Facebook announces experimental implementation of PGP, the cryptographic encryption and authentication tool used by Edward Snowden, into its social media empire.
Pretty Good Privacy
The Silicon Valley giant announced the new feature on its security blog, which allows users a specific place to publish their PGP keys on their Facebook profile. In addition, users can also request all notifications and sensitive emails to be encrypted using Facebook's publicly posted PGP key.
PGP stands for 'Pretty Good Privacy' and it is public-private key pair cryptographic technology -similar to Bitcoin's – that has been praised by security experts for over 25 years. The PGP standard was used by Snowden to coordinate the release of the top secret international surveillance documents with Glen Greenwald and Laura Pointras, back in 2013.
PGP allows not only end-to-end encryption of emails, but authentication of the sender, meaning that you are fairly certain that the sender is indeed who they claim to be, since they need their own private keys to sign the communications. If someone steals your private key, you can (assuming you have another copy) publicly denounce the associated public key or "certificate" as void.
This is particularly important since Facebook servers were reportedly being impersonated by the NSA, in order to infect target with malware. The use of PGP secured emails prevents this impersonation by attackers, though it's not perfect.
Other protocols such as Off-The-Record encrypt each communication with a new key, so that even if one key is compromised, all communications can not be decrypted and then used against you with cryptographic certainty.
PGP, however, is renowned not only for its security but for how difficult it is to use. So much so, that Greenwald admitted in his book (Nowhere-to-hide) that he avoided setting up his private and public keys for months and struggled with Snowden's tailored tutorial, which almost lost Greenwald the story.
Nevertheless, the proper implementation of PGP is perhaps the gold standard of peer to peer encrypted email.