Facebook will send encrypted emails as users add PGP key to profile
Facebook called the PGP feature "experimental" and said it is slowly rolling it out, although a timeline wasn't provided. The PGP key details will be added to the "contact and basic info section" of a person's profile under "contact information."
Facebook sends messages to private email accounts to inform users when they have a private message or friend request, for example. It currently uses TLS to establish secure connections to a person's email provider, but this won't keep the details of an email private from prying eyes.
By enabling PGP, Facebook will protect the content contained in an email, Facebook said Monday. Email service providers like Yahoo and Google scan a person's inbox and run ads based on the content of a message, a practice some users don't like. Revelations about widespread government surveillance programs have also made many people more concerned about online privacy.
Using PGP offers end-to-end email encryption and ensures that only the person with the key can read the email, Facebook said. In addition to listing a PGP public key, users must also opt in to receive encrypted messages. Emails from Facebook will be signed with the site's private key so people know the content is authentic, the company said.
For now, people can only add their public key when using a desktop browser. Facebook said that mobile devices don't support public key management and it is investigating how to change this. Ensuring that mobile users can use all of the site's features is likely a priority for the company. According to its 2014 fourth-quarter earnings report, around 38 percent of Facebook's 1.39 billion monthly active members only use a mobile device to access the site.
Fred O'Connor writes about IT careers and health IT for The IDG News Service. Follow Fred on Twitter at @fredjoconnor. Fred's e-mail address is fred_o'connor@idg.com