>Because anyone in between Facebook and your mail provider, your mail provider, and anyone in between your mail provider and you would all be susceptible to some form of interception.
So now that part of the puzzle has been addressed by facebook without the acknowledgement of the rest, people are suppose to just set this aside?
>…And that would be covered by a Privacy Policy and potentially the Terms of Service.
So a technical implementation with its foundation on a social contract that has and can change at any time is to be trusted…
The parent mentioned:
"Of course, if someone breaks PGP so that they can use one half of the key pair to recover the other half, they could read the message just by knowing the key you share with Facebook ... but that that is intractable is the whole foundation of public key cryptography."
Which I decided to set aside since between the user and privcy policy/tos, are the ones that seem to be the weak points that are often exploited in practice that subverts "security".
This is a thread about Facebook adding the ability to encrypt their notifications for you. While all those may be valid arguments, and are certainly worth discussions, this is neither the time nor the place for it. As I said before, there could be many arguments made against a whole number of things, but none of them are on topic. In terms of this one specific feature Facebook added, it's a net security positive, and not theater, as we have shown you several times over the course of this constantly-offtopic thread.
To answer your question bluntly, people are supposed to just set this aside here, yes. Because all those things are not at all even remotely related to the topic at hand. If you have concerns about PGP, there's plenty of security-oriented forums you can take those problems to to have them analyzed by actual security experts who would be able to provide much more information about it than we could. If you have concerns about Facebook's policies, then I'm sure there's legal forums and other Facebook-related discussions which would more closely match those concerns. If you have concerns about Facebook itself, well, perhaps you shouldn't be on it in the first place. But regardless, this topic is not the appropriate place for any of these conversations because none of them are about the encryption of notifications from Facebook to you.
So what if one has questions that span the dimensions of GPG/PGP in practice/ facebook's policies and facebook itself relative to other parties it says its securing one from (of which has been vaguely defined)?
To call this one specific feature a net security positive while being willing to silence all else (out side of empty nods to such) that is related to the encryption process for the sake of giving a pat on the back it seems, doesn't inspire much confidence…
> So a technical implementation with its foundation on a social contract that has and can change at any time is to be trusted…
No, the "social contract" at issue deals with a different set of concerns than the "technical solution".
The "technical solution" addresses the issue of providing a mechanism to prevent the data sent from Facebook to you being exposed to third parties without you or Facebook intending that exposure.
The "social contract" addresses limits on intentional sharing by Facebook of data related to you (which overlaps with some of the information in the communications protected by the technical solution.)
The former is not the foundation for the latter, they address distinct, though related, issues.
So now that part of the puzzle has been addressed by facebook without the acknowledgement of the rest, people are suppose to just set this aside?
>…And that would be covered by a Privacy Policy and potentially the Terms of Service.
So a technical implementation with its foundation on a social contract that has and can change at any time is to be trusted…
The parent mentioned:
"Of course, if someone breaks PGP so that they can use one half of the key pair to recover the other half, they could read the message just by knowing the key you share with Facebook ... but that that is intractable is the whole foundation of public key cryptography."
Which I decided to set aside since between the user and privcy policy/tos, are the ones that seem to be the weak points that are often exploited in practice that subverts "security".