Facebook SSL security upgrade: why?

Facebook is now making it possible for users to access the site via SSL (ie, using ‘https’ rather than ‘http’). But is the timing significant?

Two things suggest it might be. The first is the hijacking of Facebook logins by the Tunisian Government. But the cynic in me says that a more likely reason is the ‘hacking’ of Mark Zuckerberg’s own Facebook page.

Facebook and Twitter are important tools for those organising protests against the Tunisian Government - protests that have already led to the former President, Zine al-Abidine Ben Ali, fleeing the country (although many of his cronies are still in place). The Tunisian Government maintains a firewall controlling all Internet connections to other countries. It has been intercepting Facebook logins, presenting a spoof login page that captures users’ account credentials.

In addition to the SSL option, Facebook has switched on Captcha authentication for all Tunisia-based users. Normally, this is used only when there has been some suspicious activity on the account, or it hasn’t been used for a while.

The SSL option is being rolled out globally but it’s being made ‘opt-in’. How typical of Facebook: when it comes to limiting the sharing of your personal data, it’s always ‘opt-out’, but when it’s a matter of tightening security, you have to make the effort yourself. This may be because the SSL option is reportedly incompatible with some applications (most of which - even seemingly innocuous and trivial games - exist to plunder your data).

Switching on SSL will be an option in your settings: US users apparently already have this. Those of us outside the US will have to wait a while longer, however you can try using ‘https’ instead of ‘http’ in URLs right now - it appears to work for me.