Sunday, January 30, 2011

Facebook pwns Firesheep


Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the "Account Security" section of the Account Settings page.

There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future


Steve M. said...

It appears this feature is slowly being rolled out to users. A roommate currently has access to the feature but I don't yet (at least not without HTTPS-Everywhere).

I recently discovered another interesting Facebook feature which I think is a similar "win" for users of the site. You now have the ability to actually download a .zip file of all the data you have uploaded to Facebook. This includes photos, wall posts, messages, comments, etc. As far as I can tell, every bit of information associated with you is included in the .zip file.

Implicitly, we know Facebook retains this, because we can usually access it (albeit sometimes slowly and "buggily") simply by browsing the site. Seeing it aggregated, however, as very simple files which can be quickly browsed through, is astounding. Viewing all this data can be both reminiscent and scary, among other things, all at the same time.

You can find the feature from the "Account" menu in the top right. Then "Download Your Information" is at the bottom of the page.

Mary T. said...

Though I think it's great that facebook is launching the https option, I worry that this may give some people a false sense of security. An https site isn't the end all, be all for internet security, especially since facebook is often targeted by hackers. I think facebook should inform its users of the https option but also warn them that hacking can still occur.