X

How to make Facebook send you encrypted notification emails

Learn how to add an OpenPGP public key to your Facebook profile and set it so that Facebook will encrypt the notification emails it sends to you.

Matt Elliott Senior Editor
Matt Elliott is a senior editor at CNET with a focus on laptops and streaming services. Matt has more than 20 years of experience testing and reviewing laptops. He has worked for CNET in New York and San Francisco and now lives in New Hampshire. When he's not writing about laptops, Matt likes to play and watch sports. He loves to play tennis and hates the number of streaming services he has to subscribe to in order to watch the various sports he wants to watch.
Expertise Laptops, desktops, all-in-one PCs, streaming devices, streaming platforms
Matt Elliott
3 min read

facebook-pgp-public-key-promo.jpg
Matt Elliott/CNET

Facebook introduced an option for users to add OpenPGP public keys to their profiles and select to receive encrypted notification emails -- account recovery emails, in particular -- in an effort to better protect your privacy online.

PGP stands for Pretty Good Privacy and is used to encrypt email communications. It requires two keys -- one public, the other private -- to protect email from prying eyes. The sender needs to know the recipient's public key to encrypt the message, and then the recipient uses his or her private key to decrypt it. Take a look at the Electronic Frontier Foundation's explainer on Public Key Cryptography and PGP for more on the subject.

While Facebook lets you add a PGP public key to your profile and check a box to receive encrypted notification emails, you will need to use a separate program to generate the key. Facebook uses GNU Privacy Guard (GPG), a widely used and free implementation of the OpenPGP standard, for its own public key and recommends the GPG Suite for Mac and Gpg4win for Windows. I installed the GPG Suite on my Mac to generate my public and private keys. I was unable to use Gmail via the Web to encrypt and decrypt emails and instead had to access my Gmail account through the OS X Mail app; Mozilla Thunderbird reportedly works too.

You will also need to set up and manage your public key via a desktop browser. Facebook states "public key management is not yet supported on mobile devices; we are investigating ways to enable this."

After you generate your public and private keys, head to Facebook and navigate your way to the Contact and Basic Info section of your About page (or click here). There you will need to click on Add a public key and copy and paste the text block of your PGP public key, starting with: -----BEGIN PGP PUBLIC KEY BLOCK----- and including -----END PGP PUBLIC KEY BLOCK----- at the end. (On a Mac, I exported my public key as a plain-text ASC file from the GPG Keychain application that I was then able to open in TextEdit to copy the text block mentioned above.)

pgp-public-key-facebook-settings.jpg
Screenshot by Matt Elliott/CNET

Below the box, you can check the box for Use this public key to encrypt notification emails that Facebook sends you. If you check the box, Facebook will send you an encrypted verification email that you must decrypt before it will begin sending you encrypted notification emails. You can also choose a privacy setting for your public key, but since it's useless to someone without your private key, it's not dangerous to leave it at the default of Public. In fact, the more people who know your public key means the more people who can send emails securely to you.

Once you have entered your public key and decided on the checkbox for encrypted notification emails, click Save Changes. Facebook then displays the 40-digit fingerprint of your public key on your About page, which is shorthand for the giant block of text you entered.

After you decrypt Facebook's verification email and click its included link, a new tab opens in your browser with this message, letting you know encrypted notification emails are enabled:

facebook-encypted-emails-confirmed.jpg
Screenshot by Matt Elliott/CNET