Facebook has just announced that it would allow users to encrypt emails sent to them from Facebook using the strongest known encryption, OpenPGP. It seems like a good first step to us, but it is complicated to use and leaves Facebook some large loopholes that means it still does not protect your data well.

Complicated Setup

The new feature encrypts notification emails sent from FB to your email account. In order to protect your data in these emails, you would also have to have encryption enabled on your own email client. This is a prohibitively complicated setup for the average user, and most would need to hire technical support help to implement it.

If you are able to set it up, information sent from Facebook will now be heavily protected. PGP still hasn’t been broken by the NSA, at least, as of Snowden’s leaks.

Not a National Security Threat

However, what is Facebook’s history of handing over information to law enforcement authorities? Unlike Apple’s claim that their encryption will protect your data even from their own access, Facebook is not going nearly so far. Your data is still collected and used by them and can be provided if they are served with a subpoena.

This means that law enforcement would only need to get a judge’s authorization to require Facebook to get the contents of those emails. This doesn’t  rise to the level of a threat to national security.

This Doesn’t Protect Your Data

Bottom line, this encryption protects only the data in notification emails you receive from Facebook. It does not increase your personal security for the information you share on Facebook. Nor does it protect you from having your mobile information taken by Facebook’s apps.

You would be shocked to know how much of your personal data is taken by Facebook, especially via your phone. Recent research by our team shows that Facebook and Facebook Messenger take huge amounts of data and send it to servers all over the world. This information is then used to market services back to you.

What Now?

Currently, US federal regulations don’t require companies to be transparent about how they protect your data, what they take or what they do with it. It’s the Wild West at the moment. We need to change the mobile data landscape, and SpyAware is in the process of doing that.

Stay tuned for upcoming developments from us.