Facebook Enables HTTPS for Everyone, Sophos Celebrates
Facebook turns on secure HTTPS connections for everyone, security company Sophos celebrates by giving T-shirts away.
Back in 2011 Facebook announced that if you wanted to use the social networking site in a secure manner, you could turn on HTTPS from the Account Settings page and browse Facebook on a secure, encrypted connection. The downside was that the feature was an opt-in, meaning that you had to know about it and you had to enable it yourself – and that meant that many users, unaware of this new feature or unwilling to enable it, still browsed Facebook on a regular, unprotected connection.
The fact that Facebook made using HTTPS an opt-in did not escape the vigil eye of security company Sophos. Later in the year Sophos sent out an open letter in which it asked that Facebook does three things to provide a more secure experience for its millions of users.
The news is that the immensely popular social network enabled HTTPS by default – on its developer blog, Facebook quietly announced that “we are moving to HTTPS for all users” and that “we’re starting to roll out HTTPS for all North America users and will be soon rolling out to the rest of the world.”
Only 18 months after Sophos’ open letter (read that with a lot of sarcasm in your voice), Facebook made HTTPS the default. To celebrate the fact that Facebook did this, Sophos is giving away T-shirts.
“Of course, Facebook's roll out of HTTPS leaves us with a problem,” said Graham Cluley senior technology consultant at Sophos. “We have a large pile of 'Dislike' T-shirts that explain the three steps we'd like to see Facebook implement to improve privacy and security. Clearly, with the roll out of HTTPS, one of those now needs to be crossed out. So, we need to get rid of our T-shirts. We've decided the fairest thing to do would be to offer them to loyal subscribers to our email newsletter.”
10 limited edition T-shirts will be given away to randomly selected newsletter subscribers every month until there are no more T-shirts in stock.
You can subscribe to the Sophos newsletter here.
Back in 2011 Facebook announced that if you wanted to use the social networking site in a secure manner, you could turn on HTTPS from the Account Settings page and browse Facebook on a secure, encrypted connection. The downside was that the feature was an opt-in, meaning that you had to know about it and you had to enable it yourself – and that meant that many users, unaware of this new feature or unwilling to enable it, still browsed Facebook on a regular, unprotected connection.
The fact that Facebook made using HTTPS an opt-in did not escape the vigil eye of security company Sophos. Later in the year Sophos sent out an open letter in which it asked that Facebook does three things to provide a more secure experience for its millions of users.
- 1. When a new feature that impacts the user’s privacy is added, Facebook should assume that the user cares about his privacy and should ask him to opt-in.
- 2. Only vetted and approved third-party developers should be allowed to publish apps on the Facebook platform.
- 3. That HTTPS becomes the norm on Facebook. Facebook should use HTTPS all the time and should turn this feature on for all users.
The news is that the immensely popular social network enabled HTTPS by default – on its developer blog, Facebook quietly announced that “we are moving to HTTPS for all users” and that “we’re starting to roll out HTTPS for all North America users and will be soon rolling out to the rest of the world.”
Only 18 months after Sophos’ open letter (read that with a lot of sarcasm in your voice), Facebook made HTTPS the default. To celebrate the fact that Facebook did this, Sophos is giving away T-shirts.
“Of course, Facebook's roll out of HTTPS leaves us with a problem,” said Graham Cluley senior technology consultant at Sophos. “We have a large pile of 'Dislike' T-shirts that explain the three steps we'd like to see Facebook implement to improve privacy and security. Clearly, with the roll out of HTTPS, one of those now needs to be crossed out. So, we need to get rid of our T-shirts. We've decided the fairest thing to do would be to offer them to loyal subscribers to our email newsletter.”
10 limited edition T-shirts will be given away to randomly selected newsletter subscribers every month until there are no more T-shirts in stock.
You can subscribe to the Sophos newsletter here.
