Facebook supports encrypted emails to defend user privacy
Facebook is finally embracing consumers' desire to encrypt their emails.
The company announced today that people will now be able to share encryption keys via their Facebook profiles. They can also have the company encrypt the emails it sends them whenever they receive a notification on the social network.
In a blog post, Facebook explains that it already encrypts notification emails as they're ferried along the network. But the messages themselves are available in plaintext to "anyone who accesses [a user's] email provider or email account."
Now those messages will be scrambled, so instead of sending an email that clearly informs a user that today is their cousin's birthday, the email will look like gobbledygook to anyone who doesn't have the proper encryption key.
Facebook is positioning this feature as a continuation of its efforts to protect its users' privacy. A key part of those efforts was the introduction of a website that allows Tor users to visit Facebook with a reduced risk of government snooping.
At the time, I argued that visiting Facebook via Tor was nonsensical:
This feature is a step in the right direction, if only because it allows Facebook users to volunteer information instead of handing it over without informed consent. (How many people really know what metadata is, let alone the implications of sharing it with a company like Facebook?) But so far as privacy features go, this one is probably the least sensical in the history of the Web, and it’s more of an oddity than an actual step forward for people who care about online privacy.I was wrong. There are clear benefits to using anonymity services while visiting websites that collect information voluntarily provided by their users. (What good is Facebook if it doesn't have any personal data?) As the Verge explains:
Together, [the Tor site and today's announcement] provide an effective way to use Facebook without revealing your identity, connecting through Tor and maintaining the account through encrypted emails. Any emails sent under the system will clearly be from Facebook, but won't reveal which account they're sent in reference to, allowing the user to receive alerts without breaking anonymity. It's a potentially crucial feature for activists and journalists in oppressive countries, looking to use Facebook under a pseudonym without revealing themselves to the network.There are still problems with Facebook's data collection, especially in Europe, and some of the experiments the company performs on its users. But these features aren't nonsensical -- they're welcome changes that could allow people who wish to evade snooping to use one of the world's most popular websites.
[illustration by Brad Jonas]