Facebook reports enormous uptick in use of snoop-proof email

This Facebook chart shows how the number of emails protected by encryption by both the sender and the receiver has flipped in only a few short months. Facebook

Keeping email safe from prying eyes is a joint effort, with both the sender and receiver needing to implement encryption technology. And Facebook -- which sends its user base billions of notification emails every day -- says things have gotten significantly more secure because of changes made by popular webmail providers such as Microsoft and Yahoo.

The percentage of outbound notification emails sent from Facebook that are received by email services which support encryption has jumped from less than 30 percent in May to 95 percent by mid-July, according to a Facebook blog post published Tuesday.

That rate of adoption is exceptionally rare, said Jim Fenton, formerly the chief security officer at password replacement firm OneID and now an independent Internet technologist.

"Facebook's measurement is probably as favorable as it can be," Fenton said, pointing out that Facebook's unique situation -- outgoing email only, measured by volume, to large webmail providers for personal use more than work email accounts -- allowed Facebook to achieve such a rapid turn-around.

The change comes amid a growing effort by webmail providers to better support encrypted email. That's a reaction to National Security Agency snooping revealed by whistle-blower Edward Snowden, and it's a necessity at Facebook, where notification emails about posts and comments made by users' friends often contain snippets of private or semi-private content from the site.

The kind of basic webmail encryption Facebook refers to in its blog post is provided by a technology called STARTTLS, which uses Transport Layer Security encryption to make it harder to spy on email. The challenge with keeping email secure is that it requires both the sender and the receiver to support the same encryption technology -- otherwise messages remain unprotected. Though Facebook has supported STARTTLS for several years, of the three biggest webmail providers, only Google's Gmail had adopted it.

Facebook said in its post that now that Microsoft and Yahoo are on board with STARTTLS, the majority of the social-media site's notification emails are encrypted with two common encryption techniques. One is Forward Secrecy, a technique that prevents the same numeric encryption keys from being used more than once, which would make messages easier to crack. The other is strict certificate validation, which is a high standard for ensuring that a digital authentication certificate -- which email systems check to verify who's sending a message -- has not been forged.

A Facebook spokesman told CNET that the company is working on getting the other 5 percent of webmail providers to use encryption. "All major providers we've talked to are either using STARTTLS or are actively working on deploying it," he said.

A Microsoft representative noted during a previous interview that webmail encryption efforts are tricky because of the two-way-street situation involving sender and recipient.

Visit link:
Facebook reports enormous uptick in use of snoop-proof email

Related Posts
This entry was posted in $1$s. Bookmark the permalink.