Another possibility is one of their programmers thought "It would be good if there was more encrypted e-mail going around in general, I wonder if I can get it into facebook somehow" and coded this feature in their free time. Then convinced his managers to integrate it with that argument plus "and it's already coded we just need to merge it in"
To me the strangest thing about this announcement is that, while the PGP user base is small, I imagine its intersection with Facebook's is much, much smaller. PGP is used by people who are extremely concerned with privacy, which is practically the antithesis of Facebook.
The last paragraph of the linked post describes more or less what keybase [1] is.<p>[1] <a href="https://keybase.io/" rel="nofollow">https://keybase.io/</a>
Back in the Myspace era, I was bored and created an easy encoder-decoder for people to play with. It worked with Twitter, Facebook and Myspace (cut-paste your encoded text) because it only used basic characters. As you can't see in this animation, I later added random spaces and punctuation to the encoded text so that theoretically it would be harder for social networks to detect and block. The text was encoded in Javascript as you typed, which I thought was cool :-)<p>You can see it here as a GIF animation <a href="http://pjbrunet.com/friends-secret-messages.gif" rel="nofollow">http://pjbrunet.com/friends-secret-messages.gif</a> The decoder was just as easy, another pink box under the encoder. Obviously a pro could crack the code but that wasn't the point.<p>It was free. I advertised it to hundreds of thousands of people at the top of my blog which was 99% social media users and many of them were interested in privacy related topics as I could see from the Google queries. Looking at the CTR on that banner (asking people to try it) I concluded nobody cared. I was obviously targeting people who weren't tech savvy. I had some friends try it, they said they felt like James Bond ;-) That particular app had no traction, but my "pipe letter generator" did much better.<p><pre><code> ╔╔╗════╔╗═╔╗═════╔╗═══════╔╗══════════════════╔═╗╗
║║╚╗╔═╗║║═║║═╔═╗═║╚╗╔═╗╔═╗║╠╗╔═╗╔═╗═╔═╗╔═╗╔╦╦╗║═╣║
║║║║║╚╣║╚╗║╚╗║║║═║║║║╬║║═╣║╦╣║╚╣║╔╝═║║║║╚╣║║║║╠═║║
║╚╩╝╚═╝╚═╝╚═╝╚═╝═╚╩╝╚╩╝╚═╝╚╩╝╚═╝╚╝══╚╩╝╚═╝╚══╝╚═╝║
╚════════════════════════════════════════════════╝</code></pre>
What if Google validated PGP signatures for you from trusted, popular certs?<p>They'd have Facebook's pubkey on file, and -- transparent to you -- would create something analogous to my browser's lock icon in their email browser. Any time you got an email from Facebook, it'd say "Verified Sender".<p>Heck, couldn't we tie mail from Facebook back to their domain cert given to them by their CA? If it says @facebook.com, and it's passes verification from the cert on facebook.com, then it's actually from Facebook, right?
Btw, does PGP support triple wrapping to prevent surreptitious forwarding? (S/MIME does - <a href="https://www.ietf.org/rfc/rfc2634.txt" rel="nofollow">https://www.ietf.org/rfc/rfc2634.txt</a>)<p>I really don't understand why it has been chosen over S/MIME. Maybe they gave the money to that german guy who wrote it and now they don't want them to be completely wasted :)
Following Facebook's story on PGP, I see I had missed that Facebook directly supported Tor since last fall. <a href="https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237" rel="nofollow">https://www.facebook.com/notes/protect-the-graph/making-conn...</a>
I think the nicest part of this is that account recovery e-mails are encrypted. I wish we'd see more of this.<p>While I'm cautious about facebook in general, it is (in essence) a repository for public data. A public key falls into that category, so they gain nothing more than the association of user and key. And in return, the PRISM databank has more superbly useless information to store and eventually 'collect' for 1EF communication.<p>And I gain immunity from account hijacking unless I mess up Key Management.
Private public keys + verification gives way to lots of uses...<p>Payments (bitcoin style currencies), banking, document signitures, and single sign-on?
I wish they had opted to use S/MIME, because of the wide support in MUA and because it's relatively easy use even for non geeks.<p>Some time ago I started collecting support of S/MIME in products and companies: <a href="https://gist.github.com/rmoriz/5945400" rel="nofollow">https://gist.github.com/rmoriz/5945400</a>
Regarding making this work with GMail, Google still has their End-to-End GPG plugin for Chrome+GMail: <a href="https://github.com/google/end-to-end" rel="nofollow">https://github.com/google/end-to-end</a>