Two years after the NSA controversy exploded in Facebook’s face, the company is “gradually rolling out” limited support for PGP (Pretty Good Privacy) encryption.

This is huge, in a sense. A company dedicated to selling off your every want to advertisers is taking steps to support truly secure communication technology. But alas, after trying the new features ourselves, we found that Facebook’s done little to truly reduce the barrier to entry that accompanies Snowden-approved, end-to-end encryption.

Before we begin, here’s some prerequisite info: Created in 1991, Pretty Good Privacy (PGP) is an end-to-end encryption program. End-to-end encryption means only the sender and receiver of a message can read it. PGP uses keys, one public and one secret, in order to help protect digital communications.

OK, let’s dive in.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Getting the facts straight

Facebook is working on two new features. The first feature allows you to share your public PGP key on your profile, just like you’d list your website, age, or email address. The second is more complicated; Facebook now allows you to “encrypt notification emails sent from Facebook to your preferred email accounts.” As Facebook notes, the first feature can work independently from the second.

Facebook already encrypts whatever you do on Facebook.com, although the data you share with Facebook may still make its way into the hands of a prodding government agency.

There will always be potential weak links when it comes to privacy. All Facebook’s PGP features offer is the option to extend the existing security features of Facebook.com to your email. That’s it. If one of my Facebook friends wanted to send me a message, Facebook would handle the encryption — so it’s not truly end-to-end, in the traditional sense.

The most interesting opportunity here has to do with the account recovery process. By choosing to auto-encrypt all email notifications from Facebook, recovery emails from Facebook will be encrypted by default. This presents an opportunity to prevent (or at least slow down) courts, spies, and hackers from compromising your Facebook account. That’s handy. Nice work, Facebook.

Getting started

You won’t find this setting unless you’re actually looking for it. Here’s how to find it, starting from your Facebook profile page: About > Contact and Basic Info > + Add a public key.

facebook add a public key

If you already have a public and private key, simply paste your PUBLIC key (NOT THE PRIVATE KEY ZOMG) into the following field. If you haven’t used PGP before, your best bet is to set aside some time for a complete tutorial.

Facebook PGP field

Note the checkbox.

Screen Shot 2015-06-01 at 11.31.51 AM

After saving your changes, you’ll see something like this.

Screen Shot 2015-06-01 at 11.32.08 AM

Next, check your email. You’ll receive the following warning from Facebook.

BEWARE: If at some time in the future you cannot decrypt your account recovery emails and if you also become locked out of Facebook, you may be unable to recover your Facebook account.

Then, you’ll get the following confirmation.

Screen Shot 2015-06-01 at 11.33.07 AM

The takeaway

It’s great to see Facebook embrace PGP to some degree, but it can do more. These are features which we should all expect from a company of Facebook’s scale and industry dominance. And Facebook isn’t the only company experimenting with bringing PGP to the masses; plenty of startups, as well as heavyweights like Google, have explored the idea. No major company has managed to make PGP truly consumer-friendly to date.

“It’s very important to us that the people who use Facebook feel safe,” the company gently penned in a blog post today.

Thanks, Facebook. I appreciate your concern. The new PGP features aren’t very accessible, but it’s nice that you tried, and hopefully this experiment will further encourage you to protect my privacy, while raising international awareness of technologies like PGP.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More