1 June, 2015

PGP comes to Facebook

The Committee to Project Journalist notes it is now possible to attach a PGP key to one’s Facebook profile. This is another in a series of steps Facebook has taken recently to secure its networks, from HTTPS at every endpoint to enabling connections via Tor. The PGP feature lets anyone add their public key and includes an option to have any notice Facebook sends be encrypted via that key.

Given the sheer size of Facebook’s network, this is an impressive step forward for security and privacy, although the challenges of setting up a keypair and understanding the basic mechanics of public key cryptography are still largely left to the user. Projects like Keybase are trying to solve many of the UX problems inherent to widespread public key adoption, but still seem largely limited to geekier types on Twitter and Github.

Given how much Facebook is a stand-in for people’s identity online, having a place to advertise a public key is a step in the right direction. And since news about Facebook and privacy is often a cause for concern, it’s perhaps ironic that Facebook could help push more widespread adoption of public key cryptography1.

  1. There is a fair piece of criticism to be made here, that Facebook is working diligently to improve security to and within its own network, but its business of harvesting massive amounts of user data to sell to brands and advertisers remains unchanged. These are both true and probably incompatible to privacy absolutists but not necessarily wholly dissonant.