Facebook is an identity provider. GPG is a failed(so far?) system for confidentiality and massively successful system for managing identity(Hello Debian!)
For their notification system, FB is leveraging GPG as an identity provider to say" only a person who has a certain private key should be able to reset access credentials for this account". It is a totally awesome breakthrough in the use of cryptography for robust, casual attestation of identity over an insecure channel and it leverages an existing toolchain rather than inventing a new one. Initially this is only available to cryptonerds but as the community fulfills the moral imperative to solve the usability problems it will become more widely available. On Mon, Jun 1, 2015 at 3:09 PM, Parker Higgins <par...@eff.org> wrote: > On 06/01/2015 12:35 PM, Thomas Delrue wrote: > > On 06/01/2015 01:46 PM, Steve Weis wrote: > >> Hi Libtech. Facebook added support to put a PGP public key to your > >> profile and optionally use it to encrypt email notifications that are > >> sent to you: > >> > https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302 > > Forgive my ignorance but what is the point of this 'feature'? > > Wouldn't FB (and thus anyone able to coerce FB as well) still have the > > unencrypted data? > > > > Wooden leg, meet band-aid. > > Facebook is offering end-to-end encryption. If you don't trust the other > end of an end-to-end connection, this won't help that particular > problem. But there are plenty of well-attested benefits of end-to-end > encryption for all sorts of other threats. > > Thanks, > Parker > > -- > Parker Higgins > Director of Copyright Activism > Electronic Frontier Foundation > https://eff.org > > 815 Eddy Street > San Francisco, CA 94109-7701 > > I prefer to use encrypted email. > > Public key: https://www.eff.org/files/2014/11/03/gphkey.txt > Fingerprint: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709 > > Learn how to encrypt your email with the Email Self Defense guide: > https://emailselfdefense.fsf.org/en/ > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
