Rants, Raves, and Rhetoric v4

Facebook Apps Not HTTPS Enabled?

I much prefer to use sites with the encrypted HyperText Transfer Protocol (https) because it is a more secure connection. It is not just for banks or shopping. So I jumped on the chance to use https for my use of Facebook on more than just the login. Only now I am annoyed by the message I have to turn off https to use apps.

Switch to regular connection (http)?

Sorry! We can’t display this content while you’re viewing Facebook over a secure connection (https).

To use this app, you’ll need to switch to a regular connection (http).

First, the main Facebook address is www.facebook.com. This message occurs when going to apps.facebook.com with https. AIt means one should go to Account > Account Settings and click the “change” link next Account Security. Finally, uncheck “Secure Browsing (https): Browse Facebook on a secure connection (https) whenever possible”. better design for this message would to give a button where people could turn off this setting. Clicking the continue button turns off https. What this page does not make clear is apps users have to make a choice: 1) be more secure and not use any apps or 2) be less secure and use apps or 3) remember to switch back and forth. I suspect many people will go with the less secure option.

Second, I suspect the reason why apps.facebook.com is not protected is because the https protocol does not allow for two parties on to provide items in some elements on the same page even if both are secure. This is because one party cannot ensure another is not doing something illegitimate.

Still, there should be a handover from https to http for apps.facebook.com. A warning to users who want to have secure browsing they are no longer so would be nice. Really they should be clued in by their browser address bar, but most people would not notice that, I think.


Posted

in

,

by

Comments

9 responses to “Facebook Apps Not HTTPS Enabled?”

  1. […] This post was mentioned on Twitter by Facebook Insider, ezrasf. ezrasf said: Blogged :: Facebook Apps Not HTTPS Enabled? http://www.ezrasf.com/wplog/2011/02/16/facebook-apps-not-https-enabled/ […]

  2. […] Subscribe to feed ‹ Facebook Apps Not HTTPS Enabled? […]

  3. sue Avatar

    I cannot get into my face book privacy account to change back from https to http. I no longer have access to my account. I cannot post on my wall, message, play games, what the heck! @##$%%#)*^)*)

  4. sue Avatar

    I cannot change my face book account activity back to http. I clicked https and now don,t have access to my account. Cant play games, message, post on wall.

  5. yvette schroeter Avatar

    please let me access facebook games

  6. […] noticed that there were serious weaknesses in the implementation. One explanation theorized by Rants, Raves, and Rhetoric v4: …the reason why apps.facebook.com is not protected is because the https […]

  7. […] noticed that there were serious weaknesses in the implementation. One explanation theorized by Rants, Raves, and Rhetoric v4: …the reason why apps.facebook.com is not protected is because the https […]

  8. wing knight Avatar
    wing knight

    my facebook is Switch to regular connection i need help!!!!!!!!

  9. […] noticed that there were serious weaknesses in the implementation. One explanation theorized by Rants, Raves, and Rhetoric v4: …the reason why apps.facebook.com is not protected is because the https […]

Leave a Reply to wing knightCancel reply