
Securing Email Communications from Facebook - wrboyce
https://www.facebook.com/notes/protecting-the-graph/securing-email-communications-from-facebook/1611941762379302
======
acdha
I applaud the sentiment but really wish we had something which wasn't a UX
disaster. I tried to set this up on a Mac, which is what this looks like for
someone who first started using PGP in the mid-90s:

GPG Tools seems to be popular and has Mail.app integration. It loads, shows
the secret key as valid in the GPG Keyring app, but any attempt to decrypt a
message fails with “Secret key to decrypt the message is missing”. No
diagnostic information is provided.

Okay, I'll pretend it's still 1995 and run it on the command-line. "pbpaste |
gpg --decrypt" needs a password, so I naively attempt to setup gpg-agent so I
don't need to keep pulling my 30-character password from my password manager.
"brew install gpg-agent" and it quickly turns out that it's just broken:
pinentry doesn't get stdin for some reason and chews 100% CPU printing * as
quickly as possible.

So much for saving time in the future; let's just see if we can open one
message. Save it to a temp file, run it through gpg --decrypt and … it's HTML
so the URL needs to be unescaped, so make that "gpg --decrypt encrypted.asc |
urlview".

Open that URL and get … a server error from Facebook.

So … another vote for [http://www.thoughtcrime.org/blog/gpg-and-
me/](http://www.thoughtcrime.org/blog/gpg-and-me/)

~~~
sweis
Hi Chris. I worked on this and want to diagnose your server error.

When you decrypted from the command line, did you notice the plaintext blob
preceding the HTML message content? Look for "Content-Type: text/plain;" and
see if there is an unmodified verification URL there.

You might have only noticed the HTML one, which will be a pain to cut & paste.
If it's still broken, please contact me.

Incidentally, I've been using both GPGTools/Mail.app and Gmail/Mailvelope
without trouble. The latter doesn't open clicked links in a new tab, though.
I've had to "Copy as" and paste in another tab.

~~~
TwoBit
The point is that somebody shouldn't have to come in and diagnose the server
error.

~~~
ladybro
This is such a typical HN negative comment. Obviously the point is for there
to be no bugs - any other extremely obvious things you would like to state?

People post things on here and simply get attacked, even if they're trying to
do good and improve like OP for this thread is. It's people like you who drive
others away from this site through your constant "this sucks, that sucks"
mindset.

~~~
peterwwillis
OP's comment is intended to tell us that This Shit Is Broken for him, and
clearly for other users as well. OP is not requesting tech support. As nice as
sweis is for offering support, he fails to acknowledge that solutions such as
this one are simply not ready for most users from a UX perspective.

Reinforcing this point to sweis is not a negative comment. It is a comment you
do not like. There is a difference.

------
Joeboy
I set up my first PGP key in 1998, and I have as yet never received a PGPed
email from anybody except myself. So it's exciting that I might finally do so.

~~~
Joeboy
Update: Somebody just sent me a PGP'ed email! Encrypted to my 1998 key, to
which I no longer have the private key :-(

~~~
zz1
Do you have a new PGP key? Provide us a fingerprint, short ID, link or
whatever, and you'll get mail ;)

~~~
Joeboy
66DB D820 C755 1E5E 2339 ABEC 98A3 E568 5745 0109

Edit: Achievement unlocked, thanks Iain and Seth.

------
carlesfe
Besides the obvious "why care about security when Facebook has your data",
this is a very positive move.

One thing is giving your data to companies and another one is living on a
country where there is not free speech, your beliefs/lifestyle/genetics are
illegal, etc. More encryption is always a good thing.

By the way, the article links to an official FB Onion site. Neat!

~~~
kpcyrd
This could be an attempt to correlate gpg keys to facebook accounts. Also,
make sure you're verifying the key out of band after you've pulled it from
facebook. /paranoia

~~~
Sami_Lehtinen
So what, gpg keys are unlimited resource. Just generate new ones whenever
required. I've been using that strategy. Just like you don't want to reuse
your password everywhere. If you don't want to be anonymous anymore, you can
sign nonce with your official and with your temporary key. Some seem to claim
that OpenPGP doesn't support ephemeral keys, but it does. You just need to
generate new keys and use those, when ever you want/need to.

------
bound008
One of the engineers behind this is a YC Founder of this company:
[http://techcrunch.com/2011/03/21/sendoid-finally-sharing-
big...](http://techcrunch.com/2011/03/21/sendoid-finally-sharing-big-files-
isnt-a-huge-pain/)

This is likely an attempt by motivated individuals inside an unstructured
place like Facebook to get a feature they want out to the public, and less
driven by some PM who wants to compete with others.

