How safe is https connection for facebook?

i was thinking of switching over to https connections for FB…

Is it a good idea?

IMO, the best idea is to ditch FB altogether. :wink:

No way! my Sister wont do that…she is real FB addict

Hi true indian,

You really consider that after the “Firesheep” extension with the HTTPS Connection Flaw drama in Febr. last year? Just think again.
You need the full shield detection of avast on normal http connections allways.
With https you loose that additional protection.
I know our forum friend, DavidR, did advise against this forcing of HTTPS-connections on several occasions and in several of his postings. I have to agree with his opinion… Not all browsers will tell you when https is in part insecure, and not all browsers then block the insecure javascript.
re: http://techie-buzz.com/browsers/google-chrome-blocks-insecure-scripts.html (link article author = Keith Dsouza)
I would not like to run the additional risks, but that is just my personal opinion,
I would install the Ghostery plug-in with all the new total blocking options and enable bug blocking there, re: http://www.ghostery.com/

polonus

Thanks! plonus i will stick with http ;D

Even if you switched to https, that doesn’t make facebook safer as https has nothing to do with security, but privacy.

The fact that the web shield doesn’t scan https (secure encrypted) content would effectively leave you more vulnerable rather than more secure.

His name isn’t plonus…!! ::slight_smile:

What good is a HTTPS connection if you’re posting personal data on your own on a public webspace?

http://www.lifehacker.com/5745086/why-should-i-care-about-https-on-facebook-or-other-web-sites

Here is your answer :slight_smile:

I need Facebook as I use it to keep up with many friends and my daughter that live far away from me and I like to see the pictures she posts of my grandson.

I do use https to connect to Facebook plus I have other Facebook security settings VERY HIGH.

https://www.facebook.com/security?v=wall

Hi Hanziness & JoKenny,

The Google Analytics tracking code is now the same for both secure and non-secure websites.
So privacy wise it does not make any difference. Better to use a combination of extensions like NoScript and RequestPolcicy. Here I have to agree with DavidR. Then the rendering of javascript code differs as per browser, a comma transition in the code for GoogleChrome gives an undefined error for instance. There is also browser dependant malware and we want avast on the ball all of the time all the time,

polonus

Hi polonus.

Oh… I didn’t know that about Google Analytics! Thank you for informing me (anyway, NoScript and ABP blocks it… :D)

Of course I use NoScript in my Firefox (which is up-to-date) to keep my browser and computer secure. I also have FlashBlock, AdBlock Plus (with its Pop-Up extension) and NoRedirect intalled.

I tried out RequestPolicy once, but it blocked everything, and I thought I don’t really need it, because I always scan unknown websites with Sucuri, Virustotal and URLVoid. I also use OA.

The problem is you don’t know what other web sites the one you are visiting connects to (so you can’t physically check them all) as for the most part you only find out about the connections to third party sites (regarding cross site scripting) using something like RequestPolicy or check the page source code, by which time it is too late.

Thanks! for the input guys!

I will stick with http as polonus adviced :wink:

Remember that the website owner also has a responsibilty towards the visitor of his site.
Sensitive information stays secure when everything om the site is encrypted. Changing plugin configurations, updating passwords, these data should always be encrypted and are not so by default. And when on a mixed content site you better should know that SSL/Non-SLL links issues were fixed.
For instance run fiddler under your browser session and grow aware to what goes on over the wire under the hood inside your browser while you are clicking away,

polonus

So what would be your suggestion polonus? :slight_smile:

+1 FB is the devil