Facebook and PGP
cs.columbia.eduAnother possibility is one of their programmers thought "It would be good if there was more encrypted e-mail going around in general, I wonder if I can get it into facebook somehow" and coded this feature in their free time. Then convinced his managers to integrate it with that argument plus "and it's already coded we just need to merge it in"
Well, from what I know there are some seriously privacy minded people in there. As oxymoronic as that sounds.
But I could certainly see some benefits both for FB and for world at large from this. One of the big problems with PGP is how to bootstrap web of trust. "Does this key really belong to this particular person?" But what if the otherwise loathed real name policy could be turned to service this particular need? Prominently visible personalities can attach their PGP keys to their pages and make the first association harder to forge.
Secondly, I have little doubt that the keyservers are monitored. An increase of searches and/or downloads to known activist lawyers' or journalists' keys could have relation to uncomfortable whistles being blown in near future. But what if FB made the keys they have signed available via their own keyserver, and made that reachable over Tor? Downloading a high-profile PGP key is likely to be a fairly big red flag.
And lastly, there may be some positive effects further down the line. I've been using PGP (and later GPG) since 2.3i became available and I know just how horrid the usability is. If FB can iterate over UI and UX issues, then others can learn from those efforts, and eventually we might have something that even a regular person could at least learn to use.
And of course - adding more encrypted noise to global email flow is not a bad thing at all.
I have no doubt that FB sees many non-altruistic avenues if this service catches wind. Wonder is there is anything to relationship graphs with some extremely strong edges...
Zuckerberg actually cares a lot about his privacy. Yours? Maybe not as much.
http://www.slate.com/blogs/business_insider/2015/05/18/tech_...
http://www.theguardian.com/technology/shortcuts/2015/may/19/...
But isn't the PGP move a sign that Facebook cares about our privacy? Not really. The profile thing makes it easy to discover people who use PGP and email them with encrypted messages, but that has nothing to do with Facebook's content.
As for the encrypted notifications, Facebook can obviously still read those, and it can be useful to protect the data from Google. Also, if more people use PGP for email, that means less data for Google, so I could actually see this being a strategic move, too. Maybe not a huge one, but it doesn't cost Facebook too much to implement this, so why not?
I'll start thinking Facebook actually cares about my privacy when the Messenger uses Axolotl or OTR as well as ZRTP. Until then, I'll remain skeptical of Facebook's privacy intentions.
If I remember correctly, Open whisper systems, makers of TextSecure app say that Whatsapp[1] uses the text secure protocol[2]. This means that chats are encrypted end to end. It doesn't seem to expose information to Alice when Bob's keys change though. So someone could coerce Whatsapp into changing the keys for Alice and Bob and MITM that way. However, if we are worried about that we should also be worried about a rogue agent just updating the binaries for Whatsapp to remove such privacy-conscious decisions.
I guess the prevailing notion (as the grand parent said) is that while Facebook couldn't give two shits about our privacy, there are people who work there who do care about privacy in general (and not just their own privacy). Of course, no Facebook employee is going to come out publicly and call Mark Zuckerberg for being a self-serving psychopathic douche bag.
[1] (owned by Facebook, I imagine the deal is complete by now)
[2] https://whispersystems.org/blog/whatsapp/
> The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.
> WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.
Have you heard of keybase.io?
They don't do Facebook, but you can tie a PGP key to various other public identities (Twitter, GitHub, HN, Reddit, etc.)
I had heard about them but never had taken a good look. Now I did and choose not to deal with them. Some quotes from their website:
> certain crypto actions (signing and decrypting) are limited to users who store client-encrypted copies of their private keys on the server
No. Especially combined with the next one:
> On the website, all crypto is performed in JavaScript, in your browser. Some people have strong feelings about this, for good reason.
The second sentence sums it all up.
I think the service has been made with good intentions, but the pavement on the road to Hell...
The keybase CLI allows you to keep the private keys offline on a machine of your choice, and does the crypto the "standard way" (shelling out to gpg):
> But what if the otherwise loathed real name policy could > be turned to service this particular need?
The link between a real person and a Facebook account isn't secure - I could make an account with your name today without too much stress (no need to provide ID unless Facebook thinks your name isn't a real name).
