======================================
Facebook reports enormous uptick in use of
snoop-proof email
The social network sends billions of
emails to users daily and says adoption of the encryption standard it uses has
skyrocketed among webmail providers.
Keeping email safe from prying eyes is
a joint effort, with both the sender and receiver needing to implement
encryption technology. And Facebook -- which sends its user base billions of
notification emails every day -- says things have gotten significantly more
secure because of changes made by popular webmail providers such as Microsoft
and Yahoo.
The percentage of outbound notification
emails sent from Facebook that are received by email services which support
encryption has jumped from less than 30 percent in May to 95 percent by
mid-July, according to a Facebook blog
post published Tuesday.
That rate of adoption is exceptionally
rare, said Jim Fenton, formerly the chief security officer at password
replacement firm OneID and now an independent Internet technologist.
"Facebook's measurement is
probably as favorable as it can be," Fenton said, pointing out that
Facebook's unique situation -- outgoing email only, measured by volume, to
large webmail providers for personal use more than work email accounts --
allowed Facebook to achieve such a rapid turn-around.
The change comes amid a growing effort
by webmail providers to better support encrypted email. That's a reaction to
National Security Agency snooping revealed by whistle-blower Edward Snowden,
and it's a necessity at Facebook, where notification emails about posts and
comments made by users' friends often contain snippets of private or
semi-private content from the site.
The kind of basic webmail encryption
Facebook refers to in its blog post is provided by a technology called STARTTLS, which uses Transport
Layer Security encryption to make it harder to spy on email. The
challenge with keeping email secure is that it requires both the sender and the
receiver to support the same encryption technology -- otherwise messages remain
unprotected. Though Facebook has supported STARTTLS for several years, of the
three biggest webmail providers, only Google's Gmail had adopted it.
Facebook said in its post that now that
Microsoft and Yahoo are on board with STARTTLS, the majority of the
social-media site's notification emails are encrypted with two common
encryption techniques. One is Forward Secrecy,
a technique that prevents the same numeric encryption keys from being used more
than once, which would make messages easier to crack. The other is strict
certificate validation, which is a high standard for ensuring that a digital
authentication certificate -- which email systems check to verify who's sending
a message -- has not been forged.
A Facebook spokesman told CNET that the
company is working on getting the other 5 percent of webmail providers to use
encryption. "All major providers we've talked to are either using STARTTLS
or are actively working on deploying it," he said.
A Microsoft representative noted during
a previous interview that webmail encryption efforts are tricky because of the
two-way-street situation involving sender and recipient.
Yahoo declined to comment.
Facebook sends billions of notification
emails to millions of domains every day, Facebook email engineer Michael Adkins
said in a blog post
last May. While that represents only a fraction of all email
sent daily, the move to STARTTLS by webmail providers represents a quick
victory in the wake of the outcry over NSA surveillance.
Other encryption-related efforts
include initiatives from Google, Yahoo, and Ladar Levison, whose now-shuttered
company Lavabit was suspected of being Snowden's webmail provider. Google
and Yahoo
are working on a webmail encryption setup that would hide the contents of an
email even from the email service provider. Levison
is working on a similar project to simplify email encryption so that it becomes
a one-click operation.
Update, August
20 at 10:57 a.m. PT: Clarifies
what STARTTLS is and adds response from Yahoo.
============================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
.jpg)
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment