
Presumably Facebook knows that, but regardless, it is still bothering to implement improvements to encrypted email notifications. Only a tiny percentage of Facebook's overall user base are likely to even think about taking advantage of these new features.

Now, decrypting those email notifications from Facebook will be automatic and painless, at least according to ProtonMail. Although some media reports mistakenly labeled ProtonMail as "NSA-proof," the company has made some genuine and significant moves towards protecting its customers' data, such as easy-to-use PGP encryption. "Now, we're giving people more control and options for protecting the email communications they receive from Facebook."Īlso mentioned in Facebook's announcement was a new feature from ProtonMail, an encrypted email service which launched its public beta in May 2014. "We've previously focused on securing people's direct connection to Facebook with things such as HTTPS and a TOR onion site," Melanie Ensign, a spokesperson for Facebook, told Motherboard in a Twitter direct message. ECC still allows for the robust encryption of data, while using keys of a significantly smaller size than those of RSA, naturally reducing how much data needs to be stored. The implementation of ECC on Facebook works in much the same way-a user attaches their key to their profile-but the cryptography itself is different. Now the site is enabling elliptic curve cryptography, or ECC, a new cryptographic algorithm that is part of PGP. This meant that anybody snooping on those emails, such as the user's email provider, or the mass surveillance systems of the National Security Agency and its Five Eyes partners, would not be able to read the contents. Facebook allowed users to upload their public PGP key to their profile, enabling notification emails, such as a password reset, or alerts about new messages, to be sent encrypted to the user's email account.
