 Welcome back, everyone. Today I'm going to talk about a new security feature that Facebook enabled or installed in their system. To enable it, let's go to the drop-down menu and Settings, and then click on Security, and then what I'm going to talk about today is this Public Key. So, Security Settings, Public Key. Now, the description is Manage an OpenPGP Key on your Facebook profile and enable encrypted notifications. So, if we click Edit, first off, you might be wondering, what does this do? OpenPGP is a public private key pair, essentially, that lets you have secure communication. Yeah, lets you have secure communication. So, let's say that somebody wants to send you an encrypted message that only you can access. They get your public key, and then they encrypt a message with your public key, and then only the private key can decrypt the message. Okay? So, you have a public key that's yours, and anyone can have it, and they use that to be able to encrypt messages and send those encrypted messages to you. Then you also have a private key or a secret key, and you are the only one that has access to that secret key, and using that secret key, you can decrypt the message, and if only you have access to the secret key, only you can decrypt it. Okay? So, the idea of, you might hear it as PGP or GPG, is basically, to use these keys to be able to send or set up secure encrypted communications. Okay? So, now, think about this for a second. You have two keys. One is a public key. So, one person has a public key, one person has a private key, right? The same person has two keys. And if I want to send a message to my friend, I also need their public key, and they have to have a private key. So, we have to exchange public keys if we want to send a two-way encrypted communication. Otherwise, we're just one of us can basically encrypt the message if we only have one one public key. Okay, so I think I'll talk a little bit more about how to actually generate these keys in a later video, but what I want to talk about today is specifically the fact that Facebook is allowing us to upload our public key. So, this says, open PGP public key. I tend to use GPG2 to generate my keys, and maybe I'll show how to do that later. But what you need to know is, whenever we go into security and security settings and the public key tab, I've already generated my secure key here. So, it's up on the the key server. This is my public key that's already been created. Because anyone can have our public key, we tend to upload them to secure servers. Okay, so I've added my public key, and this basically lets Facebook encrypt messages to me. So, it says use this public key to encrypt notification emails that Facebook sends to you. So, if you check this box, you receive an encrypted validation email to make sure that you can decrypt it. If you're able to decrypt the verification email, click provided Facebook is encrypted notifications. So, basically, what this lets you do is, Facebook will encrypt notifications to you about your account, about, you know, group messages and things like that. So, if if you're in a group that is potentially, you know, anti-government or maybe you're you're planning some sort of protest or something like that, if you're in that type of group and you believe that someone is monitoring your emails, then this will at least encrypt the notifications that Facebook sends to you. Okay. Now, the other thing that this potentially does is lets people associate a key with a user profile. So, if you have your key here, if you've set your key, you've confirmed basically with Facebook that, you know, this account uses this key. So, if you want to send this person encrypted emails or encrypted chats, you can. Okay. I'm going to look more into whether you can actually, whether Facebook would encrypt chats or whether they would, you know, encrypt other information or if it's just notification emails, but at least, you know, now any of your activities that are done on Facebook, you can encrypt them into, you know, email or whatever, whatever notifications you're receiving from Facebook. So just select that. Whenever you click that and click save, that it asks for your password, which I'm not going to do right now, and then you receive an email that is encrypted and if you can decrypt that email and click the confirm link, then that key is now associated with your account. So, the reason that I would, I think this is interesting is first off, there is a legitimate use for people to get encrypted emails about notifications from Facebook. Like I said, if you're in particular groups that might be very, very sensitive, or if you believe that, you know, somebody's monitoring your activities, you might want to encrypt those notification emails. Another reason is specifically to associate the key with a real account. Now, there is this website called KeyBase.io, however, not a lot of people know about it. Everyone, almost everyone probably knows about Facebook, but very few people know about KeyBase.io. So KeyBase.io also, also lets you associate your PGP or GPG keys with known social media accounts, basically. It's a way to verify that, you know, these accounts do use this key, which is extremely important for security. So, I recommend, first off, looking into KeyBase.io. This is my account, if you want to add me. Look into generating PGP keys and then also think about what kind of information would you not want anyone to know? Like, why does anyone need to know about your Facebook notifications? I mean, it doesn't even matter if it's, you know, about your niece's birthday. Why should your niece's birthday information be publicly available or available to anyone who gets access to your email, including cyber criminals who might take over your accounts? So, I mean, it's not just about hiding secrets, right? It's about protecting yourself also from spying. I mean, there's lots of different reasons that we might want to protect and encrypt some of the messages or some of the information that we're receiving. I think this is an excellent initiative. I'm not sure. I don't think they took it far enough, but we'll see how far they actually go with using open PGP keys on Facebook and whether we can eventually encrypt chats and things like that. Now, a caveat here. Facebook is using your public key to encrypt messages to you. That means Google has access to the unencrypted messages before they reach you, right? So, assume that in the future, possibly even now, if both friends have public PGP keys available and they want to email themselves or, you know, message securely between each other, well, Facebook is the one that's doing the encrypting on both sides. So, you send a message, it's encrypted, and then sent to your friend, forwarded to your friend. That means that Facebook still potentially has the ability to be able to kind of do a man in the middle attack and monitor those communications. So, this is a step in the right direction. End-to-end encryption would be great. We'll see if they actually start to do messaging like that. So, I just wanted to talk a little bit about open PGP public key enabled in Facebook because I think it's really interesting that they're doing it. You can use it to, first off, associate a key with your public identity, which then could be used to encrypt emails to you or verify that you are who you say you are. Yeah, but just the potential for this is huge. So, I recommend looking into this and definitely if you're not already encrypting messages to yourself or encrypting messages to your friends, it's an excellent way to take back some of the control of your own privacy. So, thank you very much. If you like this video, please subscribe for more.