ProtonMail adds Facebook PGP integration

Encrypted Email with Facebook PGP

At ProtonMail, privacy is one of our core values. This means more than just building an email service which respects privacy. It means building an entire ecosystem around the idea of privacy being the default online. From the onset, it is clear that this is not something we can do alone. Last summer, over ten thousand of you joined us by donating to our record breaking crowdfunding campaign to get ProtonMail to where we are today.

Together, people around the world have made it clear that online privacy matters, and tech companies are taking notice. Recently, Facebook took a big step forward by supporting PGP in email communications. Today, we’re happy to announce that with ProtonMail version 2.1, we are the first email service to add seamless support for PGP encrypted Facebook emails.

This means that PGP email messages from Facebook will be automatically decrypted by ProtonMail when you open them in both the webmail and mobile apps. Previously, to use Facebook PGP, it was necessary to install PGP, generate keys, and use complicated plugins. Now, securing communications from Facebook is as simple as using your ProtonMail account. No setup and configuration needs to be done on the ProtonMail side, all that is required is importing your ProtonMail public key into Facebook. We hope to work with the Facebook security engineering team in the future to further automate this process.

The PGP support in ProtonMail 2.1 in fact extends beyond Facebook. Any PGP message sent to a ProtonMail account from any email sender, regardless of whether it is PGP/MIME or inline PGP can now be automatically decrypted. This is one of the great benefits of following open standards and this integration is possible because both ProtonMail and Facebook follow the OpenPGP standard. As this was one of the most highly requested features, we’re glad to be able to finally launch this. In the coming months, we will be extending this feature to also allow automatically sending PGP messages outside of ProtonMail.

If we truly want to have a more private and secure internet, working together will be crucial and we applaud Facebook for sticking with open standards. As OpenPGP is universal, in the future, we will also be able to integrate with countless other services. We are glad that giants like Facebook are supporting these efforts and if more companies join in, the movement to improve privacy online will be unstoppable.

Happy encrypting!
The ProtonMail Team
media@protonmail.ch

To get a ProtonMail account, visit this page.

You can find Facebook’s official announcement about this here.

Why should I enable PGP encrypted emails from Facebook?

Facebook notifications can actually contain a lot of sensitive private information. For example, they can contain Facebook password reset links, or details such as who has messaged you on Facebook. While it is certainly true that Facebook has this information, when a notification email is sent, anybody who intercepts your email communications can also gain access to this information (for example, your ISP, your workplace network, or a government agency). Turning on PGP encryption for notification emails from Facebook helps to reduce this risk. ProtonMail is the only email service in the world that provides automatic support for Facebook PGP emails.

 

 

About the Author

Andy Yen

Andy is the Co-Founder of ProtonMail. He is a long time advocate of privacy rights and has spoken around the world about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

77 comments on “ProtonMail adds Facebook PGP integration

  • Bloody well done, ProtonMail! I’m really liking how my email service is progressing – I instantly enabled this feature. On Facebook’s side, they are obviously still going to be passing on my data wholesale to the NSA, advertisers, and anyone else who can pay. But it is nice to see that my notification emails at least can’t be intercepted. Thank you!

    Reply
  • An immediate reaction to this was “why would protonmail even want to have anything to do with facebook”?

    Regardless the thing that it is still secure way of communication, having the word Facebook attached to anything gives negative vibes right away. That’s the reality, I believe. And no, I don’t have a Facebook account.

    Reply
    • As we mentioned in the post, there are still some privacy benefits from encrypting messages from Facebook. Because it increases user privacy, we are willing to do it.

