Last night, while perusing my Facebook security settings for another blog post, I was surprised to find that the option to “Browse Facebook on a secure connection (https) whenever possible” was no longer checked!Great. Thank you, Facebook, for giving me a false sense of security. Not only are your apps (e.g., Farmville, Bejeweled, and everything else you install) or your chat sessions (if connecting via a chat client) not secure, but apparently neither is my regular Facebook session. Is this yet another classic Facebook bait and switch, or an innocent error?
Update: I heard on this week’s Security Now podcast that some users are prompted to disable HTTPS by apps which will not function over a secure connection, however this did not happen to me (at least, not with my knowledge or conscious approval).