InternetSecuritySocial NetworkingWeb Browsers

Let’s Make Facebook More Secure to Celebrate Data Privacy Day

Today is Data Privacy Day! I decided it would be appropriate to pick on one of the biggest offenders of crimes against your privacy – Facebook.

This week, Facebook made a significant change to their security options by allowing you to force HTTPS (secure) connections to Facebook’s main website whenever you are logging on. While Facebook has obviously been considering this move for a long time (as it’s not just a simple matter of flipping a switch to “make everything secure”), the timing was oddly coincident to the successful hack of the account of Facebook’s founder, Mark Zuckerberg. That’s right – the guy who created Facebook had his Facebook account compromised this week. (Go ahead, laugh for a while. I know I did.)

Note that this secure option is NOT enabled by default – you have to do it yourself, but it’s easy. Just go to “Account | Account Settings | Account Security” and check the box next to “Browse Facebook on a secure connection (https) whenever possible.” If you haven’t done this yet, stop reading this post and do it right now – we’ll wait.

Note: Facebook is rolling this feature out to people in waves, so if it’s not there yet, check again tomorrow. Yes, it’s that important.

Secure connections enabled now? Good. This is not a cure all, but goes a long way to securing most people’s Facebook connections. (I am still annoyed that Facebook does not yet support secure communications with their XMPP (chat) server if you use a separate program for Facebook chat, for example.)

Facebook is also testing a new feature to prove you are whom you say you are, instead of CAPTCHAs – those squiggly words that you’re supposed to type to prove you are a human. The problem is that they are often easily cracked by computers, and hard to enter by humans (and it’s supposed to be the other way around). With Facebook’s “social recognition,” you are instead presented with pictures of your friends and asked to confirm their identity. I can’t wait until my friend, who uploaded a picture of Gonzo from the Muppets, is one of my choices. Hopefully Facebook will be incorporating their facial recognition technology to keep one-offs like that from cropping up in the test, but only time will tell.

Finally, if you are using Facebook’s “check in” feature, be aware that your status may be used, without your knowledge or permission, in an ad for the location where you checked in. Wonderful.

Incidentally, how do you go about getting a day dubbed “Data Privacy Day?” Is there some formal application process? Can we get an “International I’m Fed Up With Big Corporations’ Complete Disregard for My Privacy Day?” I’d like that.

Comments are closed.