Help get this topic noticed by sharing it on Twitter, Facebook, or email.
I’m seriously concerned about why unsecured connections are even an option for Facebook

Why can't I access Facebook via HTTPS/SSL?

Facebook stores a lot of personal information. Just to load my profile page they are transferring my full name, picture, email address, cell phone number, mailing address, school, major, current and former jobs, etc. -- along with all the other extraneous information that may appear on my wall or other profile applications. If I am accessing Facebook at a public computer or using an open wireless network, anyone in the vicinity can see all of this information as it is transferred. Talk about breach of privacy! It's fast, free, and easy for anyone to become such a snoop (check out this video: Get Gephardt – Protecting Your Wireless Connection).

One deterrent against such simple sniffing is to use a secure connection to transmit the data. While it is not the end-all, be-all of Internet security, it is definitely a major step in the right direction. Not only should I be able to access Facebook pages via a secure HTTPS/SSL connection, but secure access should be REQUIRED!

You wouldn't dream of accessing your online banking or credit card website over an unsecured HTTP connection, and they don't even have one one-thousandth of the personal information that Facebook presents on a single page! Banking websites generally don't even show full account numbers, let alone extremely personal details like cell phone numbers and up-to-the-minute information on where and what you are doing.

This really shouldn't be a difficult problem to solve. Facebook already has an SSL certificate, but it is only used when they process credit cards (e.g., for purchasing virtual "gifts" for your friends). You can manually prefix any page URL with https://, but clicking any link on the secure page will take you back to the http:// version of the site, making navigating securely absolutely impossible. The JavaScript/AJAX also references http:// links, so "dynamic" content like scrolling through photos, voting things up and down, poking people, etc. is not secured either.
184 people have
this problem
+1
Reply
next » « previous
next » « previous