Facebook recently announced it will begin letting users connect to its service through an “always on” encrypted connection. The step is aimed at strengthening the privacy and security of sessions occurring over unprotected wireless networks.
Users should consider enabling Hypertext Transfer Protocol Secure (HTTPS) if “[they] frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools,” according to a recent Facebook blog. The site had previously offered the encryption, but only for the collection of passwords.
HTTPS is frequently used to protect online banking and similarly sensitive transactions, but it has been relatively rare among major social networking and e-mail services. It is currently offered by default on Google’s Gmail service, however, and is offered as an option for Microsoft Hotmail users.
Privacy risks associated with unsecured sessions came into focus late last year with the introduction of a tool called Firesheep. A Mozilla Firefox add-on, it allows users with relatively little technical skill to hijack and monitor unprotected traffic from Facebook and many other sites.
Using HTTPS may make Facebook pages take longer to load, the blog cautions. “In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. But “[w]e'll be working hard to resolve these remaining issues.”
Facebook is planning to make the encryption option available “over the next few weeks” and also hopes to make the feature a default setting sometime in the “near future.” Users can access the option as part of the site’s advanced security features, which can be found in the “Account Security” section of the “Accounts Settings” page.
♦ Snapshot from Facebook.com/Security