[liberationtech] "Securing Email Communications from Facebook" offering PGP support
Thomas Delrue
thomas at epistulae.net
Mon Jun 1 15:26:30 PDT 2015
On 06/01/2015 06:19 PM, zaki at manian.org wrote:
> For their notification system, FB is leveraging GPG as an identity
> provider to say" only a person who has a certain private key
> should be able to reset access credentials for this account".
I had not thought of this and I think that this is a good point.
I do however question whether this is the purpose of this feature, I
think it is more of a side-effect.
> On Mon, Jun 1, 2015 at 3:09 PM, Parker Higgins <parker at eff.org>
> wrote:
>
>> On 06/01/2015 12:35 PM, Thomas Delrue wrote:
>>> On 06/01/2015 01:46 PM, Steve Weis wrote:
>>>> Hi Libtech. Facebook added support to put a PGP public key
>>>> to your profile and optionally use it to encrypt email
>>>> notifications that are sent to you:
>>>>
>> https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302
>>>
>>
>>
Forgive my ignorance but what is the point of this 'feature'?
>>> Wouldn't FB (and thus anyone able to coerce FB as well) still
>>> have the unencrypted data?
>>>
>>> Wooden leg, meet band-aid.
>>
>> Facebook is offering end-to-end encryption. If you don't trust
>> the other end of an end-to-end connection, this won't help that
>> particular problem. But there are plenty of well-attested
>> benefits of end-to-end encryption for all sorts of other
>> threats.
More information about the liberationtech
mailing list