Yay…Facebook now allows HTTPS but…

by Matt on March 2, 2011

UDATE: They now reactivate HTTPS when you log back in to Facebook. Good Deal…

I was really excited to see Facebook decided to offer a setting to always use https://www.facebook.com/ when accessing facebook.com. I checked almost hourly to see if I had the option to turn it on. I finally saw the option and was happy to have selected it. I thought, “Yes, I can now surf Facebook and be safe from prying eyes…etc.” I mean, google allows it for their web properties that i frequent. The need to better security on Facebook really came to my mind when I started to hear about firesheep and how easy it was to hijack a facebook users credentials. It can happen in coffee shops, McDonald’s, or anywhere there is free wifi.

So you can see why i was excited to get that setting until I noticed something funny one day. I was heading over to my new favorite facebook app FlipToast‘s facebook page and saw this message:

I read through it and clicked continue thinking it was an odd but somewhat understandable request. Facebook can’t police how its app companies do there implementation of their pages. So I went on my merry way. the verbiage “switch” made me think it was temporary. Left the app page and went back to my wall to check out the latest friend news. guess what I saw? No HTTPS while I was there. I went back to the place where you can turn it on and it was not checked.

I was ticked! Think of all the people who now have a false sense of security after making that change and then heading to Farmville or something and needing to turn it off.

Yes, people should read that message and then head back into the settings and turn it back on. But should THEY have to do this? Why can’t Facebook just not present https to the app pages and then allow it to be back on when I head back to where it can be used? I already made the choice to use https once. I think this is a big issue that Facebook needs to deal with. You can’t expect my mom to go back and set that setting herself after I set it for her?

Now excuse me while I head back over and turn https back on.

What do you think? Am I rightfully upset about it?

Previous post:

Next post: