Facebook and HTTPS
Posted by Aaron Massey on 02 Feb 2011.
Looks like Facebook decided to announce the availability of an account option to enable HTTPS throughout your browsing session rather than just during login. This announcement coincided with Data Privacy Day 2011, which makes it a great public relations move in addition to a solid improvement for security and privacy of Facebook users. For example, this will prevent Firesheep-style hijacking attacks. As the Wired article about this announcement says:
The change is intended to give users a way to protect themselves from Wi-Fi snoopers, who can sniff packets going over unsecured Wi-Fi. This let’s them watch what a user is doing on Facebook (or any site not using HTTPS) and even log-in to the user’s account and pretend to be them on Facebook temporarily.
I agree with Christopher Soghoian, who is quoted in the Wired article. This would be even better if it were enabled by default rather than an option users have to manually enable.