You Can Now Opt-In for HTTPS on Facebook
The problem with a regular connection (HTTP) is that people with malicious intent could snoop in on what we send over the web. To ensure your data is safely sent over the web, you must go for an encrypted connection (HTTPS). Immensely popular social networking site Facebook has announced that you can now opt-in to use HTTPS and thus enjoy a higher level of security.
“Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure. Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools,” announced yesterday Facebook Security Engineer, Alex Rice.
According to Rice, you can check the “Browse Facebook on a secure connection (HTTPS) whenever possible" from the “Account Security” section on the Account Settings page. I can’t see it right now when I access my Facebook account and that’s because the new feature is being gradually rolled out. Rice explained the feature is being slowly rolled out “over the next few weeks.” Rice was kind enough to provide an image of what you’re supposed to see. You can check it out at the bottom of this article.
The fact that you can now enable HTTPS and browse on an encrypted connection is very good news from a security and privacy point of view. As Rice explained above, you should turn HTTPS on especially if you connect to your Facebook account via a public network. Be warned that there are a few drawbacks to turning HTTPS on – it may take longer to load Facebook pages, and you may not be able to use certain 3rd party apps because they are not supported. Rice explained that these problems will be addressed in the future; he also explained that in the future HTTPS may become the norm for Facebook.
Chester Wisniewski, Senior Security Advisor at Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, was keen to observe one thing: when you share data using Facebook, you have to opt-out of it being publicly shared with the entire internet. When you have to protect your data from snoopers, you have to opt-in.
“In standard Facebook fashion this option is of course opt-out, ahem, opt-in? Yes. Facebook has decided that when it comes to protecting your privacy you must choose to opt-out of sharing, but when it comes to enhancing your privacy you must opt-in,” said Wisniewski.
In related news, if you want to force full-session HTTPS connections, check out the HTTPS Everywhere Firefox add-on developed by the Electronic Frontier Foundation (EFF) in collaboration with the Tor Project.
“Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure. Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools,” announced yesterday Facebook Security Engineer, Alex Rice.
According to Rice, you can check the “Browse Facebook on a secure connection (HTTPS) whenever possible" from the “Account Security” section on the Account Settings page. I can’t see it right now when I access my Facebook account and that’s because the new feature is being gradually rolled out. Rice explained the feature is being slowly rolled out “over the next few weeks.” Rice was kind enough to provide an image of what you’re supposed to see. You can check it out at the bottom of this article.
The fact that you can now enable HTTPS and browse on an encrypted connection is very good news from a security and privacy point of view. As Rice explained above, you should turn HTTPS on especially if you connect to your Facebook account via a public network. Be warned that there are a few drawbacks to turning HTTPS on – it may take longer to load Facebook pages, and you may not be able to use certain 3rd party apps because they are not supported. Rice explained that these problems will be addressed in the future; he also explained that in the future HTTPS may become the norm for Facebook.
Chester Wisniewski, Senior Security Advisor at Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, was keen to observe one thing: when you share data using Facebook, you have to opt-out of it being publicly shared with the entire internet. When you have to protect your data from snoopers, you have to opt-in.
“In standard Facebook fashion this option is of course opt-out, ahem, opt-in? Yes. Facebook has decided that when it comes to protecting your privacy you must choose to opt-out of sharing, but when it comes to enhancing your privacy you must opt-in,” said Wisniewski.
In related news, if you want to force full-session HTTPS connections, check out the HTTPS Everywhere Firefox add-on developed by the Electronic Frontier Foundation (EFF) in collaboration with the Tor Project.