~~~
pr0zac
I'm the engineer mentioned here. Its nice people actually remember my startup.
:)

Facebook is definitely a place that lets engineers run with ideas, and it is
that environment that allowed us build this out as something engineer created,
designed, and driven.

I will acknowledge the PMs on the relevant product teams were all great to
work with at the points they became involved and understood the problem we
were hoping to solve here.

------
pjc50
As people have said in this thread, one instant advantage of this is an anti-
phishing measure. Not only can you verify mails from Facebook, but they can
send you password reset links to click on and know that your email account has
probably not been compromised.

Compromise or loss of the PGP key remains an ongoing problem. Maybe we could
persuade Apple to add PGP functionality to their secure co-processor.

------
moyix
What more or less sunk PGP for me was gmail. The various gpg-in-chrome plugins
I've tried have been pretty uniformly terrible (including Google's own end-to-
end), so the standard web interface is out.

And unfortunately, by allowing me to store so much mail (~7.5GB at the
moment), gmail has made it effectively impossible to use any other IMAP client
– I've left Mail.app and Thunderbird running for _days_ trying to do their
initial sync, to no avail. The only client that actually works with the amount
of mail I have, and has PGP support, is mutt, and even that takes ~5 minutes
to read in its header index on startup.

The end result is I pretty much just don't use PGP unless someone sends me
something encrypted (which does happen! But probably this is just because I
work in security), and then I break out mutt and resign myself to waiting
around a bit for things to load.

~~~
alooPotato
can you expand on what you found terrible about the chrome plugins that added
decryption to gmail?

~~~
moyix
Disclaimer: this was about a year ago, so some things may have changed.
Specific comments mainly apply to Google's own end-to-end, since that's the
one I remember best.

In general, they tended to not mesh well with the gmail UI – you could
decrypt, but the decrypted message would pop up in a new window. And sometimes
it just wouldn't detect that a message was encrypted, so you'd have to select
the encrypted text, find the context menu for it, etc. Composing was also more
difficult than it needed to be – another extra set of steps to remember before
hitting send, rather than something that would be triggered automatically if
the recipient was in my keyring.

Basically, the functionality offered usually ended up not being much better
than selecting the message, opening a terminal, and doing `pbpaste | gpg
--decrypt` (or --encrypt on the way out).

------
prajjwal
This sounds like it's more about keeping Facebook data out of Google's hands.
They must leak a lot of information about who did what on Facebook to them
through notifications ending up in Gmail accounts? Does that impact either
party in a significant way? Just a thought.

~~~
icebraining
The number of people who will actually upload their PGP key is so low that the
loss for Google is negligible, and FB knows it.

I find it more likely that they want to protect and to be seen to protect
their users.

~~~
cinquemb
_The number of people who will actually upload their PGP key is so low…_

So another act in "security" theater for most people. They must keep everyone
guessing at what they will do next.

~~~
mynameisvlad
Wat.

How is this security theater? It's providing an actual, useful service for
those who choose to use it. If the majority of people choose not to, then the
fault would lie primarily on the end user, not on Facebook.

~~~
cinquemb
If people trust other mail providers, which most do in general, why would they
use this?

Maybe facebook has some numbers on how many users distrust other major mail
providers to the extent to use this, while also trusting facebook.

