Another possibility is one of their programmers thought "It would be good if there was more encrypted e-mail going around in general, I wonder if I can get it into facebook somehow" and coded this feature in their free time. Then convinced his managers to integrate it with that argument plus "and it's already coded we just need to merge it in"
Well, from what I know there are some seriously privacy minded people in there. As oxymoronic as that sounds.
But I could certainly see some benefits both for FB and for world at large from this. One of the big problems with PGP is how to bootstrap web of trust. "Does this key really belong to this particular person?" But what if the otherwise loathed real name policy could be turned to service this particular need? Prominently visible personalities can attach their PGP keys to their pages and make the first association harder to forge.
Secondly, I have little doubt that the keyservers are monitored. An increase of searches and/or downloads to known activist lawyers' or journalists' keys could have relation to uncomfortable whistles being blown in near future. But what if FB made the keys they have signed available via their own keyserver, and made that reachable over Tor? Downloading a high-profile PGP key is likely to be a fairly big red flag.
And lastly, there may be some positive effects further down the line. I've been using PGP (and later GPG) since 2.3i became available and I know just how horrid the usability is. If FB can iterate over UI and UX issues, then others can learn from those efforts, and eventually we might have something that even a regular person could at least learn to use.
And of course - adding more encrypted noise to global email flow is not a bad thing at all.
I have no doubt that FB sees many non-altruistic avenues if this service catches wind. Wonder is there is anything to relationship graphs with some extremely strong edges...
"and it's already coded we just need to merge it in"
Any manager worth their salt will know that maintaining code is 10x more expensive than building it in the first place, and if it's user-facing code you're even adding an implicit promise that the feature isn't going to be removed again. I strongly doubt the "oh but it would be so hard to build that" argument counts for much.
That said, I've no idea about what kind of place Facebook really is.
This is by far the most likely reason. When you hire top developers, those developers want to work on interesting stuff. If retaining those people is a priority, the middle manager's only option is to smile and nod when they tell him something they'd like to do, or he'll soon find himself without employees, and shortly after without a job.
Just look at all the shit that comes out of Google, not as part of some grand overarching scheme, but because someone thought it would be fun, and more often than not forgotten about a year later.
To me the strangest thing about this announcement is that, while the PGP user base is small, I imagine its intersection with Facebook's is much, much smaller. PGP is used by people who are extremely concerned with privacy, which is practically the antithesis of Facebook.
That is why I suspect this is mainly a PR move by Facebook to show they are concerned about your privacy. Although the suggestion in the article about Facebook going in the PGP mail business is much more excited. Not that i would want to host my email on facebook servers, but if they are able to lay the groundwork for usable encrypted email that would be really great.
I agree with the demographics, but I've never understood this connection. With Facebook, the intrusion of privacy happens completely out in the open and you can work with that. By now pretty much everyone concerned knows that they collect and potentially use everything they can. With email interception, on the other hand, that's something you don't have any control over without encryption. So in my mind, I can be a heavy user of Facebook and a heavy user of PGP without any contradiction.
I'm not a fan of Keybase because they encourage a lot of unsafe behaviour:
1. They tell you to trust webpages which claim that their code does not send passwords or private keys to the server – something which would be extremely hard to verify now and even were you to do so now, could silently change in the future:
I have no reason to believe they're doing any of this in malice but it's not good because it encourages people to believe claims which could be made by any phisher and encourages practices which put you at risk if Keybase is ever compromised.
The answer to this, of course, would be a browser-managed crypto API which could provide unspoofable UI indicating that e.g. a private key will never leave the client but in the absence of such an API it feels irresponsible to make similar claims which aren't actually possible.
Back in the Myspace era, I was bored and created an easy encoder-decoder for people to play with. It worked with Twitter, Facebook and Myspace (cut-paste your encoded text) because it only used basic characters. As you can't see in this animation, I later added random spaces and punctuation to the encoded text so that theoretically it would be harder for social networks to detect and block. The text was encoded in Javascript as you typed, which I thought was cool :-)
You can see it here as a GIF animation http://pjbrunet.com/friends-secret-messages.gif The decoder was just as easy, another pink box under the encoder. Obviously a pro could crack the code but that wasn't the point.
