Could Facebook Become the New Web of Trust? Maybe!


| Deep Dive

Adding Your Public Key to Your Facebook Profile

To display your public key on your profile page, you need to update your contact information. From Facebook’s top menu bar, click on your face to get to your profile. Then click on Update Info.

Enabling Public Key to Make Facebook the New Web of Trust - Step 5

Now to add my PGP Public Key to my profile page

Moving on. Click on Contact and Basic Info for the next step.

Enabling Public Key to Make Facebook the New Web of Trust - Step 6

Click on Contact and Basic Info

Now click + Add a public key.

Enabling Public Key to Make Facebook the New Web of Trust - Step 7

Now you can add your public key

Paste your public key into the field provided, if it isn’t already there. Choose who you want to be able to see your key, and click Save Changes.

Enabling Public Key to Make Facebook the New Web of Trust - Step 8

If it isn’t already there, you can paste it into place

That’s it! After this, anybody you allow will be able to view and download your OpenPGP public key for use in emailing you.

Now for the Gotcha

Here’s a problem that may crop up if you turn on encrypted notifications from Facebook. Assuming you’re using Keychain to store your passwords, Safari will ask if you want to update your password. You probably should, but be aware of what that Keychain Access entry will look like afterwards. Here’s an example.

Facebook and Keychain Access

This is ugly window management

I’ve blurred out some data there, but it’s my public key. You can see there is no way to access my password to view it or change it.

To get around the problem, I had to highlight the entire contents of my public key, cut it, and then attempt to close the window. Keychain Access asked if I wanted to save my changes, and it was only when I said no that I was able to access the password field in the window.

Facebook and Keychain Access

This isn’t much better, but at least I can see the password field now

Your experience might be similar, so if you can’t see the password field, follow my advice from above and you should be okay.

Facebook Could Become the New Web of Trust

Almost everybody uses Facebook these days. It’s definitely conceivable that the social media network could become the new Web of Trust for PGP, if people start using this feature more. Of course, nobody I talked to about it even knew it was there, so that might not bode well for its prospects. However, if enough of us get the word out, it certainly could become a handy repository of public keys.

1
Leave a Reply

Please Login to comment
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Member
Bill Bullock

Hi Jeff. You might be interested in what we did with https://www.securemyemail.com where we did, indeed, use Facebook, Twitter, and LinkedIn with openPGP as an “update” to the legacy PGP Web of Trust. Instead of manually verifying the public key on Facebook (still possible, though) we automated things by asking (it is optional) SecureMyEmail users to authenticate to their preferred social network(s) to verify their identity. Once done, when these users invite contacts to set up encrypted email with them, the invitee can see if the inviter has verified their identity with a social network and click on the social… Read more »