At least to me, that sounds ridiculous. Because along the measures of
distrustfulness of who allows information to propagate to third parties (some
third parties more privileged than others…), I don't particularly see any
major mail provider above and beyond any other major players…

Considering that most people wont even know what GPG/PGP are, this seems like
an exercise in "Don't trust others, but trust me" and the user is supposed to
go like "Welp, ok!"? Haha.

~~~
mynameisvlad
No, it's more an exercise in "Don't trust anyone else, trust this proven,
well-known (in the tech world) encryption" which is markedly different than
"Don't trust others, trust me". PGP doesn't give you confidence in the source,
nor should it. It just gives you confidence on the transmission.

Now if we could get the public more aware of it, then that'd be great. :)

In any case, this isn't security theater. There's nothing theatrical about
this. This is a real security benefit that has newly been added. Lots of
things can be said about PGP in general, sure, but the ability to encrypt the
messages from Facebook so that only you can read them is an actual security
benefit. The entire concept of "security theater" is something that looks like
it increases security but does nothing. By sheer fact that encrypting
communications increases security, it can't be security theater.

~~~
cinquemb
"…ability to encrypt the messages from Facebook so that only you can read them
is an actual security benefit."

Except it isn't really "only you", its whoever else has access to the key or
keys facebook uses to encrypt such messages and if one distrusts other mail
providers that they use to such degree, but trusts facebook, I'd really start
question what threat model they are contriving…

~~~
dragonwriter
> Except it isn't really "only you", its whoever else has access to the key or
> keys facebook uses to encrypt such messages…

No, you are giving FB the public key, and keeping the private key. So anyone
with the (public) key you give Facebook could send you messages that you can
decrypt with the private key (which is why FB also lets you publish the key on
your profile page), but could not read the messages sent by someone else with
the same key.

Only you -- or someone else with the private key that you _don 't_ give to
Facebook -- can read the messages. Of course, if someone breaks PGP so that
they can use one half of the key pair to recover the other half, they could
read the message just by knowing the key you share with Facebook ... but that
that is intractable is the whole foundation of public key cryptography.

~~~
cinquemb
So setting side the intractable nature of the key issue, there is also the
issue of who has access to the plaintext… if you trust facebook with the
plaintext are you also trusting that plaintext is not available to other
parties?

~~~
dragonwriter
> if you trust facebook with the plaintext

Uh, its the plaintext of notifications sent _by_ Facebook, _to_ you.

If you _don 't_ trust Facebook with the plaintext of those, you probably
shouldn't have a Facebook account.

This is a means of preventing interception by third-parties not intended to
have access by either of the parties to the transaction. Its kind of an
orthogonal concern to the degree of trust one has in the other party, though I
suppose if one sufficiently distrusts the other party, the risk of accidental
interception becomes negligible compared to the risk of intentional disclosure
by the other party. But if the trust is _that_ bad, why would you even
voluntarily have relationship with that party?

~~~
cinquemb
> _But if the trust is that bad, why would you even voluntarily have
> relationship with that party?_

Good question, but It's probably best for those who trust facebook, and
complain about parties that have a carte blanche to subvert such security of
interception (like government actors and civilian contractors but most don't
complain about the contractors) like the crowds do on HN from time to time. I
ask that question to myself when I see such complaints being raised…

------
hrjet
Wonderful! I don't use Facebook that much, but I hope this helps make PGP more
popular among users and services. In particular, I am hoping for banks to
start PGP encrypting the reports they send to me via email.

~~~
kkl
This! I do not use Facebook but would love if this leads to increased interest
in using asymmetric crypto to encrypt automated notification emails.

------
amelius
I tried using PGP in Thunderbird on Linux. It was a pain. E-mails suddenly
didn't format properly, and I got weird error messages at unexpected moments.

We need better user-agents for dealing with encrypted email.

~~~
facepalm
I've been unable to get Enigmail to work in Thunderbird on OS X. Anybody else
has that problem? It leaves "normal" mails alone, though.

The issue I have is that it fails to discover my private key, even though gpg2
is clearly aware of it (and Engimail is configured to use gpg2).

~~~
ThatGeoGuy
You may be failing to start gpg-agent properly. Are you exporting
GPG_AGENT_INFO? What does it say?

I noticed this was somewhat of a sore spot for people when Enigmail started
forcing gpg2 instead of letting the user choose. I don't disagree with forcing
gpg2, but there were definitely some configuration changes that needed to be
made on my system to cope with / reflect that choice.

~~~
facepalm
Thanks, I'll look into that. I don't think I ever explicitly configured gpg-
agent, so there might be a lingering issue.