It was free. I advertised it to hundreds of thousands of people at the top of my blog which was 99% social media users and many of them were interested in privacy related topics as I could see from the Google queries. Looking at the CTR on that banner (asking people to try it) I concluded nobody cared. I was obviously targeting people who weren't tech savvy. I had some friends try it, they said they felt like James Bond ;-) That particular app had no traction, but my "pipe letter generator" did much better.
I don't think anyone cares or should care about easy-to-break encryption. Encoding and decoding your messages has a cost, there needs to be a benefit beyond "looking cool".
What if Google validated PGP signatures for you from trusted, popular certs?
They'd have Facebook's pubkey on file, and -- transparent to you -- would create something analogous to my browser's lock icon in their email browser. Any time you got an email from Facebook, it'd say "Verified Sender".
Heck, couldn't we tie mail from Facebook back to their domain cert given to them by their CA? If it says @facebook.com, and it's passes verification from the cert on facebook.com, then it's actually from Facebook, right?
I really don't understand why it has been chosen over S/MIME. Maybe they gave the money to that german guy who wrote it and now they don't want them to be completely wasted :)
S/MIME has very little adoption - the kind of people who care about encrypting their email are usually the same kind of people who don't trust the CA system.
I think the nicest part of this is that account recovery e-mails are encrypted. I wish we'd see more of this.
While I'm cautious about facebook in general, it is (in essence) a repository for public data. A public key falls into that category, so they gain nothing more than the association of user and key. And in return, the PRISM databank has more superbly useless information to store and eventually 'collect' for 1EF communication.
And I gain immunity from account hijacking unless I mess up Key Management.
Yeah, I immediately-ish got an encrypted email asking me to confirm that I really wanted my notifications encrypted, and after I clicked the link I started getting encrypted notifications. Maybe check your spam?
Hi. Someone else commented, but you should have received an encrypted verification email with a link. We don't want to start sending you encrypted notifications until we confirm you're actually able to read them.
If you click that verification link, you'll receive a web notification that it's enabled should start receiving encrypted notifications.
Check your spam folder in case your mail provider's or client's spam filter is mislabeling it.
If you don't see it, try unchecking and rechecking the opt-in box, which should trigger a new verification email. (We've had a feature request for a "Resend" button".)
Now if Apple does announce PGP/GPG support built into Mail in OS X and iOS, that would make this much more interesting.
I wonder if MS has made GPG support any easier in Outlook. Last I looked into it a year or two ago, it was hard to integrate unless you paid for the official PGP plug-in.
Given that one event involves coding, testing, and real deployment while the other is Tim Cook giving a speech where he spins another tale of "in the future..." BS that is in no way supported by anything real yet, I think you have the order backwards here.
michaelt|10 years ago
bostik|10 years ago
But I could certainly see some benefits both for FB and for world at large from this. One of the big problems with PGP is how to bootstrap web of trust. "Does this key really belong to this particular person?" But what if the otherwise loathed real name policy could be turned to service this particular need? Prominently visible personalities can attach their PGP keys to their pages and make the first association harder to forge.
Secondly, I have little doubt that the keyservers are monitored. An increase of searches and/or downloads to known activist lawyers' or journalists' keys could have relation to uncomfortable whistles being blown in near future. But what if FB made the keys they have signed available via their own keyserver, and made that reachable over Tor? Downloading a high-profile PGP key is likely to be a fairly big red flag.
And lastly, there may be some positive effects further down the line. I've been using PGP (and later GPG) since 2.3i became available and I know just how horrid the usability is. If FB can iterate over UI and UX issues, then others can learn from those efforts, and eventually we might have something that even a regular person could at least learn to use.
And of course - adding more encrypted noise to global email flow is not a bad thing at all.
I have no doubt that FB sees many non-altruistic avenues if this service catches wind. Wonder is there is anything to relationship graphs with some extremely strong edges...
skrebbel|10 years ago
Any manager worth their salt will know that maintaining code is 10x more expensive than building it in the first place, and if it's user-facing code you're even adding an implicit promise that the feature isn't going to be removed again. I strongly doubt the "oh but it would be so hard to build that" argument counts for much.
