Given Facebook’s general record on privacy issues, this gives me a mental image of a pickpocket using his skills to slip money into people’s pockets… 
Given their prior history this sounds to me like an attempt to get more people to use Facebook as their email provider. Which emails will be decrypted (and monitored) by Facebook as they are shown to the users through Facebook’s interface. While meanwhile stymying anyone else’s attempts to profit from the knowledge gained by reading those emails.
When it comes to gigantic corporations, never assume public-spirited charity when there’s an equally ready explanation which enhances their power and profitability.
Do you even understand how public keys work?
ETA: Sorry, that was meant to be a snarky reply to LSLGuy, not the OP.
Yes I fully do understand how they work. And how they are different from private keys. And all the rest.
I fully expect Facebook’s email to tout how their email is fully encrypted, thereby helping their technically naïve customers to feel secure in using it. Except of course when Facebook decrypts it on their server before showing it in the html interface to the end user.
If you’re thinking of this as simply a way for Facebook end-users to publicize another personal attribute which others can use with separate email encryption programs and separate email providers then I can see your confusion about my post. You’re right in that case that Facebook wouldn’t gain anything. They also wouldn’t lose anything either, since that email stream is already never passing through their servers.
IMO that’s not the long-term game FB is playing.
These statements are mutually exclusive. If the first one is true, then you understand why the second scenario is impossible (you need the recipient’s private key to decrypt, and only public keys are to be found on the server).
Dunning, Kruger, and I cast three votes for “the first statement is false”.
Cool. Next, they can stop setting the “Keep me logged in” box to checked every once in a while, and stop asking me for my phone number to further “secure” my posts.
We’re still not communicating. My fault.
My point is the user will *also *file their *private *key with Facebook as part of using Facebook’s upcoming email system. In fact Facebook will probably issue them the key pair when it issues them a supposedly “inherently encrypted and secure” email address.
The decryption of incoming public-key encrypted emails will be done using the private key on Facebook’s servers. Which servers will then serve a web page (over https) to the user showing the plain text of the incoming mail. And allowing Facebook to peek at the contents along the way.
I predict this will be very popular with the rubes who equate “encrypted” with “secure” with no further understanding.
And which, if this is correct, also puts users’ private keys at risk of being hacked, that is, of some third party hacking into Facebook’s servers and obtaining users’ keys en masse.
Can this possibly be true? Servers and “cloud” are not the places that private keys really ought to be.
ETA: The whole idea of private keys is that the owner of a private key should never transmit that key anywhere.
What upcoming email system? Facebook killed off it’s email system last year. Now all your facebook.com email does is forward to your primary email account.
I admit it’s a strange move, but reinstating their email program after dismantling it last year seems far more ridiculous.
Plus, I’m not even sure that the forwarded emails will use PGP. Everything just refers to notifications being encrypted.