With all the latest buzz around Facebook’s privacy issues, one would think that Facebook would be safe to use now but it isn’t.
When you post a photo on Facebook and only allow family members to see it, you expect it to be off-limits for the rest of the world. In fact, it is! Almost. Other Facebook users wont see it. Where’s the problem then? All Facebook communication goes on the wire in clear text and are easily snooped upon. I’ll define “easily” as : someone with malicious intentions in your proximity (home, school, work, airport…). They wont get your precious user name or password : that part is encrypted but, the photo you just posted might be compromised.
When you log into Facebook, the front page switch from the unencrypted(HTTP) one to an encrypted(HTTPS) log in form. It authenticates you and them, returns you to an HTTP connection for the duration of your session. Everyone in between your computer and Facebook can potentially see what you’re doing.
I admit that every websites that serves contents over HTTP only is subject to the same flaw. On the alarming side, not all websites have over 500 millions people using their services on a daily basis while expecting privacy.
Will Facebook make encryption mandatory?