Thursday, March 3, 2011

Facebook https browsing can be turned off by applications.

For those of you playing along at home, we recently learned that Facebook has turned on secure browsing on it's whole site.  You can accomplish this by checking the "Browse Facebook on a secure connection (https) whenever possible" box in the Account Security section of your Account settings.  Now we know that this stops local hackers from stealing information when you are connected to a the network and this prevents advanced hackers from engineering hacks that can dump your information to them.  But I found something interesting the other day while auditing my applications settings.

This is not working so well.

As I went through some of my applications, I wanted to refresh my memory of why I installed some applications.  I click on the application's page in Facebook and I get a page that tells me that I need to switch back to http (non-secure) browsing in order for the application to work.  

So I play along.

Now to check the damage.   I look at the checkbox that I know I have checked previously to browse in https and it is not checked anymore!  WOW!  Facebook doesn't even let you know that this is a PERMANENT CHANGE TO YOUR ACCOUNT SETTINGS!!!!!

Just all the more reason to do what I do. 

Audit your applications!
Go through your list of applications every once in a while to make sure that nothing has crept in there that you don't want.  If that has happened, immediately remove the app from your profile.
Audit your settings!
The same should apply for your settings.  Go through your settings every so often to ensure that what you have set in the past is still applied.

As always, remember that in the end no one is responsible for your information but yourself.  Always check and double check to make sure your information is as private as you want it to be.

No comments: