Me doing a security type post, here’s a first…Some of you will repost this, others won’t. No scaremongering here. Realistically, not enabling https access may not affect you at all, but if you use an unencrypted wi-fi access for FB, then you definitely should be. (Does anyone still have a non WPA2 encrypted home wi-fi network? I so so hope not!)
I am not going to get technical. Lets just say that gmail implemented it as default a few months back. I remember Charl B pointing out this issue with regards to gmail nearly 16 months ago and the opt in solution . Then they made it default a few months later. Most gmail users probably never even noticed the change. It made no difference to the performance.
On facebook its still opt in however, not default, a year later!
https is the encrypted protocol that banks use for communication when you do your banking. You know, “the lock” at the bottom of your browser?
Firesheep is an add-on that runs in firefox that allows someone on the same unencrypted wi-fi network as you to basically log in as you to sites that don’t use https for the whole session. Before this, “sidejacking” was a bit more difficult.
Aston Kutcher, while at TED (TED is awesomeness!) must have used unencrypted wi-fi without https on his twitter and got firesheeped.
more background here:
Someone in DC cares about online security
It makes sense to turn it on. If it gives you hassles, turn it off. If you use unencrypted wifi bear with it!
in FB goto
Account>account settings>Account security and click Secure browsing (https)