------
StavrosK
That's a great move, and Facebook deserves props for this. Not only for making
it easy for people to disseminate keys, or for making it hard for my email
provider to read my email, but for also eliminating phishing. Now my email
client will show me beyond a shadow of a doubt that a given email was sent by
Facebook.

~~~
benburwell
Totally agree. Going off of this, it would be kind of neat if they started
signing all outgoing email by default, regardless of whether the recipient has
uploaded their public key for encryption.

------
mike-cardwell
They link to their key at:

[https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2F3898CEDE...](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2F3898CEDEE958CF)

Surprised that nobody has generated a private key with a UID containing an
abusive or self promoting real name/comment, signed Facebooks key with it and
uploaded the signature to the keyservers yet. Tempted to sign it with a key
with a real name of:

"Software Developer / SysAdmin for hire. See
[https://mywebsite"](https://mywebsite")

I guess at that point I'd be permanently branded a spammer though. ;)

~~~
jessaustin
How would that be spam? Aren't the keyservers _intended_ to act as
repositories for signed keys?

~~~
grhmc
He'd be posting ads via signed keys. Not an actual usable signed key.

~~~
jessaustin
Is that already a problem? If not, I don't see how FB having a key changes
anything.

~~~
grhmc
Just a high profile key which people are going to look at, that is all.

------
Kunix
The funny state of Facebook: the research side pushing for more privacy by
promoting Tor/PGP, and the official side requiring you to upload your
government ID if you want to keep your account. (see #MyNameIs)

~~~
dmix
Fun fact: one of the big reasons Tom created Myspace in 2003 was because of
Friendster's real-name policy.
[https://en.wikipedia.org/wiki/Tom_Anderson#Career](https://en.wikipedia.org/wiki/Tom_Anderson#Career)

------
satyajeet23
Things I didn't think I'd be doing today: adding my PGP key to my Facebook
profile!

------
RMarcus
Perhaps this has already been said and I missed it, but Facebook has the
capability to be a pretty neat public key repository.

You could have a pretty high degree of confidence that the public key
associated with a Facebook account belonged to the account owner.

Hopefully they'll be come kind of API (if there isn't already).

Either way, I hope [http://keybase.io](http://keybase.io) lets me add my
Facebook profile now!

------
markild
It's kinda cool that they're doing this, if not for anything else than to
raise awareness about PGP.

That being said, I'm trying my best, and coming up short, in figuring out what
problem this would solve...

~~~
jakobegger
This solves the problem of your email provider reading your Facebook
notification emails.

~~~
bigiain
Email provider, overbearing parents, abusive spouse, scriptkiddie who's just
phished your email password...

It's only a small "win" for privacy - given that Zuckerberg is on the other
unencrypted end of anything "private" this might send, but I can see it as an
important win for a few people...

Of course, perhaps this is part of a cooperative or NSLed collaboration with
the NSA, "Hey Zuckerberg! We need you to tell us which of your users knows how
to use PGP, then give us their entire social graph, the social graph of
everybody who's ever uploaded a photo with them in it, the locations of those
photos, and any Facebook-javascript-bugged webpages they've ever visited.
Thanks."

~~~
patzerhacker
But it does nothing to hide that it is a facebook notification or that it is
from facebook because the envelope information is still unencrypted. So the
'From' address and subject are still in the clear, which doesn't prevent
overbearing parents and abusive spouses from knowing you received a
notification - only from reading the contents of that notification.

~~~
sweis
Hi. We use a generic subject line "Encrypted Notification from Facebook" and
tried to remove fields that leak metadata. The From: field should just say
"Facebook".

Please contact me if you do see anything leaking metadata about the plaintext
email.

~~~
patzerhacker
That's not really what I'm taking issue with.

The parent to my post mentioned that this was a win for people with
"overbearing parents" or an "abusive spouse". My response is that the message
From field still says that this message is from Facebook, and the subject line
apparently says "Encrypted Notification from Facebook". So this is not really
a win for someone with overbearing parents or abusive spouses because
sufficiently overbearing or abusive people will be on the lookout for any
communication from Facebook and will assume the mere fact that the message is
encrypted is a sign that it's something they would disapprove of.

That is no way meant to say that the feature is useless, rather that the
parent to my post is mistaken about who this feature is useful for. More
useful would be an option to have the notification message come from somewhere
innocuous - to otherwise make it look like spam. If it did, the PGP encryption
would allow the recipient to pick it out of the spam and make sense of it
while not alerting others to the fact that it's a message from Facebook.

