In a big coup for online privacy, social network Facebook has confirmed that it has added a new product feature, allowing users to receive PGP-encrypted notification emails from the company.
In a blog post published earlier today, Facebook software engineers Steve Weis and Zac Morris announced that the firm was rolling out an “experimental” feature, enabling people to add their OpenPGP public keys to their profile. Once added, these keys could be used so that Facebook could send encrypted notifications emails so to “provide greater assurance that the contents of inbound emails are genuine.”
Facebook already runs connections to its site over HTTPS with HSTS and also provides a Tor onion site. It secures emails with TLS, although the stored content of messages may be accessible as plaintext to anyone with access to the user's email provider or email account.
Update: It has been brought to our attention that password reset emails will also be encrypted.