You may have heard many times that nothing you send through Facebook is secure. It’s not a good idea to send passwords or talk about tax details through Facebook, and it’s probably never going to be a great idea to do so given the nature of social networks.
But Facebook would like you to think otherwise. The company is now offering users a way to encrypt emails sent through the social site.
Encryption Details
You can now send certain messages to other Facebook users using PGP mail encryption standard. But the way that the new encryption offering works is somewhat puzzling. If you want to encrypt any email that you send through Facebook, you have to send the company your public key. From there, any information that Facebook sends to you (passwords, etc.) will be encrypted.
Facebook will also send cryptographically signed messages, so that you know that it is truly Facebook sending out those messages and not someone posing as a Facebook representative. PGP encryption has proven to be the most effective form of email encryption as was proved in the recent Edward Snowden case (authorities could not tap into PGP encrypted emails).
How PGP Works
Each PGP users has a set of both private and public keys. The public keys can be shared, and the private key is meant to be kept private by the owner of the key (should not be shared). Facebook wants its users to share the public keys in order to make it simpler to encrypt messages while also having the option to use a private key to unlock that message.
When you hand Facebook your public key, the site can then encrypt emails (Facebook reps have stated that they will look for sensitive data like passwords and other details when it comes to encryption). This is a step in the right direction for Facebook, a site that has been criticized for not being private enough in the past.
Regaining User Trust
Facebook has a long way to go before the site can regain user trust. The company is working on rebuilding that trust, and one way to do that is to offer encrypted emails. But will that be enough? It’s not entirely likely that most people have public encryption emails, or will want to send any kind of encrypted emails via Facebook. Even though PGP is the most secure form of encrypted emails that can be sent, most people that want to send encrypted emails will not use Facebook, period.
But if you do want to send sensitive information through Facebook, it is now more secure than ever before, but that might not be enough to trust the site to send a lot of sensitive information. The new encryption offering is available if you live in the US. If you live elsewhere, the option will surface soon. Whether or not a lot of people will use the encryption service is another story. Is Facebook now secure? It’s hard to say, but it might not be wise to trust the site that has been the target of much privacy controversy regardless of new security settings.