That said, I've no idea about what kind of place Facebook really is.
rubzah|10 years ago
Just look at all the shit that comes out of Google, not as part of some grand overarching scheme, but because someone thought it would be fun, and more often than not forgotten about a year later.
alexbecker|10 years ago
rrockstar|10 years ago
smackfu|10 years ago
azag0|10 years ago
omouse|10 years ago
p4bl0|10 years ago
[1] https://keybase.io/
acdha|10 years ago
1. They tell you to trust webpages which claim that their code does not send passwords or private keys to the server – something which would be extremely hard to verify now and even were you to do so now, could silently change in the future:
https://www.dropbox.com/s/teikzwftimeu8nc/Screenshot%202015-...
https://www.dropbox.com/s/1xlvpd8drhix0tj/Screenshot%202015-...
2. They encourage blindly copying and pasting complex commands into a shell:
https://www.dropbox.com/s/5rv7p4mks0qdr7f/Screenshot%202015-...
I have no reason to believe they're doing any of this in malice but it's not good because it encourages people to believe claims which could be made by any phisher and encourages practices which put you at risk if Keybase is ever compromised.
The answer to this, of course, would be a browser-managed crypto API which could provide unspoofable UI indicating that e.g. a private key will never leave the client but in the absence of such an API it feels irresponsible to make similar claims which aren't actually possible.
SaturateDK|10 years ago
pjbrunet|10 years ago
You can see it here as a GIF animation http://pjbrunet.com/friends-secret-messages.gif The decoder was just as easy, another pink box under the encoder. Obviously a pro could crack the code but that wasn't the point.
It was free. I advertised it to hundreds of thousands of people at the top of my blog which was 99% social media users and many of them were interested in privacy related topics as I could see from the Google queries. Looking at the CTR on that banner (asking people to try it) I concluded nobody cared. I was obviously targeting people who weren't tech savvy. I had some friends try it, they said they felt like James Bond ;-) That particular app had no traction, but my "pipe letter generator" did much better.
lmm|10 years ago
dimino|10 years ago
They'd have Facebook's pubkey on file, and -- transparent to you -- would create something analogous to my browser's lock icon in their email browser. Any time you got an email from Facebook, it'd say "Verified Sender".
Heck, couldn't we tie mail from Facebook back to their domain cert given to them by their CA? If it says @facebook.com, and it's passes verification from the cert on facebook.com, then it's actually from Facebook, right?
bbrazil|10 years ago
https://support.google.com/a/answer/174124 https://support.google.com/a/answer/2466580
excel2flow|10 years ago
I really don't understand why it has been chosen over S/MIME. Maybe they gave the money to that german guy who wrote it and now they don't want them to be completely wasted :)
lmm|10 years ago
CaptainZapp|10 years ago
leejoramo|10 years ago
hstrauss|10 years ago
While I'm cautious about facebook in general, it is (in essence) a repository for public data. A public key falls into that category, so they gain nothing more than the association of user and key. And in return, the PRISM databank has more superbly useless information to store and eventually 'collect' for 1EF communication.
And I gain immunity from account hijacking unless I mess up Key Management.
lmm|10 years ago
Joeboy|10 years ago
sweis|10 years ago
If you click that verification link, you'll receive a web notification that it's enabled should start receiving encrypted notifications.
Check your spam folder in case your mail provider's or client's spam filter is mislabeling it.
If you don't see it, try unchecking and rechecking the opt-in box, which should trigger a new verification email. (We've had a feature request for a "Resend" button".)
golemotron|10 years ago
leejoramo|10 years ago
I wonder if MS has made GPG support any easier in Outlook. Last I looked into it a year or two ago, it was hard to integrate unless you paid for the official PGP plug-in.
evgen|10 years ago
coldpie|10 years ago
anthony_barker|10 years ago
Payments (bitcoin style currencies), banking, document signitures, and single sign-on?
marcosdumay|10 years ago
rmoriz|10 years ago
Some time ago I started collecting support of S/MIME in products and companies: https://gist.github.com/rmoriz/5945400
thomasahle|10 years ago
jaysoncena|10 years ago