NEWS FROM THE LAB - Wednesday, May 4, 2011

Facebook Prompting Users to Enable HTTPS Posted by Sean @ 16:36 GMT

I was examining some Facebook spam this morning, hosted on a Page using an iframe tab application of some sort.

(Facebook appears to have a handle on spam Applications at the moment, as the current batch of spam is abusing Pages rather than Applications.)

In any case, the iframe content of the Page was not encrypted, and so I needed to temporarily disable my account's https option.

When I returned to my New Feed, I saw this promotion:

Help Protect Your Account with Secure Browsing (https)
Help Protect Your Account with Secure Browsing (https)

I shouldn't have seen the prompt, as my account already had the https feature enabled, and the page was already https encrypted, but, well, Facebook is buggy like that.

Anyway, it seems that Facebook is poking users to Enable Secure Browsing.

Good. Kudos to Facebook.

Now that the https setting is persistent and the feature appears to be dynamic, everybody should consider using it; there's plenty of benefits and very little down side. If your Facebook account is not yet https enabled and you don't yet see the prompt, you can also find the option in your Account Settings under "Account Security".