I think the grandparent chose the wrong end of the stick with relating this to "famous" people, which, in turn, threw you off.
Sure, you can register an account in my name, but there are quite a number of people who will not be fooled: people who actually know me. People who know me in real life can tell whether an account is real or not, because they can tell whether I post about things I do, whether I post pictures that are...well, me.
In that case, they can be reasonably sure that the account in question is, in fact, my account. If I attach my GPG key to this account, they can thus also reasonably assume that the GPG key belongs to the account that belongs to me. This essentially gets you the online equivalent of a key-sharing party.
Yes, I deliberately chose the term "prominently visible" and not "celebrity". The context is different with PGP.
Maybe I should have used high-profile as the specifier in that sentence too.
"and it's already coded we just need to merge it in"
Any manager worth their salt will know that maintaining code is 10x more expensive than building it in the first place, and if it's user-facing code you're even adding an implicit promise that the feature isn't going to be removed again. I strongly doubt the "oh but it would be so hard to build that" argument counts for much.
That said, I've no idea about what kind of place Facebook really is.
Well, it's possible that "move fast and break things" is more than just hot air. :)
This is by far the most likely reason. When you hire top developers, those developers want to work on interesting stuff. If retaining those people is a priority, the middle manager's only option is to smile and nod when they tell him something they'd like to do, or he'll soon find himself without employees, and shortly after without a job.
Just look at all the shit that comes out of Google, not as part of some grand overarching scheme, but because someone thought it would be fun, and more often than not forgotten about a year later.
To me the strangest thing about this announcement is that, while the PGP user base is small, I imagine its intersection with Facebook's is much, much smaller. PGP is used by people who are extremely concerned with privacy, which is practically the antithesis of Facebook.
That is why I suspect this is mainly a PR move by Facebook to show they are concerned about your privacy. Although the suggestion in the article about Facebook going in the PGP mail business is much more excited. Not that i would want to host my email on facebook servers, but if they are able to lay the groundwork for usable encrypted email that would be really great.
It'd be interesting if Facebook let ads be targeted at people with PGP keys.
I agree with the demographics, but I've never understood this connection. With Facebook, the intrusion of privacy happens completely out in the open and you can work with that. By now pretty much everyone concerned knows that they collect and potentially use everything they can. With email interception, on the other hand, that's something you don't have any control over without encryption. So in my mind, I can be a heavy user of Facebook and a heavy user of PGP without any contradiction.
> With Facebook, the intrusion of privacy happens completely out in the open and you can work with that.
I'm not following. Once I hand over my data I have no real control over how they end up using it behind the scenes. Furthermore, even if I never sign up with Facebook or at some point delete my account thinking my data has been flushed, a "shadow profile" still exists that I have no control over. [1]
[1] http://motherboard.vice.com/blog/facebooks-shadow-profile-bu...
I'm not following either.
If such interactions happen in the "open", facebook is then encrypting information relating to such "open" interactions, so that people already familiar with things like pgp/gpg (of which, I assume who also know what email headers are) can know that such "open" interactions came from facebook and that such information regarding "open" interactions was not modified in transit?
I guess "completely out in the open" means different things to different people…
PGP is still useful for signing and verification of identity which is what Facebook is about (the whole real name fiasco).
The last paragraph of the linked post describes more or less what keybase [1] is.
I'm not a fan of Keybase because they encourage a lot of unsafe behaviour:
1. They tell you to trust webpages which claim that their code does not send passwords or private keys to the server – something which would be extremely hard to verify now and even were you to do so now, could silently change in the future:
https://www.dropbox.com/s/teikzwftimeu8nc/Screenshot%202015-...
https://www.dropbox.com/s/1xlvpd8drhix0tj/Screenshot%202015-...
2. They encourage blindly copying and pasting complex commands into a shell:
https://www.dropbox.com/s/5rv7p4mks0qdr7f/Screenshot%202015-...
I have no reason to believe they're doing any of this in malice but it's not good because it encourages people to believe claims which could be made by any phisher and encourages practices which put you at risk if Keybase is ever compromised.
The answer to this, of course, would be a browser-managed crypto API which could provide unspoofable UI indicating that e.g. a private key will never leave the client but in the absence of such an API it feels irresponsible to make similar claims which aren't actually possible.
