Facebook is adding the ability to upload an encryption key to your profile to prevent hackers from snooping on your notification emails.
Notification emails from the company often include the content of the message; encryption would turn those messages to gibberish for sophisticated third parties. The ability to add OpenPGP public keys to profiles is rolling out on Monday.
Facebook is using PGP (Pretty Good Privacy), an open standard widely used for email encryption. Each user has a public key and a private key; both are similar to what you might see generated from password platforms such as 1Password or LastPass. Anyone with your public key can send you a message, and you use your private key to view it.
The new tool isn't fully fool-proof, though. If someone finds your private key by phishing, or if someone seizes and gains access to your computer, he could still read your private emails.
But by giving users the option to add a PGP key to their pages, it gives that standard much more visibility and could go a long way toward making stronger security a priority for more people on the web.
The move is also a step toward making users feel safer sharing information on a social network with a spotty record on privacy.