      Reply
      • To shake hands with FB is a deal that could come back to haunt you. Yes it may be a highly requested feature but ask yourselves, is it the right thing to do? FB’s commitment to open standards only proves one thing and that is that they along with the NSA, Prism and whoever else bankrolls their puppet strings see you as an up and coming threat and want to lure you in so they can eventually get their meat hooks into Protonmail. The mere notion of importing a Protonmail public key into FB is evidence of the initial steps. It may seem harmless but FB’s future propositions may not be optional and any fine print they present you will likely be irreversibly in their favor. Please tread carefully Protonmail team. You are changing the world. Be smart, seek out wise counsel, look to history for how the powers that be run their playbooks and don’t let them pull the carpet out from under you. Sincerely wishing you the very best of success.

        Reply
      • In reality many people are bonded to fb. I was surprised to hear you could even send a message from inside of FB to an actual e-mail address. Better than some net communication companies, not to say any names. I will search later but it would be nice to set up an instant message service between…for example…. an ipad on the FB app with another ipad, on Proton mail App no FB.

        IMHO, it seems like a great victory for privacy but even moreso for choice. Just to be fnally told that I will be able to communicate with my gf who uses the messenger app without having to ask her to set up another communication channel, NTM all other FB users I know, would be major. I know I am not the only one in the situation either. Of course its a small great victory but in the digital world, little tiny differences can make quite an impact for many.

        I cant ask you to verify the security of the facebook end of a PM-FB conversation as the FB servers are not yours to vouch for but could you please verify that youre not opening any potential backdoors that could allow access to Protonmail? I do not expect Protonmail to be anything more than among the top of the top email providers with regards to privacy. Its not Protonmail’s job to hand out faraday blankets with subscriptions or to design the internals of whatever device every user is on. “innocent until proven guilty” goes in many directions and from what I gather, this will be great.
        Thanks.
        Philip

        Reply
      • I share J’s misgivings. But I’d also like to add that a truly serious effort at email privacy (if you are really wedded to the browser) would involve an opensource downloadable add-on to use and manage keys locally.

        Reply
    • I totally agree; but this does not compromise PM security or require any ties with Facebook, so I am okay with it. Not that I would use FB though…

      Reply
    • I agree, I also find this disturbing for the same reason, I also found it disturbing that another “security” company namely Tresorit host their systems on Microsoft’s Azure data centers, I did trust the Tresorit Cloud Storage, but I do not trust anything that Microsoft has it’s fingers on for the same reason I do not trust FaceBook, the only thing that keeps me from trusting ProtonMail completely is the connection with FaceBook, and no, I do not have a FaceBook account, I know better 😉 , Paranoid ? , heck yeah 🙂

      Reply
    • Exactly this, I seriously start to doubt about the true face of Protonmail if they make whatever deal with Facebook/InQtel/FBI and it’s just wrong. It mak have bige benefite for your own promotions but towards your users who need absolute privacy you just can’t do this why you guys don’t understand this.

      Reply
  • This is excellent stuff!

    Two questions related to the key handling in Protonmail.

    First off all, have you, or are you considering to upload the public keys to some keyserver, so that other services can make use of it? I tried to import the key to Enigmail, but it looks like the UserID is empty?

    Second, can I somehow add the public key to my non-protonmail contacts in the address book?

    Reply
  • Could make an integration with Keybase.io to make possible to import peoples public key based on their social media accounts? Is that possible?

    Reply
  • Enabled it and it works fine on the web, but messages cannot be decrypted in the iOS app. Not a big deal as we are still in Beta.

    Reply
    • This is also an issue with the Android app. Testing shows that, if you encrypt to the recipient (UseID) only, and not to the sender, the mobile app can decrypt the message. It’s the multiple key encryption that is the problem.

      The web client does not appear to exhibit the same issue.

      Reply
  • Done! Awesome! One more step to make ProtonMail my default email account… just need iOS 🙂
    Great update guys!!! now hackers can see nothing when they request password request emails!

    Reply
  • I don’t care too much about Facebook integration, but I’m glad that messages received encrypted with PGP can now be decrypted.

    However I’d like to be able to download the private key, and more importantly to be able to use an email client running on my own computer (which I can trust a lot more than ProtonMail’s web interface) to get my mail with IMAP.

