
Facebook and PGP - alexweber
https://www.cs.columbia.edu/~smb/blog/2015-06/2015-06-02.html
======
michaelt
Another possibility is one of their programmers thought "It would be good if
there was more encrypted e-mail going around in general, I wonder if I can get
it into facebook somehow" and coded this feature in their free time. Then
convinced his managers to integrate it with that argument plus "and it's
already coded we just need to merge it in"

~~~
bostik
Well, from what I know there are some _seriously_ privacy minded people in
there. As oxymoronic as that sounds.

But I could certainly see some benefits both for FB and for world at large
from this. One of the big problems with PGP is how to bootstrap web of trust.
"Does this key really belong to this particular person?" But what if the
otherwise loathed real name policy could be turned to service this particular
need? Prominently visible personalities can attach their PGP keys to their
pages and make the first association harder to forge.

Secondly, I have little doubt that the keyservers are monitored. An increase
of searches and/or downloads to known activist lawyers' or journalists' keys
could have relation to uncomfortable whistles being blown in near future. But
what if FB made the keys they have signed available via their own keyserver,
and made _that_ reachable over Tor? Downloading a high-profile PGP key is
likely to be a fairly big red flag.

And lastly, there may be some positive effects further down the line. I've
been using PGP (and later GPG) since 2.3i became available and I know just how
horrid the usability is. If FB can iterate over UI and UX issues, then others
can learn from those efforts, and eventually we might have something that even
a regular person could at least learn to use.

And of course - adding more encrypted noise to global email flow is not a bad
thing at all.

I have no doubt that FB sees many non-altruistic avenues if this service
catches wind. Wonder is there is anything to relationship graphs with some
extremely strong edges...

~~~
higherpurpose
Zuckerberg actually cares _a lot_ about _his privacy_. Yours? Maybe not as
much.

[http://www.slate.com/blogs/business_insider/2015/05/18/tech_...](http://www.slate.com/blogs/business_insider/2015/05/18/tech_billionaires_and_privacy_why_facebook_s_mark_zuckerberg_is_spending.html)

[http://www.theguardian.com/technology/shortcuts/2015/may/19/...](http://www.theguardian.com/technology/shortcuts/2015/may/19/unfriend-
request-mark-zuckerberg-neighbourhood-privacy-settings)

But isn't the PGP move a sign that Facebook cares about our privacy? Not
really. The profile thing makes it easy to discover people who use PGP and
email them with encrypted messages, but that has nothing to do with Facebook's
content.

As for the encrypted notifications, Facebook can obviously still read those,
and it can be useful to protect the data from Google. Also, if more people use
PGP for email, that means less data for Google, so I could actually see this
being a strategic move, too. Maybe not a _huge_ one, but it doesn't cost
Facebook too much to implement this, so why not?

I'll start thinking Facebook actually cares about my privacy when the
Messenger uses Axolotl or OTR as well as ZRTP. Until then, I'll remain
skeptical of Facebook's privacy intentions.

~~~
minot
If I remember correctly, Open whisper systems, makers of TextSecure app say
that Whatsapp[1] uses the text secure protocol[2]. This means that chats are
encrypted end to end. It doesn't seem to expose information to Alice when
Bob's keys change though. So someone could coerce Whatsapp into changing the
keys for Alice and Bob and MITM that way. However, if we are worried about
that we should also be worried about a rogue agent just updating the binaries
for Whatsapp to remove such privacy-conscious decisions.

I guess the prevailing notion (as the grand parent said) is that while
Facebook couldn't give two shits about our privacy, there are people who work
there who do care about privacy in general (and not just their own privacy).
Of course, no Facebook employee is going to come out publicly and call Mark
Zuckerberg for being a self-serving psychopathic douche bag.

[1] (owned by Facebook, I imagine the deal is complete by now)

[2]
[https://whispersystems.org/blog/whatsapp/](https://whispersystems.org/blog/whatsapp/)

> The most recent WhatsApp Android client release includes support for the
> TextSecure encryption protocol, and billions of encrypted messages are being
> exchanged daily. The WhatsApp Android client does not yet support encrypted
> messaging for group chat or media messages, but we’ll be rolling out support
> for those next, in addition to support for more client platforms. We’ll also
> be surfacing options for key verification in clients as the protocol
> integrations are completed.

> WhatsApp runs on an incredible number of mobile platforms, so full
> deployment will be an incremental process as we add TextSecure protocol
> support into each WhatsApp client platform. We have a ways to go until all
> mobile platforms are fully supported, but we are moving quickly towards a
> world where all WhatsApp users will get end-to-end encryption by default.

------
alexbecker
To me the strangest thing about this announcement is that, while the PGP user
base is small, I imagine its intersection with Facebook's is much, much
smaller. PGP is used by people who are extremely concerned with privacy, which
is practically the antithesis of Facebook.

