[michaelt]

Another possibility is one of their programmers thought "It would be good if there was more encrypted e-mail going around in general, I wonder if I can get it into facebook somehow" and coded this feature in their free time. Then convinced his managers to integrate it with that argument plus "and it's already coded we just need to merge it in"

[bostik]

Well, from what I know there are some seriously privacy minded people in there. As oxymoronic as that sounds.

But I could certainly see some benefits both for FB and for world at large from this. One of the big problems with PGP is how to bootstrap web of trust. "Does this key really belong to this particular person?" But what if the otherwise loathed real name policy could be turned to service this particular need? Prominently visible personalities can attach their PGP keys to their pages and make the first association harder to forge.

Secondly, I have little doubt that the keyservers are monitored. An increase of searches and/or downloads to known activist lawyers' or journalists' keys could have relation to uncomfortable whistles being blown in near future. But what if FB made the keys they have signed available via their own keyserver, and made that reachable over Tor? Downloading a high-profile PGP key is likely to be a fairly big red flag.

And lastly, there may be some positive effects further down the line. I've been using PGP (and later GPG) since 2.3i became available and I know just how horrid the usability is. If FB can iterate over UI and UX issues, then others can learn from those efforts, and eventually we might have something that even a regular person could at least learn to use.

And of course - adding more encrypted noise to global email flow is not a bad thing at all.

I have no doubt that FB sees many non-altruistic avenues if this service catches wind. Wonder is there is anything to relationship graphs with some extremely strong edges...

[higherpurpose]

Zuckerberg actually cares a lot about his privacy. Yours? Maybe not as much.

http://www.slate.com/blogs/business_insider/2015/05/18/tech_...

http://www.theguardian.com/technology/shortcuts/2015/may/19/...

But isn't the PGP move a sign that Facebook cares about our privacy? Not really. The profile thing makes it easy to discover people who use PGP and email them with encrypted messages, but that has nothing to do with Facebook's content.

As for the encrypted notifications, Facebook can obviously still read those, and it can be useful to protect the data from Google. Also, if more people use PGP for email, that means less data for Google, so I could actually see this being a strategic move, too. Maybe not a huge one, but it doesn't cost Facebook too much to implement this, so why not?

I'll start thinking Facebook actually cares about my privacy when the Messenger uses Axolotl or OTR as well as ZRTP. Until then, I'll remain skeptical of Facebook's privacy intentions.

[minot]

If I remember correctly, Open whisper systems, makers of TextSecure app say that Whatsapp[1] uses the text secure protocol[2]. This means that chats are encrypted end to end. It doesn't seem to expose information to Alice when Bob's keys change though. So someone could coerce Whatsapp into changing the keys for Alice and Bob and MITM that way. However, if we are worried about that we should also be worried about a rogue agent just updating the binaries for Whatsapp to remove such privacy-conscious decisions.

I guess the prevailing notion (as the grand parent said) is that while Facebook couldn't give two shits about our privacy, there are people who work there who do care about privacy in general (and not just their own privacy). Of course, no Facebook employee is going to come out publicly and call Mark Zuckerberg for being a self-serving psychopathic douche bag.

[1] (owned by Facebook, I imagine the deal is complete by now)

[2] https://whispersystems.org/blog/whatsapp/

> The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.

> WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.

[cbhl]

Have you heard of keybase.io?

They don't do Facebook, but you can tie a PGP key to various other public identities (Twitter, GitHub, HN, Reddit, etc.)

[bostik]

I had heard about them but never had taken a good look. Now I did and choose not to deal with them. Some quotes from their website:

> certain crypto actions (signing and decrypting) are limited to users who store client-encrypted copies of their private keys on the server

No. Especially combined with the next one:

> On the website, all crypto is performed in JavaScript, in your browser. Some people have strong feelings about this, for good reason.

The second sentence sums it all up.

I think the service has been made with good intentions, but the pavement on the road to Hell...

[cbhl]

The keybase CLI allows you to keep the private keys offline on a machine of your choice, and does the crypto the "standard way" (shelling out to gpg):

https://keybase.io/docs/command_line

[A1kmm]

> But what if the otherwise loathed real name policy could > be turned to service this particular need?

The link between a real person and a Facebook account isn't secure - I could make an account with your name today without too much stress (no need to provide ID unless Facebook thinks your name isn't a real name).

[rmk2]

I think the grandparent chose the wrong end of the stick with relating this to "famous" people, which, in turn, threw you off.

Sure, you can register an account in my name, but there are quite a number of people who will not be fooled: people who actually know me. People who know me in real life can tell whether an account is real or not, because they can tell whether I post about things I do, whether I post pictures that are...well, me.

In that case, they can be reasonably sure that the account in question is, in fact, my account. If I attach my GPG key to this account, they can thus also reasonably assume that the GPG key belongs to the account that belongs to me. This essentially gets you the online equivalent of a key-sharing party.

[bostik]

Yes, I deliberately chose the term "prominently visible" and not "celebrity". The context is different with PGP.

Maybe I should have used high-profile as the specifier in that sentence too.

[skrebbel]

"and it's already coded we just need to merge it in"

Any manager worth their salt will know that maintaining code is 10x more expensive than building it in the first place, and if it's user-facing code you're even adding an implicit promise that the feature isn't going to be removed again. I strongly doubt the "oh but it would be so hard to build that" argument counts for much.

That said, I've no idea about what kind of place Facebook really is.

[andrewflnr]

Well, it's possible that "move fast and break things" is more than just hot air. :)

[rubzah]

This is by far the most likely reason. When you hire top developers, those developers want to work on interesting stuff. If retaining those people is a priority, the middle manager's only option is to smile and nod when they tell him something they'd like to do, or he'll soon find himself without employees, and shortly after without a job.

Just look at all the shit that comes out of Google, not as part of some grand overarching scheme, but because someone thought it would be fun, and more often than not forgotten about a year later.