~~~
bigiain
Even in your scenario, I can see some utility. A paren or spouse who has your
email password still can't reset your Facebook password without your PGP
keyphrase password as well. That's perhaps not a significant additional
barrier, but at least it's a much less commonly used password/phrase than your
email account...

~~~
patzerhacker
Again, the big problem for abuse victims is getting the shellac beat out of
them for disobeying their abuser. This encryption does nothing to enable an
abuse victim to switch on notifications as the (now grand-)parent post I was
responding to was insinuating - abusers on that level don't care what the
message says. They are going to interpret any message they can't read as a
message that goes against 'their rules'.

------
mdavidn
How about S/MIME? Most mail clients offer out-of-the-box support, including
iOS. No additional software required. Requesting a free certificate from
Comodo with a web browser is much easier than grokking PGP.

But then exporting your private key and importing it on iOS ... Still a UX
disaster, unfortunately.

~~~
asztal
Exactly. It seems perfect for this sort of email because the existing PKI
handles trust.

------
unsignedint
Did they just kill pgp.mit.edu by linking from this page? I'm having problem
retrieving keys from pgp.mit.edu, or it's just a coincidence...

~~~
lucb1e
Works for me (and quite fast, given I'm using the Tor browser).

~~~
unsignedint
The top page seems to be working but lookup part seems to choking. Getting one
from gpg didn't work, too

------
grhmc
Since the pgp.mit.edu site is down, here is their public key DEE958CF:
[https://gist.github.com/grahamc/efbebf4c05ff9e097731](https://gist.github.com/grahamc/efbebf4c05ff9e097731)

------
wahsd
There is absolutely zero reason to trust Facebook. Facebook is essentially a
self-maintained government dossier on everyone that uses it and doesn't take
adequate precautions. Who would have thought that in the future, 1985 would
look more like people reporting everything they do and say and think to the
government surveillance state rather than the government actually having to
put any kind of effort into actually acquiring that information.

~~~
Joeboy
Ok, Facebook is a modern version of the Stasi, but it's still good that third
parties can't snoop on my interactions with them. I don't see any reason to
feel bad about this specific measure.

~~~
fwn
Yeah, right. Except for the rape prisons I guess.

It's not against you personally, but I never understood how people compare a
brutal, murderous gov. agency to something as mild as a social network.

------
userbinator
At first I misparsed the title, and since I do not use Facebook, thought it
was about preventing them from reading your email...

------
somerandomone
Bug report: the add public key page doesn't recognize the public key exported
by GnuPG which has the header

    
    
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      Version: GnuPG v1.4.9 (Darwin)
    

I figured out that the second line with version should be removed but the
error message is not quite helpful.

~~~
jonmillican
Hi, engineer who worked on this here. Would you mind linking me to your key,
including the version line, and letting me know the error message is? I'll try
to see what the issue is.

~~~
somerandomone
Sure. Let's say I want to use the public key listed at here[0], like this[1].
This[2] is the error message.

[0] [https://access.redhat.com/documentation/en-
US/Red_Hat_Enterp...](https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/4/html/Step_by_Step_Guide/s1-gnupg-export.html)

[1]
[https://drive.google.com/file/d/0B9kwqLwGBg_7NGd4QlRreU5hSFE...](https://drive.google.com/file/d/0B9kwqLwGBg_7NGd4QlRreU5hSFE/view?usp=sharing)

[2]
[https://drive.google.com/file/d/0B9kwqLwGBg_7WlpqUFlEWmRMY2c...](https://drive.google.com/file/d/0B9kwqLwGBg_7WlpqUFlEWmRMY2c/view?usp=sharing)

~~~
jonmillican
The key you linked to seems to have invalid CRC bytes at the end of its ASCII
armor - this is why we can't accept it, as it's malformed.
[http://imgur.com/J1bp73V](http://imgur.com/J1bp73V)

------
ForHackernews
This might be mostly useless, but at the very least it will increase the
volume of PGP-secured email floating around in the world. It will make
encrypted email more common, and therefore less of a red flag for security
services.

------
sarciszewski
I wonder if they're using PEAR Crypt_GPG to facilitate this, or if they wrote
their own encryption wrapper?

If it's the latter and anyone at Facebook wants someone to look over their
implementation, let be know. ;)

~~~
sweis
Hi Scott. We're not using PEAR.

