serious @1 the only way to secure facebook is never have an account, barring that, delete it.

@1 & @2:
The only way to be truly secure is to fake your death and move to a shack in a remote area of Idaho with a stockpile of weapons.

Everyone should use that notification option too. And: about goddamn time. I wish the entire internet ran https on everything, some days when I'm not feeling realistic.

Or, here's a thought - only post things on Facebook that you don't particularly give a shit if people see, like comments on someone's shoes or posts about your cat or birthday greetings.

I don't use Facebook for anything more than saying hi to people. It's not a huge deal to me if most people can see that I made a lame joke about someone's picture of their dog. I have never put my address, phone number, etc., in my profile, so I needn't worry about those being inadvertently shared. I do limit who can see what I post, strictly enough that several of my relatives keep whining about it. But I never assume Facebook is private. It doesn't really need to be all that private: mostly I limit who can see what I post to keep some of my less-Internet-savvy relatives from making dopey comments on the posts of my friends.

Don't worry, when IPv6 Facebook rolls out, they'll have even more pervy ways to sell your privacy out from under you.

DELETE FACEBOOK.

I tried it, but then it wouldn't let me play Scrabble over https. Facebook with no Scrabble is even more pointless than Facebook with Scrabble, so eff it.

FB chat doesn't work with HTTPS either.

Levislade: Ha! That's what I just was gonna post! That's exactly what happened to me. It gave me an error when I tried to a-Scrab and I clicked through it and that made it go in and permanently turn off https anyway.

even though i keep checking the box as soon as i leave the account settings page the box becomes unchecked again.???

@11:

Make sure to click the "Save" button in addition to clicking the check box.

@8, 10: I switched to Kindle-Scrabble and LOVE it. (I don't mind playing just against their somewhat dimwitted AI).

Everyone logs in over https already, so no one can sniff your password. But they can temporarily hijack your account due to insecure session cookies. Everyone should enable https.

TY TY TY! Did did and did!

Hmmm I don't get the same options when I go into account security. I get a box for email alerts and a list telling me what OS and navigator I've logged in from lately. No sign of the https option :(

@3 Perhaps it would be better to take Yoda's advice and "train yourself to let go that which you fear to lose." Oh yeah, and stay off of FB.

I suggest using EFF's Firefox plugin, HTTPS Everywhere.

@ 16 this is not an option for me either. where do you live? i'm in germany, maybe it's only an option in the us?