    One way I see to do this is to allow the user to upload a public key, and to have the ProtonMail servers encrypt with that key all mail received, unless it is already encrypted mail, then to give these messages to the user through IMAP (or POP3), and his mail client can decrypt them with the private key, which is then safe from ProtonMail. Of course this requires trusting ProtonMail still.

    Another way I see is to just provide regular IMAP access without encrypting anything that isn’t already encrypted. It makes sense: if messages are received unencrypted, we need to trust ProtonMail anyway, and if they’re not we won’t need to; so there isn’t really a point in ProtonMail encrypting the email.

    Overall I think I’m more interested in ProtonMail as a regular email provider, but with a focus on privacy and open standards. I can already get much better than ProtonMail’s “zero access” by using GnuPG (which I’d trust more than the OpenPGP.js shipped by ProtonMail any day) in my own mail client, so the “zero access” is only relevant when using the web interface for convenience (and IMO requiring people you send mail to to follow a link and type a password and write their reply, all this with JavaScript, is neither very open standards-like nor very convenient).

    Reply
  • I got an issue. My primary mail is @protonmail.com and the Public Key uses @protonmail.ch
    i need the Public Key with the .com version.

    Reply
  • So, Facebook doesn’t have their dirty hands in ProtonMail’s whole security features/processes or overall operations… Right? Like, they cannot get into my account at all??

    Reply
    • Not at all, they send us encrypted data that ProtonMail can now automatically decrypt. Our systems are still completely walled off from theirs, they have zero access to any user data (ProtonMail has zero access to user messages as well).

      Reply
  • So, how is the he private key handled by protonmail? Do you have access to it or are the messages decrypted on the side of the end user like other messages with the private key only available to the user and stored encrypted on your servers?

    Reply
  • Importing the public key to Facebook is OK, but after importing to GPG Keychain, no email appear
    in the key properties, so it´s not possible sending encrypted emails in Mail. (Mac OS X Yosemite)

    Private key export would be nice too.

    Any tip?

    Have a nice day!

    Reply
  • I am a new protonmail user. To this point I love the service and to be honest would be willing to pay for it. That was until I read this post. Before I get flamed let me ask you a question. If you were Jewish and found out that the country you lived in just made a deal with the Nazis to exchange encrypted messaging, would you be concerned? That is extreme but as far as privacy goes that’s spot on.

    Reply
  • Getting involved with Facebook or any other company is BAD business in my best judgement since if you really want to be the primary leader in “private” communications you simply cannot SHARE services with anyone. Doing so opens you up to a lot of problems in the future as I strongly advise to gracefully cancel your agreement with Facebook while you can. I can see the inevitable writing on the wall so please stick with your original principles (best policy) or you may end up losing many current and/or potential customers.

    Reply
    • It is important to understand what this integration means. There is NO data being shared with Facebook. We just give users the ability to import their ProtonMail public key into Facebook. There is ZERO security risk from this because it is a public key, and not the private key.

      Reply
  • Why get involved with facebook as i see problems in ur future if you do this….. don’t share anything or be ready to accept compromises later…. not a good idea!!

    Reply
    • It’s important to emphasize, there is ZERO ProtonMail data being shared with Facebook and Facebook has no ability to get ANY data from ProtonMail. This is simply a step towards universal PGP compatibility which is good for privacy.

      Reply
  • I understand that no data will be shared with Facebook. But it gives me the shivers to even see a image where Facebook and Protonmail shake hands. I also think that Protonmail should be very careful to not forget why so many of us found refuge with them. I hope Protonmail will not become what Barack Obama has become in politics. It would be such a shame.

    Reply
    • User privacy is always the most important thing to us, and we only work with other companies if it in fact improves user privacy. In the case of our support for Facebook PGP, it does improve user privacy so that’s why we decided to add support for it. Incidentally, at the same time, we added support for all other PGP services as well.

