[liberationtech] "Securing Email Communications from Facebook" offering PGP support

[Parker Higgins]

On 06/01/2015 04:20 PM, John Sullivan wrote:
> Thomas Delrue <thomas at epistulae.net> writes:
>
>> On 06/01/2015 06:19 PM, zaki at manian.org wrote:
>>> For their notification system, FB is leveraging GPG as an identity 
>>> provider to say" only a person who has a certain private key
>>> should be able to reset access credentials for this account".
>> I had not thought of this and I think that this is a good point.
>> I do however question whether this is the purpose of this feature, I
>> think it is more of a side-effect.
>>
> It may also help them reduce phishing/spamming, if enough users use it
> -- phony Facebook notifications are pretty common, and that's one thing
> this addresses pretty well.
By the same token, another non-obvious problem this could address is
password resets. At first glance it looks like this effectively raises
the level of your (knowledge-factor) security from that of your email
inbox to that of your private key.

Thanks,
Parker

-- 
Parker Higgins
Director of Copyright Activism
Electronic Frontier Foundation
https://eff.org

815 Eddy Street
San Francisco, CA 94109-7701

I prefer to use encrypted email.

Public key: https://www.eff.org/files/2014/11/03/gphkey.txt
Fingerprint: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709

Learn how to encrypt your email with the Email Self Defense guide:
https://emailselfdefense.fsf.org/en/