Facebook now supports PGP email!

In an interesting post (with the tediously link-baity headline “Facebook just made a move that will infuriate law enforcement”), Business Insider reports that Facebook will now let you add your PGP public key to your profile, and that Facebook can be configured to use that key when they send you email.

This has the potential to make Facebook much more secure: The email to reset your password will be encrypted with your public key, potentially defeating the standard attack on a social media account (hijacking an email address and then getting the site to send that address a password reset message). As long as your private key stays under your control, the attacker can’t get at the password reset URL, even if they can get at your email.

As a bonus, any email alerts from Facebook remain somewhat private. (Not that I’d share anything I wanted kept private with Facebook, or expect that anything anyone else shared with Facebook would remain private—but keeping the contents of my email private seems worth doing just for its own sake.)

Of course, as Facebook warns you, if you lose your private key and access to Facebook at the same time, you may well be completely screwed.

I think it’s a risk worth taking, and have already added my PGP key to my Facebook profile.

Possibly related posts (auto-generated):