Slog Music

Music, Nightlife,
and Drinks

Thursday, February 3, 2011

Secure Yer Facebook

Posted by on Thu, Feb 3, 2011 at 2:50 PM

Even if you and your team of lawyers pore through Facebook's privacy settings every day to see what's changed, and you diligently monitor your settings to make sure you're only sharing what you want to share, your content is only as secure as your connection, and most people browse Facebook over an unencrypted HTTP connection, meaning anyone who shares the same network as you may be able to sniff our your traffic, getting access to your password, and hence everything else.

The New York Times' Gadgetwise blog reports that Facebook has added an option to let you browse the site over HTTPS, which means your surfing will be secure.


Anybody who uses Facebook should turn this on. Go to Account > Account Settings > Account Security to find the setting. Also, change your password: it's bad.

This has a been a public service announcement.


Comments (18) RSS

Oldest First Unregistered On Registered On Add a comment
meanie 2
serious @1 the only way to secure facebook is never have an account, barring that, delete it.
Posted by meanie on February 3, 2011 at 3:11 PM · Report this
seandr 3
@1 & @2:
The only way to be truly secure is to fake your death and move to a shack in a remote area of Idaho with a stockpile of weapons.
Posted by seandr on February 3, 2011 at 3:20 PM · Report this
Joe Szilagyi 4
Everyone should use that notification option too. And: about goddamn time. I wish the entire internet ran https on everything, some days when I'm not feeling realistic.
Posted by Joe Szilagyi on February 3, 2011 at 3:26 PM · Report this
Geni 5
Or, here's a thought - only post things on Facebook that you don't particularly give a shit if people see, like comments on someone's shoes or posts about your cat or birthday greetings.

I don't use Facebook for anything more than saying hi to people. It's not a huge deal to me if most people can see that I made a lame joke about someone's picture of their dog. I have never put my address, phone number, etc., in my profile, so I needn't worry about those being inadvertently shared. I do limit who can see what I post, strictly enough that several of my relatives keep whining about it. But I never assume Facebook is private. It doesn't really need to be all that private: mostly I limit who can see what I post to keep some of my less-Internet-savvy relatives from making dopey comments on the posts of my friends.
Posted by Geni on February 3, 2011 at 3:28 PM · Report this
Will in Seattle 6
Don't worry, when IPv6 Facebook rolls out, they'll have even more pervy ways to sell your privacy out from under you.
Posted by Will in Seattle on February 3, 2011 at 3:37 PM · Report this
very bad homo 7
Posted by very bad homo on February 3, 2011 at 3:54 PM · Report this
I tried it, but then it wouldn't let me play Scrabble over https. Facebook with no Scrabble is even more pointless than Facebook with Scrabble, so eff it.
Posted by Levislade on February 3, 2011 at 3:57 PM · Report this
FB chat doesn't work with HTTPS either.
Posted by yuiop on February 3, 2011 at 4:19 PM · Report this
leek 10
Levislade: Ha! That's what I just was gonna post! That's exactly what happened to me. It gave me an error when I tried to a-Scrab and I clicked through it and that made it go in and permanently turn off https anyway.
Posted by leek on February 3, 2011 at 4:19 PM · Report this
even though i keep checking the box as soon as i leave the account settings page the box becomes unchecked again.???
Posted by xina on February 3, 2011 at 4:32 PM · Report this

Make sure to click the "Save" button in addition to clicking the check box.
Posted by COMTE on February 3, 2011 at 4:39 PM · Report this
emma's bee 13
@8, 10: I switched to Kindle-Scrabble and LOVE it. (I don't mind playing just against their somewhat dimwitted AI).
Posted by emma's bee on February 3, 2011 at 4:41 PM · Report this
Everyone logs in over https already, so no one can sniff your password. But they can temporarily hijack your account due to insecure session cookies. Everyone should enable https.
Posted by John Jensen on February 3, 2011 at 4:51 PM · Report this
Jackal 15
TY TY TY! Did did and did!
Posted by Jackal on February 3, 2011 at 5:35 PM · Report this
Hmmm I don't get the same options when I go into account security. I get a box for email alerts and a list telling me what OS and navigator I've logged in from lately. No sign of the https option :(
Posted by Lynx on February 4, 2011 at 4:51 AM · Report this
@3 Perhaps it would be better to take Yoda's advice and "train yourself to let go that which you fear to lose." Oh yeah, and stay off of FB.
Posted by jenesasquatch on February 4, 2011 at 7:03 AM · Report this
I suggest using EFF's Firefox plugin, HTTPS Everywhere.
Posted by Phil M on February 4, 2011 at 8:46 AM · Report this
@ 16 this is not an option for me either. where do you live? i'm in germany, maybe it's only an option in the us?
Posted by erika r on February 5, 2011 at 5:15 AM · Report this

Add a comment

Commenting on this item is available only to registered commenters.

All contents © Index Newspapers, LLC
1535 11th Ave (Third Floor), Seattle, WA 98122
Contact | Privacy Policy | Terms of Use | Takedown Policy