A little of topic, but if someone would like a invite to keybase let me know :-)
From their CEO[1]:
Heck. In honor of FB's move, Keybase signups are open for the next 24h. Please one account per person. Use invite code: shit-yeah-facebook
[1] https://twitter.com/malgorithms/status/605807605659758592
Hijacking: tweet at me if you can't seem to get the invite from any of the other kind people.
And that is why I have no interest in keybase.io
Well that and they don't solve the only really interesting problem with GPG: how to send a secure email to somebody who doesn't yet have a private key.
For anyone late, I have 9 invites. My details are on keybase: https://keybase.io/lekevicius
And if there's anyone even later, I've got a few as well: https://keybase.io/oddevan
Back in the Myspace era, I was bored and created an easy encoder-decoder for people to play with. It worked with Twitter, Facebook and Myspace (cut-paste your encoded text) because it only used basic characters. As you can't see in this animation, I later added random spaces and punctuation to the encoded text so that theoretically it would be harder for social networks to detect and block. The text was encoded in Javascript as you typed, which I thought was cool :-)
You can see it here as a GIF animation http://pjbrunet.com/friends-secret-messages.gif The decoder was just as easy, another pink box under the encoder. Obviously a pro could crack the code but that wasn't the point.
It was free. I advertised it to hundreds of thousands of people at the top of my blog which was 99% social media users and many of them were interested in privacy related topics as I could see from the Google queries. Looking at the CTR on that banner (asking people to try it) I concluded nobody cared. I was obviously targeting people who weren't tech savvy. I had some friends try it, they said they felt like James Bond ;-) That particular app had no traction, but my "pipe letter generator" did much better.
╔╔╗════╔╗═╔╗═════╔╗═══════╔╗══════════════════╔═╗╗
║║╚╗╔═╗║║═║║═╔═╗═║╚╗╔═╗╔═╗║╠╗╔═╗╔═╗═╔═╗╔═╗╔╦╦╗║═╣║
║║║║║╚╣║╚╗║╚╗║║║═║║║║╬║║═╣║╦╣║╚╣║╔╝═║║║║╚╣║║║║╠═║║
║╚╩╝╚═╝╚═╝╚═╝╚═╝═╚╩╝╚╩╝╚═╝╚╩╝╚═╝╚╝══╚╩╝╚═╝╚══╝╚═╝║
╚════════════════════════════════════════════════╝I don't think anyone cares or should care about easy-to-break encryption. Encoding and decoding your messages has a cost, there needs to be a benefit beyond "looking cool".
I have to agree, but I was looking to limit the "cost" by making it easy and fun. I could see the demographics, most of them had time to kill. And with young people, you never know what will be cool, fashionable or viral. Easy-to-break is subjective too. Sibling, parent, teacher, advertiser, somebody looking over your shoulder? They couldn't break it. I think every generation has something like this, a Cracker Jack decoder ring, passing notes in class, some 1337 letter generator.
What if Google validated PGP signatures for you from trusted, popular certs?
They'd have Facebook's pubkey on file, and -- transparent to you -- would create something analogous to my browser's lock icon in their email browser. Any time you got an email from Facebook, it'd say "Verified Sender".
Heck, couldn't we tie mail from Facebook back to their domain cert given to them by their CA? If it says @facebook.com, and it's passes verification from the cert on facebook.com, then it's actually from Facebook, right?
This has been done for some time already via DKIM and DMARC, which anyone can configure.
https://support.google.com/a/answer/174124 https://support.google.com/a/answer/2466580
Thanks for noting this. A lot of discussion about email encryption and security is clearly from the consumer POV, and most people seem to be unaware of things enterprises already do (using commonly available tools & settings) to secure email. Not that it replaces message encryption via S/MIME or PGP, but companies like https://www.mailvelope.com/ and https://www.virtru.com are trying to help with that.
Btw, does PGP support triple wrapping to prevent surreptitious forwarding? (S/MIME does - https://www.ietf.org/rfc/rfc2634.txt)
I really don't understand why it has been chosen over S/MIME. Maybe they gave the money to that german guy who wrote it and now they don't want them to be completely wasted :)
S/MIME has very little adoption - the kind of people who care about encrypting their email are usually the same kind of people who don't trust the CA system.
That's not true: https://gist.github.com/rmoriz/5945400
Also US medical data exchange is built on S/MIME: http://www.directtrust.org/
Probably it's "S/MIME has very little adoption, outside of the corporate / enterprise market.."
Getting keys sign by CA is just as bad (or even worse -- you have to generate and then have that key signed by CA) than generating a key on OpenPGP scheme, and then there's the issue of cost. (Although I've seen some free ones out there.)
No, it's not. WoSign, StartSSL and iirc Comodo create the private key in your browser. This functionality is afaik around since Netscape's first SSL-enabled browser and originally intended for client-side-certificates. Today it's implemened using the <keygen> tag [0].
This usually means, that you press a button in your browser, the Browser generates public+private key, stores them in your Keychain (OSX for example), sends the public key to the CA and the CA mails you the certificate.
It's really done in seconds and for Mail.app or iOS mail you just need to enable S/MIME and sign/encrypt. There are many tutorials out there for various MUA. Except of Android nearly every popular MUA can speak S/MIME including Outlook, Thunderbird… [1] and many tutorials are out there [2].
[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ke...
[1] https://gist.github.com/rmoriz/5945400#file-1_smime-clients-...
Despite his German sounding name, I can assure you that Phil Zimmermann, the creator of PGP, is very much an American.
He meant Werner Koch, the guy who is maintaining gnupg A few months ago, he asked again for donation, this time he got "good media exposure" and got funded. cf https://news.ycombinator.com/item?id=9011138
Facebook pledged to donate $50,000 a year to Koch’s project.
Uuups, my bad.
Thanks for corrections.
Following Facebook's story on PGP, I see I had missed that Facebook directly supported Tor since last fall. https://www.facebook.com/notes/protect-the-graph/making-conn...
I think the nicest part of this is that account recovery e-mails are encrypted. I wish we'd see more of this.
While I'm cautious about facebook in general, it is (in essence) a repository for public data. A public key falls into that category, so they gain nothing more than the association of user and key. And in return, the PRISM databank has more superbly useless information to store and eventually 'collect' for 1EF communication.
And I gain immunity from account hijacking unless I mess up Key Management.
Has anyone got an encrypted email from facebook yet? I uploaded my key and ticked the box, but the last notification I got was still in the clear.
Yeah, I immediately-ish got an encrypted email asking me to confirm that I really wanted my notifications encrypted, and after I clicked the link I started getting encrypted notifications. Maybe check your spam?
Hi. Someone else commented, but you should have received an encrypted verification email with a link. We don't want to start sending you encrypted notifications until we confirm you're actually able to read them.
If you click that verification link, you'll receive a web notification that it's enabled should start receiving encrypted notifications.
Check your spam folder in case your mail provider's or client's spam filter is mislabeling it.
If you don't see it, try unchecking and rechecking the opt-in box, which should trigger a new verification email. (We've had a feature request for a "Resend" button".)
The easy answer is that they knew Apple was going to come out strong for encryption in the past few days and wanted to do a "me too."
Now if Apple does announce PGP/GPG support built into Mail in OS X and iOS, that would make this much more interesting.
I wonder if MS has made GPG support any easier in Outlook. Last I looked into it a year or two ago, it was hard to integrate unless you paid for the official PGP plug-in.
Given that one event involves coding, testing, and real deployment while the other is Tim Cook giving a speech where he spins another tale of "in the future..." BS that is in no way supported by anything real yet, I think you have the order backwards here.
I'm totally OK with companies "me too"ing this particular feature.
Private public keys + verification gives way to lots of uses...
Payments (bitcoin style currencies), banking, document signitures, and single sign-on?
Beware of turning Facebook into the general propose CA of web services.
I wish they had opted to use S/MIME, because of the wide support in MUA and because it's relatively easy use even for non geeks.
Some time ago I started collecting support of S/MIME in products and companies: https://gist.github.com/rmoriz/5945400
Regarding making this work with GMail, Google still has their End-to-End GPG plugin for Chrome+GMail: https://github.com/google/end-to-end
I like the idea of linking certificates to facebook accounts