiving MTAs have to support TLS.

        Sender sends his email via SMTP to his outbound SMTP server. He does so via TLS.

        Sending SMTP server initiates connection to receiving SMTP server, via TLS.

        Send email over secure channel.

        Receiving person check inbox via IMAP, using TLS.

        The thing is, this will probably leak information in the sense that you will see a something sent to sending smtp, then a something of similar size being sent to the destination, so you can still infer who is getting the email even if you can't read the metadata.

    2. Graham Cobb Silver badge

      Re: PGP is not security

      "Security" is many different things -- PGP is definitely good for some of those things.

      For communications (email and others), there are four main types of threats I care about: casual observers (e.g. someone who sets up a free access point and watches traffic for kicks, hoping to get the odd credit card number but mainly getting his jollies from people sharing nude photos), identity thieves (who know how to exploit what they can capture to learn enough to steal from me), government mass data collection, targeted government investigation.

      PGP deals almost completely with the first two and has a significant impact on the third (especially when combined with using TLS for SMTP, hiding much metadata). Nothing really deals with the last, although routine use of PGP by companies will at least remove "uses PGP" as a trigger for an investigation.

      I am hopeful that what this will really mean is that next time I ask my accountant or IFA if I can send them the data they want using PGP email they might have heard of the concept! Maybe even seen an article in Accounting Today (or whatever magazine they read)!!

  6. Mike Banahan

    A good step

    Overall I am encouraged to see this. I find it hugely annoying that I have, on a daily basis, to log in to eleventy-one different websites all with different usernames and passwords just to download invoices, bank statements and a load of other stuff which, when I berate them for not caring about my convenience, elicits the 'email is not secure' excuse.

    I now mostly refuse to deal with suppliers who can't/won't email me invoices and routine communications. If this move by Facebook pushes others towards routinely encrypting fairly simple stuff like invoices and statements, I for one will be happy.

    Yes, the five eyes agencies will indeed be able to tell that I received a communication from Barclays/Santander/HSBC/whatever. But they know that already. It's not a solution to the metadata problem but the more it encourages people to ponder the issues of confidentiality, the better I reckon. Making something appear mainstream and 'normal' is a good step on the road to getting it accepted.

  7. Anonymous Coward
    Anonymous Coward

    Facebook: you are the product

    Buy downloading someone's public key through Facebook, you indicate an intent to send a secret to that person (an interesting social connection) to a company dedicated to making money by selling psychological manipulation as a service (aka "target advertising services.")

    Your call.

  8. dave 93

    At last! A way to delete a Facebook account (in effect)

    Set up PGP. Delete private key. Request password reset. Done

    1. Jamie Jones Silver badge
      Facepalm

      Re: At last! A way to delete a Facebook account (in effect)

      Or simply use the "delete facebook account" function, which despite the rants of the tin-foilies, has existed alongside the "disable facebook" function for years?

  9. Lostintranslation

    Which can only mean that PGP has been compromised. A shame.

  10. wolfetone Silver badge

    The very company makes a living from selling adverts targeted to what you're in to. Every bit of communication and photography you put up there or consume is monitored for them to give you adverts so they can charge the companies a fee.

    Why would an advertising company want to encrypt the messages their users send, when all in all it's just saving the message to a database and notifying the recipient that a message is there for them? The only reason for them to do this is to rebuild a lost trust between itself and it's user base.

    It is a company that is smart, that knows what to do and does it well. Mark my words, if they got a letter through the door or a tap on the shoulder to show what you are writing to your friend via encrypted means, then they will decrypt that message faster than you could poke good ol' Zuck. It is not in their best interests to reduce the pool of information they monitor to produce targeted adverts to you, in effect reducing their life blood.

    1. DanDanDan

      > Mark my words, if they got a letter through the door or a tap on the shoulder to show what you are writing to your friend via encrypted means, then they will decrypt that message faster than you could poke good ol' Zuck

      Do you understand asymmetric crypto at all?

      1. wolfetone Silver badge

        "Do you understand asymmetric crypto at all?"

        Do you understand that Facebook are in the pockets of NSA and GCHQ?

        1. Anonymous Coward
          Anonymous Coward

          So they can hand over plaintext versions of messages sent right now, with or without PGP email, since they have access to it prior to any encryption being applied.

          PGP uses asymmetric cryptography: You hand out a public key to encrypt messages - this key is public, anyone has access to it, including the NSA and GCHQ, your grandma and your dog, if they go looking for it.

          But that's okay; the entire purpose of the asymmetric crypto used in PGP is that you can throw your public key out for the world to use and send you data with, without worrying about them being able to read your other received data. The public key isn't used to decrypt the message; for that you need to use your private key. Your private key is something which you should keep explicitly secret to ensure that nobody else can read messages sent to you. Keep it on your PC, keep it in an encrypted container file somewhere, keep it on a USB drive and only insert it when you need it, keep it printed out and manually type it in if you're super paranoid and have far too much free time, lock said encrypted container file on a USB printed out for you to manually type in in a floor safe if you like, but as long as you keep it secret, nobody using your public key should be able to read your emails.

          Now if Facebook were asking for people's private keys, then we'd have something to worry about.

        2. Adam 1

          >Do you understand that Facebook are in the pockets of NSA and GCHQ?

          Let us take without any protest your assertion, and assume that they immediately give this public key to your favourite 3 letter acronym. Actually, let's make it worse, they put it on their homepage for world and sundry.

          That does NOT help one iota in decrypting your message. That is the whole point of asynchronous encryption.

          If you want your bank's website public key, double click the padlock. That key does two things.

          1. Lets them create a message that you can verify wasn't forged by a man in the middle, and

          2. Let's you encrypt a message that only their private key can decrypt.

        3. DanDanDan

          >""Do you understand asymmetric crypto at all?"

          >Do you understand that Facebook are in the pockets of NSA and GCHQ?"

          So that's a "no" then.

  11. phil dude
    Black Helicopters

    paranoia....

    I generate a new key pair for every communication identity....

    Yes, I am paranoid that the factoring maths may have a practical solution...

    Given as much $ as N$A probably gets, I certainly think they have a fair effort....!

    P.

  12. BirC
    IT Angle

    At least encryption is being discussed

    The more people hear about encryption the more aware people will become of all the new services out there. Personally I use ghostmail. Hopefully soon it will be a normal thing to communicate in an encrypted manner.

  13. KenTenTen

    One good thing about all this is the outbound mail from FB to me about my account is signed with their secret key. Their public key is well known, and therefore the signed message is probably reliable. No more questionable "Please click here to reset your password, oh, and give us your bank account number and your SS while you're at it" -- at least. What comes from FB is non-reputable. If it ain't signed, it ain't from them.

    I think.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like