- Jan 24, 2011
- 9,378
After announcing a somewhat crippled HTTPS implementation a month ago, Facebook has made significant progress towards fixing the issues, like enabling the chat functionality.
Google is clearly pushing HTTPS into the mainstream by enabling it by default for services like Gmail, Docs, Calendar and more recently, Picasa Web Albums.
Facebook aims to implement default full-session HTTPS sometime in the future too, especially since the need for such protection was clearly outlined by the account hijackings in Tunisia.
During the protests that eventually lead to the ousting of former President Zine El Abidine Ben Ali, the Tunisian government used its control over the country's main Internet routers to inject password stealing code into the Facebook login page.
Had it been protected by SSL, this kind of tampering would have broken the HTTPS connection, which could have tipped off users that something bad is going on.
Facebook started its HTTPS push first by providing an option under Account Security to always enable such a connection automatically.
However, it warned that important functionality, such as using third-party applications or the Facebook Chat, was not available over HTTPS.
When trying to open an app users were asked to revert back to HTTP, which was not a temporary change as some people might have instinctively thought.
Nevertheless, it appears that Facebook has worked behind the scenes on improving its HTTPS implementation and it has some progress to show for it.
More details - link
Google is clearly pushing HTTPS into the mainstream by enabling it by default for services like Gmail, Docs, Calendar and more recently, Picasa Web Albums.
Facebook aims to implement default full-session HTTPS sometime in the future too, especially since the need for such protection was clearly outlined by the account hijackings in Tunisia.
During the protests that eventually lead to the ousting of former President Zine El Abidine Ben Ali, the Tunisian government used its control over the country's main Internet routers to inject password stealing code into the Facebook login page.
Had it been protected by SSL, this kind of tampering would have broken the HTTPS connection, which could have tipped off users that something bad is going on.
Facebook started its HTTPS push first by providing an option under Account Security to always enable such a connection automatically.
However, it warned that important functionality, such as using third-party applications or the Facebook Chat, was not available over HTTPS.
When trying to open an app users were asked to revert back to HTTP, which was not a temporary change as some people might have instinctively thought.
Nevertheless, it appears that Facebook has worked behind the scenes on improving its HTTPS implementation and it has some progress to show for it.
More details - link
