[repelsteeltje]

It's that, and the fact that a hacker would enable the feature after compromising the account (some other way, unrelated to PGP) to prevent the legit user from using the account recovery email.

So feature was basically there only to shoot oneself in the foot.

[b112]

That is part of facebook's reasoning, as to why they dropped it. The second part should be kept in mind, and that is, few use it.

If it was popular, they wouldn't axe it.

My comment was certainly about facebook dropping it, but also about how this is a larger picture issue. You don't need to weaken encryption standards(NSA, others), or have back doors(loads of states), if people just find it too annoying to use!

[repelsteeltje]

Would have helped a lot of there would have been some sponsorship and adoption by banks, bigtech, governments. With only push from Snowden and a couple of nerds (I'm making a hyperbole :-) ) and it being complicated, inconvenient this never gained momentum.

Banks, bigtech, government choose other means, for their own reasons. Some of those might have been spies lobbying to hold on to their surveillance superpowers, for sure. Another might have been "not invented here".

[prmoustache]

For that to work, your email has to be compromised in the first place.

And if your email is compromised, well, it is game over already, for every single thing you have access to.

So it is just a poor excuse. I guess the main reason is that virtually nobody knew this feature existed and the intersection between the population privacy savy enough to use PGP and using Facebook is ridiculously small.