      Reply
  • As a huge donor to this email, makes me sick that you want anything to do with Facebook, which makes all the apps that access Facebook have access to your proton mail? I was about to donate another 10k and now I will wonder. Apps can now data mine through face book via protonmail, as per customer service.

    Reply
  • Yes Frank, the encouragement of this technology doesn’t benefit anyone, why protonmail are you encouraging this when it is making email more vulnerable when everyone has your public key? Any hacker could get your protonmail from that and send a virus, I think everyone that donated your campaign doesn’t even want you talking to Facebook for anything!

    Reply
    • Hi James, you are misunderstanding how this works. Sharing the public key does not make email more vulnerable. The public key is called the public key because it is meant to be shared and public. On the other hand, the private key is what must be kept secret and neither Facebook nor ProtonMail have access to your private key.

      Reply
    • That is tablet mode, so if you go to a smaller resolution screen or device, it will switch to that automatically. You can also get it on desktop by making the browser window less wide.

      Reply
  • also people should be aware no country offers privacy canada is going through all emails and bill c 51 going throw purchases mastercard and debit and payments and socialized medicine and medical records a sweeping arbitary law because people put all kinds of faith in government laws and the can bend them and read track everything, also they microchip will be in your homes houses car tires rfid chips in all devices Ipods and smartphones and appliances like refrigerators and coffee makers appliances and halls public transit with pay passes RFID enabled cards and trains planes and cars automobiles and sidewalks doors and walls cameras in your nostrils cameras rfid chips in hydro poles and sidewalk cement street with biometrics, soon or later windows 10 can steal all your passwords in protonmail and open up everything all this myth on privacy is coming to an end

    Reply
  • also, the internet of things will bring in devices rfid enabled to track movements with biometric scanning everything will be all tagged in clothing enabled buildings and cameras and all transportation goods services and highways and walls and doors and buildings and smart tv sets and wearable technology, so windows uses cortana a digital assistant that records all your passwords and encryption all email systems will be recorded and will know everything of your private pgp encryption keys to unlock everything, the European and Switzerland has privacy laws that work with five eyes and monitor you ,you cannot run and hide, the web globally work in an alliance to spy on you and break the laws

    Reply
  • Facebook encrypted messages open in my Protonmail account, but not on the application for some reason. Is this being amended? Thanks

    Reply
  • Brilliant progress!

    At first I, like many other seems to have misunderstood, thought this was some kind of integration of Facebook into ProtonMail, which would not have made any sense.

    However, this is great stuff. I personally have never touched Facebook, but I see it as a first step. Hopefully you can get more and more places to jump on this idea!

    Reply
  • Facebook was part of the PRISM program. Are you sure you want to go ahead with this “Engineering Alliance” thing with it. Please let us know what kind of engineering you will be doing together so that we could decide whether to continue with Protonmail services.

    And please, beware of the “Giants”.

    Reply
    • All we have done is added support for the PGP format that Facebook uses for their PGP messages. Facebook has zero access to any ProtonMail data. This just provides the option for you to add your ProtonMail public key to Facebook. As this is just the public key, there is no security or privacy risk. For more details, check out the knowledge base article we linked to above.

      Reply
  • all internet of things will require devices connected with palm readers biometrics radio frequency identification technology and microsoft windows 10 key logger and tracking recording your pass word id and track you every where you go and monitoring and tagging you no privacy

    Reply
  • I wish to import a contacts public key. He appended it as a text file named with a long hex string, with file extension .asc
    The import feature does not support this type.
    How am I to import this public key?
    Thank you

    Reply
      • Nice. I hope you realize that we are very close to the end of the first half of 2016 already 🙂

        I can’t wait for this feature, as it’s the only thing holding me back from using ProtonMail for everything (important)

        Reply
  • Is this still working? I don’t have Key Export or Download Public Key button or anything above “Authentication Logs”. Unless it’s been moved somewhere else besides Settings -> Security

    Reply