Kim Gentes

OK, so Facebook now gives you the option of talking to their site over an encrypted protocol. Cool. Well, sorta. But not really. I am not saying using HTTPS is not better than straight HTTP web browsing, but if regular (non-technical) users think it will make their use of Facebook safer, they probably really don't understand what makes Facebook (or any website) truly insecure to them as users.

First, Secure Sockets Layer is not new.  Facebook didn't just discover it or something, it has been around since 1995 (see http://en.wikipedia.org/wiki/Transport_Layer_Security for more info).  The purpose of HTTPS (the particular implementation of SSL that is being talking about) is simply so that when you are talking to a particular website that the communications directly to that site cannot be falsely interrupted, decoded, or mimicked without someone who has a very, very high level of acumen in digital security.

However, the problem with internet security is not HTTPS usage- it is almost 99% about leading legitimate web surfers to an illegitimate site.  This means that there are people out there who try to get you to click on links that lead you to somewhere OTHER than where you expected to go. And once you are at their phoney site, they have you normally enter some personal data that they later use to exploit you or steal your identity.

It goes like this-

1. you get a link in email that looks like it is from Facebook
2. you click on it.
3. you go into the site, surf around and leave
4. you didn't realize that you had gone into a site that wasn't Facebook, and they stole your password and user login because you entered it to get into their fake site.

That above scenario happens in email scams with everything from Bank "notifications" (phoney ones) to Facebook updates to whatever.

The point is, SSL or HTTPS doesn't make that above situation any safer.  If you followed your email links then nothing appeared to be wrong, and HTTPS operating on the real Facebook won't be of any help to you while you are logging on a phoney website that is only made to look like Facebook to steal your access.

There are really two main rules that will cover about 80% (making that figure up in my head) of your problems on Facebook or any site:

1. NEVER use a link that you get in email from an organization. Instead, almost all places (like Facebook or your bank, etc) allow you to log in to their website directly, then see the notifications or items they wanted to bring to your attention. This is the MOST important safety precaution you can make on any site.
2.  In Facebook in particular, don't use Face Apps.  Apps are developer access to you and all your information. Regardless of what the app is for, they can access EVERYTHING about your Facebook account once you approve an app.  Of course, there are a few apps that people use anyways, but just know that an App can literally access any information in your Facebook context. You can see my other article on how to block Apps that may bother you.

The HTTPS thing in Facebook merely gives people a bit more safety while they surf facebook, but doesn't protect them from the above two items, which ultimately cause vastly more security and other problems.  If you aren't careful enough to note click on emails from anyone that might look like Facebook in your email, then you likely aren't watching to see if you are locked secure while surfing Facebook either.

Now don't get me wrong, HTTPS settings on your login in Facebook does make that part safer. But for most users, it is the email and other links getting you to a "supposed" Facebook location that cause more problems. And once people are in Facebook, it is the propensity to use Apps (and even spoofed bad apps as well) that poses a greater risk than actually getting thread attacks into your browser during an actual session on Facebook, in my opinion.

keep on surfing safely people...

Kim Gentes