Facebook finally enables HTTPS by default, we give away free T-shirts to celebrate

Filed Under: Facebook, Featured, Privacy

Back of T-ShirtIn April 2011, Naked Security wrote an open letter to Facebook about security and privacy.

Eighteen months later, it looks like he have some reason to celebrate - as Facebook appears to be saying "yes" to one of the three steps we asked them to take to better protect its users.

Way back in January 2011, Facebook announced it was implementing HTTPS to allow its many millions of users the ability to automatically encrypt their communications with the social network - preventing hackers and attackers from sniffing your sensitive data while using unencrypted wifi hotspots.

Accessing Facebook with HTTPS enabled

However, Facebook made this enhancement to security "opt-in" only. Which meant that most people never turned it on.

In Naked Security's open letter, we asked that Facebook did a better job with HTTPS.

As we wrote to them at the time:

"We welcome you recently introducing an HTTPS option, but you left it turned off by default. Worse, you only commit to provide a secure connection “whenever possible”. Facebook should enforce a secure connection all the time, by default. Without this protection, your users are at risk of losing personal information to hackers."

A posting last week on Facebook's developer blog, quietly announced that the site was finally going to be following our suggestion:

Facebook quietly announces the roll-out of https

In the blog post, Facebook said that it was finally starting to rollout HTTPS to its North American users, with the rest of the world following "soon".

We want to say this really clearly and loudly, so we'll use a big font:

Well done Facebook!

Sure, we might have liked it if Facebook had enabled HTTPS by default more quickly, but it would be churlish to grumble now they're doing it.

If you can't wait for Facebook to turn on HTTPS/SSL in your neck of the woods, you should set it up for yourself. Log into your Facebook account and navigate to Account settings / Security where you should be able to enable "Secure Browsing".

Security settings. Click for larger version

Of course, Facebook's roll out of HTTPS leaves us with a problem. We have a large pile of "Dislike" t-shirts that explain the three steps we'd like to see Facebook implement to improve privacy and security.

Clearly, with the roll out of HTTPS, one of those now needs to be crossed out.

So, we need to get rid of our T-shirts. We've decided the fairest thing to do would be to offer them to loyal subscribers to our email newsletter. Every month, until our stocks run out, we're going to give away 10 of these limited edition T-shirts to randomly selected newsletter subscribers.

Pile of t-shirts

If you're not already a subscriber to our newsletter, you can sign up here.

T-SHIRT GIVEAWAY TERMS & CONDITIONS: You need to be signed-up for our email newsletter at the time that we randomly select winners. If you've previously won a t-shirt from us in the giveaway, you can't win again. If you're a Sophos employee, tough luck - you can't win. If you're a Facebook employee, sure - feel free to subscribe and you might win a t-shirt, but we're not going to give you special treatment.

If you win, you will be contacted via email (naturally) to ask for your snail-mail address, so we can send you the shirt. It's kinda tricky otherwise. We'll do our best to give you a t-shirt in the size you want, but - hey - our stock is limited, so don't be too peeved if you get a baggy one. Your email address is only used for sending you the newsletter (you can unsubscribe at any time) and for asking you where we should send the t-shirt. No spam, we promise. We're nice guys.

Make sure that you keep informed about the latest security and privacy issues affecting Facebook users. Join the Sophos page on Facebook, where over 190,000 people regularly share information on threats and discuss the latest security news.

, , ,

You might like

17 Responses to Facebook finally enables HTTPS by default, we give away free T-shirts to celebrate

  1. An important security rule: never give your t-shirt size by e-mail, it's probably scam!

  2. Jeremy · 1011 days ago

    Maybe cross the ones they have done with a red washable marker. :D

  3. Bill Digiglio · 1011 days ago

    I want a t- shirt..:) lol

  4. MikeP_UK · 1011 days ago

    Can I have my t-shirt in XL please?

    Good work but it shows just how slow and out-of-touch with the reality of security they, and many others of the genre, are these days.

    Security and encryption should be the norm, not some option.

  5. Mark Longson · 1011 days ago

    I have been using HTTPS for ages now, it was great at first because the adverts down the right hand side of the screen didn't update so I was able to kill them and not get bothered with new ones.

    Looks like they have fixed that bit!

    As for the Apps I don't use ANY of them, not my cup of tea.

    I always try to advise my friends about security issues and I get lots of help from sophos emails

    Oh and if I do happen to be picked size Large will fit perfectly. ;-)

    Thanks sophos!

  6. size large please :) i love the new security. I got hacked last year even though i had spyware. Thank God for my son who knew how to fix it, i was facebook security with no pic for a few hours. nice to know your on a safer site to play. Thank you.

  7. Why on earth would anyone use a noticeboard like Facebook for private information?

  8. Robert Gracie · 1011 days ago

    I wouldnt mind a T-Shirt lol

  9. Linda in Montana · 1011 days ago

    Thanks for al you do! I always read your updates and appreciate the tips you give us!
    Keep up the good work!

  10. greg flattery · 1011 days ago

    Put me down for a T-shirt size 40 thanks.

  11. Wow! Sophos wins again. I had just checked this to see it it had changed yet. I don't use third party apps on FB and I've had some "saves" thanks to info from Sophos newsletters and Facebook and Google+ feeds.

    If this is the entry for a t-shirt, I would love one! A Medium please. You folks are awesome.

  12. Fred Davidson · 1010 days ago

    I would be very happy to wear this shirt (XL)!!

  13. L. Paquette · 1010 days ago

    Just to note there is no HTTPS for there mobile/tablet users:
    <a href="http://m.facebook.com/?refsrc=http%3A%2F%2 Fwww.facebook.com%2F&_rdr" target="_blank">http://m.facebook.com/?refsrc=http%3A%2F%2 <a hre..." target="_blank">Fwww.facebook.com%2F&_rdr

    I used to be able to use: https://www.facebook.com to login to fb from my iPod. But that now redirects me to the mobile http page.

    They're not all the way there yet.

    Also once in fb... apparently there are many non https pages. So beware.

    Size: XL ;-)}

  14. Kally · 1010 days ago

    I always advise my friends about security issues I find out about, via my SOPHOS emails.

    Oh, if I do happen to be chosen, size XL will fit perfectly. ;-)

    Thanks SOPHOS :D

  15. Mrs. W · 1009 days ago

    Geeks and non-geeks alike always comment on my Dislike t-shirt when I wear it. Someone even wanted to trade me for it at Defcon. More like this, please!

  16. Larry Bailey · 1009 days ago

    If I get a T-shirt, great, if not! not a problem, the site is worth it's weight in gold

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley