Facebook launches OpenPGP public profile key pilot

Facebook has once again turned to encryption in efforts to boost individual user privacy.


Facebook has announced plans to integrate the use of OpenPGP keys to keep user communication away from spying eyes.

In October last year, the social media giant announced the launch of a .onion address to allow Tor users to connect to Facebook through the anonymised Tor network. Tor, which recently closed down its Cloud Project to prevent security issues impacting upon the privacy of its users, is often used by those seeking to disguise their online activity -- and has become increasingly popular since the disclosure of mass spying by government agencies by former US National Security Agency (NSA) contractor Edward Snowden.

The Facebook Tor address allows users to communicate directly with Facebook's data centers, and SSL is also implemented for increased security.

Read this

Facebook at Work: Thanks, but no thanks

It makes sense for Facebook to tap into other markets -- but the enterprise isn't one of them.

Read More

However, the exploration of Tor is not the only Facebook project designed to increase the individual security of users. On Monday, Facebook announced plans to roll out an experimental new feature which allows end-to-end encrypted notification emails to be sent from Facebook to your linked email accounts.

"Whilst Facebook seeks to secure connections to your email provider with TLS, the stored content of those messages may be accessible as plaintext (with attachments) to anyone who accesses your email provider or email account," Facebook says.

As a result, the scheme involves the use of OpenPGP public keys. PGP is a hybrid cryptographic system which compresses plaintext before creating one-time session keys which are then encrypted to recipient public keys. The system is considered a fast way to improve the security of communication channels.

Users can update their own public key over desktop browser through your contact preferences account tab. The service is gradually rolling out today, and you can choose whether or not to share OpenPGP keys from their profiles, and whether you wish to enable encrypted notifications is also up to you.