[liberationtech] "Securing Email Communications from Facebook" offering PGP support
zaki at manian.org
zaki at manian.org
Mon Jun 1 15:19:27 PDT 2015
Facebook is an identity provider.
GPG is a failed(so far?) system for confidentiality and massively
successful system for managing identity(Hello Debian!)
For their notification system, FB is leveraging GPG as an identity provider
to say" only a person who has a certain private key should be able to reset
access credentials for this account".
It is a totally awesome breakthrough in the use of cryptography for robust,
casual attestation of identity over an insecure channel and it leverages an
existing toolchain rather than inventing a new one.
Initially this is only available to cryptonerds but as the community
fulfills the moral imperative to solve the usability problems it will
become more widely available.
On Mon, Jun 1, 2015 at 3:09 PM, Parker Higgins <parker at eff.org> wrote:
> On 06/01/2015 12:35 PM, Thomas Delrue wrote:
> > On 06/01/2015 01:46 PM, Steve Weis wrote:
> >> Hi Libtech. Facebook added support to put a PGP public key to your
> >> profile and optionally use it to encrypt email notifications that are
> >> sent to you:
> >>
> https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302
> > Forgive my ignorance but what is the point of this 'feature'?
> > Wouldn't FB (and thus anyone able to coerce FB as well) still have the
> > unencrypted data?
> >
> > Wooden leg, meet band-aid.
>
> Facebook is offering end-to-end encryption. If you don't trust the other
> end of an end-to-end connection, this won't help that particular
> problem. But there are plenty of well-attested benefits of end-to-end
> encryption for all sorts of other threats.
>
> Thanks,
> Parker
>
> --
> Parker Higgins
> Director of Copyright Activism
> Electronic Frontier Foundation
> https://eff.org
>
> 815 Eddy Street
> San Francisco, CA 94109-7701
>
> I prefer to use encrypted email.
>
> Public key: https://www.eff.org/files/2014/11/03/gphkey.txt
> Fingerprint: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709
>
> Learn how to encrypt your email with the Email Self Defense guide:
> https://emailselfdefense.fsf.org/en/
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150601/a2e33592/attachment.html>
More information about the liberationtech
mailing list