Doug McLean - Blogmeister
So why does an information security company care whether you use Facebook or Outlook to communicate? The answer is that PGP Corporation is committed to protecting our customers’ data regardless of where it is and what device it is on. Giving up email or migrating to a hybrid email/social networking platform does not absolve individuals and enterprises from protecting the confidential information contained in their messages, status updates and tweets.
In fact, it complicates the situation in that there is clearly a class of information you will never want resident on any platform over which you don’t have complete control. This need for secure communications, particularly in the case of the social networking platforms (SNP), will lead to private Twitter groups (Flocks?), identity verified Facebook groups, and user encrypted message archives. NOW this gets interesting.
There has been any number of stories in the press recently about how to “protect yourself” on Facebook and the other SNPs. Most of them, unfortunately reduce to:
A: Be suspicious
B: Don’t give our your password to anyone
Facebook, LinkedIn and the other social networking platforms do have pages of security “tips” that also fall into these same two categories.
There have also been numerous stories like this one detailing a few of the social networking platform's security vulnerabilities. So, it’s clear that those of us that use the them for personal and/or professional purposes have reason to be concerned about the new threat models the SNPs may enable.
I do, in fact, believe that the ability for the social networking platforms to become mainstream communications channels will be severely limited if the security issues inherent in their use are not addressed up front. The good news for both the SNP providers and their users is that these platforms are relatively clean sheets of paper when it comes to deploying secure communications services. So they have an opportunity to build security deeply into their architectures rather than layering it over existing infrastructure as we’re now doing with legacy email, chat, and other technologies.
In the meantime I do have one other recommendation for anyone intending to store files on the social networking platforms or even pass files through them to other repositories. Please, PLEASE encrypt them if you have any need to protect them. If you use our encryption, PGP Desktop has a feature that makes this extremely easy and allows you to encrypt a file to either a key or a simple passphrase.
PGP Zip is available from the File-->New menu of any PGP Desktop application. When selected it opens the window shown below. Simply drag the files you intend to store or transmit through Facebook or SNP and click on the SECURITY button.
PGP Zip File Selector
You are then presented with a choice of encrypting the selected files to a PGP key or a passphrase (below). If you just archiving the files I strongly recommend using your own key. If you’re placing the files on a repository in the cloud for someone else, use their public key if they have one. Alternatively, you can just use a passphrase, but if you want to protect the files against a brute force attack, please use one that is at least nine characters in length and contains numbers and a special character or two like #, *, or %.
PGP Zip Security Selector
Once you hit the "Save" button, PGP Desktop will both encrypt and compress the files and directories designated. You can then use one of the current file transfer applications to send the resulting PGP Zip file up to Facebook or any other cloud based repository knowing that it's safe from prying eyes.
The social networking platforms are wonderful tools for both personal and professional purposes. Besides helping us all to stay in touch with friends, family, colleagues and causes, they’re fun. They are not, however, secure communication services…yet. So, I’d urge caution and common sense in the information you share, store and transmit on them until such time as they do become more secure.