Facebook is taking another step towards providing users with secure online communications as it has started to roll out an experimental feature that can encrypt emails sent out from the social network.
The new feature allows users to use OpenPGP public keys in their respective profiles, which can then be used to send notification emails that have end-to-end encryption from Facebook to the preferred email accounts of the user.
Users can also decide to share their OpenPGP keys from their own profiles, with the option of enabling encrypted notifications or not.
Users that would like to try out the new feature can simply access their contact information details in the desktop browser version of Facebook, where their OpenPGP public key will be listed. Once the encryption is activated, Facebook will also be signing all messages sent out from the social network using its own OpenPGP public key to increase assurance that the emails being received by users from the social network are genuine.
The feature, however, is not yet available for the mobile versions of the social network, though Facebook said that it is currently investigating on how to enable the feature for mobile apps.
PGP, which stands for "Pretty Good Privacy," scrambles the contents of emails so that only the recipient of the email will be able to access and read the messages. To use the encryption method, a pair of keys is created, which are long strings that are made up of numbers and letters. One of the keys is a public one which users can share with friends, while the other is a private one which should be hidden.
To send a message, users utilize the public key, which encrypts the message. The message can then only be cracked by using the corresponding private key, which means that even if the message is intercepted, there is no way for the offending party to decipher its contents.
Facebook will be using OpenPGP to provide encryption on the emails that the social network will send users, which includes notifications for new messages and requests for password changes. Hackers that break into the email accounts of victims will not be able to read the notifications and reset Facebook passwords, as the messages will be protected by the user's private key.
However, the feature does not yet cover messages sent between users through Facebook, with those messages being accessible if the user's account on the social network is compromised.
Photo: Richard Garside | Flickr