facebook phone

Facebook says most outbound email is encrypted now

Nearly all of Facebook’s outbound notification emails are now encrypted while traveling the Internet, a collaborative feat that comes from the technology industry’s push to thwart the NSA’s spying programs.

In May, only 58 percent of the social networking site’s email was encrypted when it was sent since the receiving entity must have the technology, called STARTTLS, enabled, wrote Michael Adkins, a messaging integrity engineer at Facebook, on a company blog.

Since that time, Microsoft, Yahoo and other email providers have enabled STARTTLS, which has pushed the percentage of Facebook’s encrypted messages to 95 percent, he wrote.

Many major technology companies vowed to put stronger defenses in place to protect data after documents leaked by Edward Snowden detailed the depth of the NSA’s surveillance programs.

Messages sent by Facebook also meet a high standard for encryption by having a valid audit trail for the digital SSL (Secure Sockets Layer) certificate used for encryption.

Adkins wrote that of the 58 percent of messages that were encrypted previously, about half of those were “opportunistically encrypted.”

That means Facebook could encrypt content using the recipient’s SSL certificate, but there was a problem with the certificate that could indicate a security problem. For example, the certificate may have expired or not been signed by a trusted certificate authority.

Subscribe to the Security Watch Newsletter

Comments