~~~
azag0
I agree with the demographics, but I've never understood this connection. With
Facebook, the intrusion of privacy happens completely out in the open and you
can work with that. By now pretty much everyone concerned knows that they
collect and potentially use everything they can. With email interception, on
the other hand, that's something you don't have any control over without
encryption. So in my mind, I can be a heavy user of Facebook and a heavy user
of PGP without any contradiction.

~~~
mtbcoder
> With Facebook, the intrusion of privacy happens completely out in the open
> and you can work with that.

I'm not following. Once I hand over my data I have no real control over how
they end up using it behind the scenes. Furthermore, even if I never sign up
with Facebook or at some point delete my account thinking my data has been
flushed, a "shadow profile" still exists that I have no control over. [1]

[1] [http://motherboard.vice.com/blog/facebooks-shadow-profile-
bu...](http://motherboard.vice.com/blog/facebooks-shadow-profile-bug-proves-
weve-lost-control-of-our-data)

~~~
cinquemb
I'm not following either.

If such interactions happen in the "open", facebook is then encrypting
information relating to such "open" interactions, so that people already
familiar with things like pgp/gpg (of which, I assume who also know what email
headers are) can know that such "open" interactions came from facebook and
that such information regarding "open" interactions was not modified in
transit?

I guess "completely out in the open" means different things to different
people…

------
p4bl0
The last paragraph of the linked post describes more or less what keybase [1]
is.

[1] [https://keybase.io/](https://keybase.io/)

~~~
SaturateDK
A little of topic, but if someone would like a invite to keybase let me know
:-)

~~~
flixic
For anyone late, I have 9 invites. My details are on keybase:
[https://keybase.io/lekevicius](https://keybase.io/lekevicius)

~~~
oddevan
And if there's anyone even later, I've got a few as well:
[https://keybase.io/oddevan](https://keybase.io/oddevan)

------
pjbrunet
Back in the Myspace era, I was bored and created an easy encoder-decoder for
people to play with. It worked with Twitter, Facebook and Myspace (cut-paste
your encoded text) because it only used basic characters. As you can't see in
this animation, I later added random spaces and punctuation to the encoded
text so that theoretically it would be harder for social networks to detect
and block. The text was encoded in Javascript as you typed, which I thought
was cool :-)

You can see it here as a GIF animation [http://pjbrunet.com/friends-secret-
messages.gif](http://pjbrunet.com/friends-secret-messages.gif) The decoder was
just as easy, another pink box under the encoder. Obviously a pro could crack
the code but that wasn't the point.

It was free. I advertised it to hundreds of thousands of people at the top of
my blog which was 99% social media users and many of them were interested in
privacy related topics as I could see from the Google queries. Looking at the
CTR on that banner (asking people to try it) I concluded nobody cared. I was
obviously targeting people who weren't tech savvy. I had some friends try it,
they said they felt like James Bond ;-) That particular app had no traction,
but my "pipe letter generator" did much better.

    
    
      ╔╔╗════╔╗═╔╗═════╔╗═══════╔╗══════════════════╔═╗╗
      ║║╚╗╔═╗║║═║║═╔═╗═║╚╗╔═╗╔═╗║╠╗╔═╗╔═╗═╔═╗╔═╗╔╦╦╗║═╣║
      ║║║║║╚╣║╚╗║╚╗║║║═║║║║╬║║═╣║╦╣║╚╣║╔╝═║║║║╚╣║║║║╠═║║
      ║╚╩╝╚═╝╚═╝╚═╝╚═╝═╚╩╝╚╩╝╚═╝╚╩╝╚═╝╚╝══╚╩╝╚═╝╚══╝╚═╝║
      ╚════════════════════════════════════════════════╝