If you are interested in looking at the implementation and other interesting
security stuff, we have a lot of security openings:

Security Software Engineer -
[https://www.facebook.com/careers/department?req=a0IA000000G2...](https://www.facebook.com/careers/department?req=a0IA000000G2bGoMAJ&dept=it)

Open Source Security Engineer -
[https://www.facebook.com/careers/department?req=a0I1200000G4...](https://www.facebook.com/careers/department?req=a0I1200000G4M4hEAF&dept=it)

PrivateCore Software Engineer -
[https://www.facebook.com/careers/department?req=a0I1200000G4...](https://www.facebook.com/careers/department?req=a0I1200000G4babEAB&dept=it)

Security Infrastructure -
[https://www.facebook.com/careers/department?req=a0IA000000G4...](https://www.facebook.com/careers/department?req=a0IA000000G40MFMAZ&dept=engineering)

------
kub3ling
Do/will they support curve25519 keys?

~~~
jakobegger
Quoting from the article: "we are investigating the addition of support for
GPG's newer elliptic curve algorithms in the near future"

~~~
kub3ling
Missed that. My bad

------
TsukasaUjiie
Neato. The idea of Facebook acting as a "keyserver" worries me a bit though.

I'm looking forward to when they inevitably (I hope) add support for
visualising the Web of Trust

~~~
Flimm
Why does the idea of Facebook as keyserver worry you? How is it worse than
using another keyserver?

~~~
gtirloni
I don't need a MIT account to use MIT's key server. Facebook has the tendency
to make things available only behind their wall.

~~~
ceejayoz
Why couldn't you use both?

------
kub3ling
Do they use --hidden-recipient ?

------
keehun
I've started signing (not encrypt) every email I send, even to my friends and
professors. The cost of this is that they see the ugly block of a signature. I
hope to raise awareness.

------
aw3c2
67uy, I hope you read this. Your account seems to have been falsely flagged as
something bad immediately, you are "[dead]" ghosted. :/

------
motters
Since notifications from Facebook will contain mostly predictable content
won't these just become cribs for crackers?

~~~
dionyziz
Not sure what you mean, but good encryption algorithms (including GPG's RSA
and DSA) are not vulnerable to known-plaintext attacks. Even if you know the
plaintext and the cryptotext shouldn't help you in cracking the key in any
way.

~~~
__z
I dont facebook very often so every few days they send me a notification email
"myname you have notifications pending." even when i dont.

------
greyman
What is the easiest way to get a PGP key?

~~~
zz1
Generate one. Which OS are you on? Look up for a tutorial, you'll certainly
find a good one.

Edit: you either have to install GPGTools (for OS X,
[https://gpgtools.org/](https://gpgtools.org/)), GPG4Win
([https://gpg4win.org](https://gpg4win.org)) Windows, or gpg for linux. To use
GPG in Thunderbird you'll also need Enigmail.

------
joosters
Any they encrypting the contents, or merely signing them? The article seems to
imply one then the other.

~~~
rakoo
They encrypt with your key (so only you can read), and sign with their key (so
you're sure it really comes from them)

------
higherpurpose
Next-up officially announced integration of Axolotl and ZRTP in both Whatsapp
and Facebook Messenger?

~~~
mike-cardwell
WhatsApp already implemented Axolotl -
[https://whispersystems.org/blog/whatsapp/](https://whispersystems.org/blog/whatsapp/)

~~~
StavrosK
It's only used opportunistically, though (which is still much better than
plaintext).

~~~
sarciszewski
> Implying that opportunistic encryption is much better than plaintext

Unless you have an active attacker, in which case they are equivalent.

~~~
StavrosK
So, overall, much better :P

~~~
sarciszewski
Nope.
[https://www.youtube.com/watch?v=ibF36Yyeehw](https://www.youtube.com/watch?v=ibF36Yyeehw)

------
FlaceBook
This sounds like another completely pointless PR stunt to fool people into
thinking Facebook gives a shit about their privacy.

