While fiddling with my Yubikey 4 today I noticed that Facebook has an option for FIDO U2F two-factor authentication1. Neat, of course, but not entirely unexpected given all the Facebook “hacks” that are giving them a bad rap.
While in the “Security” settings I figured I’d change my password and quickly review the other options as well, because why not. To my surprise they had added this option:
I don’t believe I’ve ever seen this feature on any other website. All problems with PGP aside, this is awesome, because e-mail is now such an integral part of life but, sadly, the protocol hasn’t changed much since the 70s (or early 80s when it became standardized). It is entirely and completely insecure, unreliable, and totally unsuited for what we use it for today. But we still use it. Encrypting e-mail is certainly a step in the right direction.
Finding an option for encryption on Facebook, of all places, is a little shocking to say the least. Given that companies (and I use the term loosely) are usually not in the habit of giving a single fuck about their clients’ privacy, it led me to wonder why they implemented this.
There were only two reasons I could think of: the first being a PR-reason– “Look at how much we care about our users’ privacy!” The second reason, for which I had to don my tinfoil hat, would be that Facebook are bearing in mind the very real possibility that their competitors are data-mining the e-mails sent out from Facebook. Spoopy.
Oh, and apparently this feature has been available for a while, I’m just not a heavy Facebook user and had never noticed. It’ll be interesting to see if other websites will start following suit. Then maybe, just maybe, encryption will finally start to become commonplace.
Cris van Pelt