Facebook Introduces PGP Support

gnu privacy guard logoIn an interesting and welcome (for many) move, Facebook announced today that it would be supporting PGP/GPG email encryption for emails originating from them to their users. For the vast majority of Facebook users, it might not be a big move, but for those who are interested in privacy and would like to see a greater and wider acceptance of PGP, it’s a fantastic move on the part of Facebook.

PGP, which stands for “Pretty Good Privacy” was an implementation of email encryption developed by Phil Zimmermann in 1991. It provides for strong encryption between individuals when they email each other or want to share files. Unfortunately, many people have not implemented PGP, probably for a variety of reasons including an ambivalence about email privacy. Perhaps this ambivalence is due to a lack of knowledge about email and how it works, but many people have legitimate concerns and PGP is the best (at this time and has been for years) method of keeping your email communications secure and private.

It does have some implementation issues which can seem daunting at first, especially for those who don’t understand the private/public key system. As well, users can only use PGP to send email and files to other PGP users and is useless for sending email to those who are not using PGP.

In addition, those who use PGP must take great care with their private key and passphrase. Private keys need to be backed up and kept in a very secure place, and depending on the level of security you desire, thought needs to be given to where you will store your backup key. If you forget your passphrase or otherwise lose it, or lose your private key, any email or files that were previously encrypted to your public key are lost forever.

Some preferred email applications can be more difficult than others to set PGP up with. On most UNIX/LINUX based systems, it’s relatively easy. We have been using PGP since 1997, and today we prefer the open source version, called “GnuPG” over the commercially available PGP from Symantic.

Windows users sometimes have problems when using Symantec’s version. For example, it could not be installed for a very long time on Windows Version 8 until February 24, 2014.

Many people that we talk to have a misunderstanding about email security and believe that because email servers are able to communicate through an encrypted secure channel, their email is secure and private. While it is true that if some form of encryption has been implemented for sending and receiving email, email is protected while in transit. However, any messages sent in plain text are still available to be read or snooped while sitting on the email server.

As well, even after downloading, those emails can be read by a third party that has access to your PC or device.

Facebook’s implementation of PGP will allow users to upload their Public Key to their profile, and any notification email from Facebook to the user’s email address will be encrypted with PGP. It is encouraging to see that they will be implementing the GnuPG open source version.

Because we believe that security and privacy is important, even among businesses, we’ll be uploading our public keys to our website shortly. If you would prefer to communicate with us securely and use PGP, you’ll be able to do that.

If you’re interested in implementing email and file encryption in your own business, we can help with that along with providing other security services as well.

Further Reading:

Our Linux Security/Admin Services

Facebook’s Announcement

The Gnu Privacy Guard

Leave a Comment