~~~
lmm
I don't think anyone cares or should care about easy-to-break encryption.
Encoding and decoding your messages has a cost, there needs to be a benefit
beyond "looking cool".

~~~
pjbrunet
I have to agree, but I was looking to limit the "cost" by making it easy and
fun. I could see the demographics, most of them had time to kill. And with
young people, you never know what will be cool, fashionable or viral. Easy-to-
break is subjective too. Sibling, parent, teacher, advertiser, somebody
looking over your shoulder? They couldn't break it. I think every generation
has something like this, a Cracker Jack decoder ring, passing notes in class,
some 1337 letter generator.

------
dimino
What if Google validated PGP signatures for you from trusted, popular certs?

They'd have Facebook's pubkey on file, and -- transparent to you -- would
create something analogous to my browser's lock icon in their email browser.
Any time you got an email from Facebook, it'd say "Verified Sender".

Heck, couldn't we tie mail from Facebook back to their domain cert given to
them by their CA? If it says @facebook.com, and it's passes verification from
the cert on facebook.com, then it's actually from Facebook, right?

~~~
bbrazil
This has been done for some time already via DKIM and DMARC, which anyone can
configure.

[https://support.google.com/a/answer/174124](https://support.google.com/a/answer/174124)
[https://support.google.com/a/answer/2466580](https://support.google.com/a/answer/2466580)

~~~
eitally
Thanks for noting this. A lot of discussion about email encryption and
security is clearly from the consumer POV, and most people seem to be unaware
of things enterprises already do (using commonly available tools & settings)
to secure email. Not that it replaces message encryption via S/MIME or PGP,
but companies like [https://www.mailvelope.com/](https://www.mailvelope.com/)
and [https://www.virtru.com](https://www.virtru.com) are trying to help with
that.

------
excel2flow
Btw, does PGP support triple wrapping to prevent surreptitious forwarding?
(S/MIME does -
[https://www.ietf.org/rfc/rfc2634.txt](https://www.ietf.org/rfc/rfc2634.txt))

I really don't understand why it has been chosen over S/MIME. Maybe they gave
the money to that german guy who wrote it and now they don't want them to be
completely wasted :)

~~~
CaptainZapp
Despite his German sounding name, I can assure you that Phil Zimmermann, the
creator of PGP, is very much an American.

~~~
marktam264
I think he meant GPG.
[http://en.m.wikipedia.org/wiki/Werner_Koch](http://en.m.wikipedia.org/wiki/Werner_Koch)

~~~
excel2flow
Yes, thanks for correction.

------
leejoramo
Following Facebook's story on PGP, I see I had missed that Facebook directly
supported Tor since last fall. [https://www.facebook.com/notes/protect-the-
graph/making-conn...](https://www.facebook.com/notes/protect-the-graph/making-
connections-to-facebook-more-secure/1526085754298237)

------
hstrauss
I think the nicest part of this is that account recovery e-mails are
encrypted. I wish we'd see more of this.

While I'm cautious about facebook in general, it is (in essence) a repository
for public data. A public key falls into that category, so they gain nothing
more than the association of user and key. And in return, the PRISM databank
has more superbly useless information to store and eventually 'collect' for
1EF communication.

And I gain immunity from account hijacking unless I mess up Key Management.

------
lmm
Has anyone got an encrypted email from facebook yet? I uploaded my key and
ticked the box, but the last notification I got was still in the clear.

~~~
Joeboy
Yeah, I immediately-ish got an encrypted email asking me to confirm that I
really wanted my notifications encrypted, and after I clicked the link I
started getting encrypted notifications. Maybe check your spam?

------
golemotron
The easy answer is that they knew Apple was going to come out strong for
encryption in the past few days and wanted to do a "me too."

~~~
leejoramo
Now if Apple does announce PGP/GPG support built into Mail in OS X and iOS,
that would make this much more interesting.

I wonder if MS has made GPG support any easier in Outlook. Last I looked into
it a year or two ago, it was hard to integrate unless you paid for the
official PGP plug-in.

------
anthony_barker
Private public keys + verification gives way to lots of uses...

Payments (bitcoin style currencies), banking, document signitures, and single
sign-on?

~~~
marcosdumay
Beware of turning Facebook into the general propose CA of web services.

------
rmoriz
I wish they had opted to use S/MIME, because of the wide support in MUA and
because it's relatively easy use even for non geeks.

Some time ago I started collecting support of S/MIME in products and
companies:
[https://gist.github.com/rmoriz/5945400](https://gist.github.com/rmoriz/5945400)

------
thomasahle
Regarding making this work with GMail, Google still has their End-to-End GPG
plugin for Chrome+GMail: [https://github.com/google/end-to-
end](https://github.com/google/end-to-end)

------
jaysoncena
I like the idea of linking certificates to facebook accounts

