FYI.

This story is over 5 years old.

Tech

Facebook Is Adding New Encryption Options Even Though It Doesn't Have To

The company is making it easier and easier to receive encrypted emails.
Shutterstock

Facebook introduced encrypted notification emails back in June as part of its post-Snowden effort to provide more privacy to its customers.

Now, the company has announced support for another type of cryptography, and an email provider has made it easier to receive encrypted emails from the social media giant too.

When Facebook added encrypted email notifications in June, it used PGP or GPG, the infamous, albeit notoriously hard to use, encryption system.

Advertisement

Facebook allowed users to upload their public PGP key to their profile, enabling notification emails, such as a password reset, or alerts about new messages, to be sent encrypted to the user's email account. This meant that anybody snooping on those emails, such as the user's email provider, or the mass surveillance systems of the National Security Agency and its Five Eyes partners, would not be able to read the contents.

Now the site is enabling elliptic curve cryptography, or ECC, a new cryptographic algorithm that is part of PGP.

The implementation of ECC on Facebook works in much the same way—a user attaches their key to their profile—but the cryptography itself is different. ECC still allows for the robust encryption of data, while using keys of a significantly smaller size than those of RSA, naturally reducing how much data needs to be stored.

"We've previously focused on securing people's direct connection to Facebook with things such as HTTPS and a TOR onion site," Melanie Ensign, a spokesperson for Facebook, told Motherboard in a Twitter direct message. "Now, we're giving people more control and options for protecting the email communications they receive from Facebook."

Also mentioned in Facebook's announcement was a new feature from ProtonMail, an encrypted email service which launched its public beta in May 2014. Although some media reports mistakenly labeled ProtonMail as "NSA-proof," the company has made some genuine and significant moves towards protecting its customers' data, such as easy-to-use PGP encryption.

Now, decrypting those email notifications from Facebook will be automatic and painless, at least according to ProtonMail.

Only a tiny percentage of Facebook's overall user base are likely to even think about taking advantage of these new features. Presumably Facebook knows that, but regardless, it is still bothering to implement improvements to encrypted email notifications. When tech companies endeavor to bring stronger privacy protections, the consumer can only win.

Correction: An earlier version of this story said that EEC is a new standard in addition to PGP. That is incorrect; it is a new algorithm but not a new standard.