Facebook introduces end-to-end encryption for notifications

Facebook is testing out an experimental new feature that will enable people to add OpenPGP public keys to their profile, and gives users the option of receiving notification emails sent from Facebook in encrypted form.

“It’s very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure,” Facebook’s software engineers who worked on the project have noted in the announcement of the new feature, adding that this is why they made it mandatory for users to connect to the site via HTTPS and provided a way to access Facebook through Tor.

“However these technologies protect only the direct connections people make to Facebook,” they pointed out. “Whilst Facebook seeks to secure connections to your email provider with TLS, the stored content of those messages may be accessible as plaintext (with attachments) to anyone who accesses your email provider or email account.”

So, the company decided to offer the option of protecting this content for those who want it.

Users can enter their OpenPGP public key in their Facebook account via the “contact and basic info” tab. At the same time, they can choose whether Facebook will be using this public key to encrypt notification emails it sends them:

Users can also choose the degree of visibility of their OpenPGP key (Public/Friends/Friends except Acquaintances/etc.), with or without enabling encrypted notifications.

For more information about the feature, the technology chosen for its implementation, and instructions on use, check out this Facebook note.