Facebook has boosted its security chops with support for better bang-for-buck email encryption.
Menlo Park now supports OpenPGP's standard elliptic curve cryptography public keys meaning security and privacy pundits can post their public keys which will then be used to encrypt email notifications.
It supports NIST curves P-256, P-384, and P-521, and is considering non-NIST curves down the track.
Security software engineers Jon Millican and Steve Weis together with operating systems production bod Phil Dibowitz worked on the initiative.
They say users of the likes of ProtonMail have been calling for encrypted Facebook email support.
"Elliptic curve cryptography offers high levels of security for relatively smaller key sizes and is being widely adopted in modern cryptographic implementations," the geeks say .
"This new support allows you to post ECC public keys on your profile and have Facebook use them to encrypt email notifications.
"We've also heard from several organisations that support for Facebook PGP is a popular request from their customers. "
The team plugs ProtonMail, a zero-knowledge email project born from CERN which supports PGP for Facebook in a way that removes the need for users to juggle Bob and Alice's keys through a GUI in its webmail and mobile app.
ProtonMail co-founder Andy Yen says the support of strong open crypto standards by big tech could be an 'unstoppable' win .
"If we truly want to have a more private and secure internet, working together will be crucial and we applaud Facebook for sticking with open standards," Yen says .
"As OpenPGP is universal, in the future, we will also be able to integrate with countless other services."
"We are glad that giants like Facebook are supporting these efforts and if more companies join in, the movement to improve privacy online will be unstoppable."
ProtonMail users can jettison the old PGP setup and immediately begin to fire encrypted Facebook comms using their OpenPGP public keys. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks