You might of heard that PGP Encryption has now been introduced to Facebook, I would like to explain what PGP Encryption is (also generally) & Facebook (relating to security).
Firstly PGP stands for “pretty good privacy”, it was created by Phil Zimmermann nearly 25 years ago, he originally designed it as a human rights tool, which he published it on the Internet for free in 1991.
The whole idea of Cryptography (Encryption) started when Julius Caesar wanted to sent his generals messages. But he did not trust his messengers, because of this he replaced every A in his messages with a D, every B with an E, and so on through the alphabet (“shift by 3”). But if someone knew this rule (the basis of encryption) they could decipher his messages.
PGP expands on this and uses public key cryptography (the concept of which was introduced by Whitfield Diffie and Martin Hellman in 1975) to encrypt then decrypt messages. Imagine as before there’s a rule (which is extremely complex and is used by computers), but there are two (one to encrypt then one to decrypt).
These two keys you have are a private key and a public key, of cause a public key is, public, but to encrypt AND decrypt both keys are needed. Meaning that only you can ensure verification (security) of information you send or receive, also metaphorically lockpicking it is near impossible as well.
Although PGP Encryption is quite a bit more complicated, even beyond this metaphor. PGP is a combination of some of the best features of both public key cryptography and conventional (using a hashing system as well), making PGP a hybrid cryptosystem.
To read more about how PGP Encryption works, especially the more technical aspect of it, read this webpage.
If you now edit your infomation on Facebook, and go under “Contact and Basic Info” here, you will find a new field called “Add a public key”.
This is one of many security features that Facebook has introduced over the years, including using HTTPS with HSTS, having an onion address (which can only be accessed though Tor, which I’ve wrote an article on here), and even seeking to secure connections to your email provider with TLS.
But there is debate whether your messages are truly secure, for many reasons. Users have been stating that the Government have a backdoor, or even that Facebook is working with governments. The twitter user Matt Blaze (who is a security and cryptography expert) said:
‘Latest junior secret agent idiocy going around: Facebook being “allowed” to use PGP “proves” that NSA can break it. #NotEvenWrong’ – Matt Blaze @ Twitter
If you have any thoughts about this, whether the Governments do have access to our encrypted data, some how, please leave them down in the comments below.