If we were not aware of the eyes that watch over us on the Internet, Edward Snowden confirmed two years ago that American authorities monitor all our conversations. The former contractor at the NSA revealed that agents of the intelligence services roam freely in our private inboxes.
Then, many technology companies reassured their users and took some actions, but there are still things to do in order to ensure the total security of the conversations. One of the companies that seems ready to settle any suspicion about a possible intrusion is Facebook. According to the latest undertaken actions, everything points to the fact Mark Zuckerberg’s team wants to make it even more difficult for those who intend to snoop around others people’s conversations.
All the users’ connections with Facebook’s servers, including sent and received messages, are already transmitted via secure HTTPS protocol. As if this isn’t enough, the social network has also launched a Tor network service for the reassurance of their most demanding users with respect to privacy.
However, besides the connections that users establish through the service itself, there are other communications which are made via Facebook indirectly, via email. They are the notifications that you receive, for example, when a friend sends you a direct message (unless you have disabled this service).
Since the safety of these messages was not so assured, Facebook has announced that, from now on, all users – if they so decide – may receive them protected by the popular encryption Pretty Good Privacy (PGP). PGP hides the emails from potential intruders with a code system based on a public one (which the sender must have) and a private one (which only the receiver has).
The Setup process is simple:
- Access your profile
- Click on the ‘Information‘ section
- Go to ‘Basic and contact information’. From now on you can also introduce here your PGP public code (if you don’t know what it is or how to get it, the best thing you can do is to read a tutorial), which will be displayed in your profile, available to anyone who wants to send you an encrypted email.
Below the panel you will see a box on which you will have to click if you want all the notifications that Facebook sends you, from now on, also to incorporate this security layer.
So whenever the encryption is used, it is very important to remember the code you established to protect your email with PGP. If one day you forget it, you won’t be able to read the notifications from Facebook, and you could lose your account on the social network.
How could you reach this far? Imagine that you had to use, for any reason, the typical Facebook password recovery email: the email would arrive encrypted, and you would only be able to read it and restore the ‘password’ if you can decode it. If you have forgotten our PGP private code in addition to your Facebook password, then you have a problem.
But don’t worry: it gets worse for the cybercriminal who tries to assault your account using the password recovery procedure. This trick will never be useful again. If he doesn’t have the PGP private code which decodes the emails that you receive, he would not be able to restore the password, even if he has access to the Facebook’s mail, because it will be encrypted.
It is a great security measure, without a doubt, which Facebook has just implemented. Now we will just have to wait to see if Zuckerberg’s network is an exception or other social networks decide to make a commitment to the safety of their users.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
4 comments
A lot of people are talking about the fact the FBM is making this encryption optionals, many people might get confused. Plus after all it’s all that end-to-end. And honestly… If talking about true end-to-end, well unfortunately not many messengers are trully encrypted as they claim. Many popluar apps say they encrypt data end2end but if you dig in… Well they actually provide only partial encryption meaning they dont encrypt data all the way throught. Most of them only encrypt client-server data which leaves a whole gap of unprotected infromation out there.
Nice Blog!!!
Thanks a lot!
Welcome:)