Sophos Cloud Optix
In April 2011, Naked Security wrote an open letter to Facebook about security and privacy.
Eighteen months later, it looks like he have some reason to celebrate – as Facebook appears to be saying “yes” to one of the three steps we asked them to take to better protect its users.
Way back in January 2011, Facebook announced it was implementing HTTPS to allow its many millions of users the ability to automatically encrypt their communications with the social network – preventing hackers and attackers from sniffing your sensitive data while using unencrypted wifi hotspots.
However, Facebook made this enhancement to security “opt-in” only. Which meant that most people never turned it on.
In Naked Security’s open letter, we asked that Facebook did a better job with HTTPS.
As we wrote to them at the time:
"We welcome you recently introducing an HTTPS option, but you left it turned off by default. Worse, you only commit to provide a secure connection “whenever possible”. Facebook should enforce a secure connection all the time, by default. Without this protection, your users are at risk of losing personal information to hackers."
A posting last week on Facebook’s developer blog, quietly announced that the site was finally going to be following our suggestion:
In the blog post, Facebook said that it was finally starting to rollout HTTPS to its North American users, with the rest of the world following “soon”.
We want to say this really clearly and loudly, so we’ll use a big font:
Well done Facebook!
Sure, we might have liked it if Facebook had enabled HTTPS by default more quickly, but it would be churlish to grumble now they’re doing it.
If you can’t wait for Facebook to turn on HTTPS/SSL in your neck of the woods, you should set it up for yourself. Log into your Facebook account and navigate to Account settings / Security where you should be able to enable “Secure Browsing”.
Of course, Facebook’s roll out of HTTPS leaves us with a problem. We have a large pile of “Dislike” t-shirts that explain the three steps we’d like to see Facebook implement to improve privacy and security.
Clearly, with the roll out of HTTPS, one of those now needs to be crossed out.
So, we need to get rid of our T-shirts. We’ve decided the fairest thing to do would be to offer them to loyal subscribers to our email newsletter. Every month, until our stocks run out, we’re going to give away 10 of these limited edition T-shirts to randomly selected newsletter subscribers.
If you’re not already a subscriber to our newsletter, you can sign up here.
T-SHIRT GIVEAWAY TERMS & CONDITIONS: You need to be signed-up for our email newsletter at the time that we randomly select winners. If you’ve previously won a t-shirt from us in the giveaway, you can’t win again. If you’re a Sophos employee, tough luck – you can’t win. If you’re a Facebook employee, sure – feel free to subscribe and you might win a t-shirt, but we’re not going to give you special treatment.
If you win, you will be contacted via email (naturally) to ask for your snail-mail address, so we can send you the shirt. It’s kinda tricky otherwise. We’ll do our best to give you a t-shirt in the size you want, but – hey – our stock is limited, so don’t be too peeved if you get a baggy one. Your email address is only used for sending you the newsletter (you can unsubscribe at any time) and for asking you where we should send the t-shirt. No spam, we promise. We’re nice guys.
Make sure that you keep informed about the latest security and privacy issues affecting Facebook users. Join the Sophos page on Facebook, where over 190,000 people regularly share information on threats and discuss the latest security news.
An important security rule: never give your t-shirt size by e-mail, it's probably scam!
I'm an XXL. Hopefully safe to post here.
Maybe cross the ones they have done with a red washable marker. 😀
I want a t- shirt..:) lol
Can I have my t-shirt in XL please?
Good work but it shows just how slow and out-of-touch with the reality of security they, and many others of the genre, are these days.
Security and encryption should be the norm, not some option.
I have been using HTTPS for ages now, it was great at first because the adverts down the right hand side of the screen didn’t update so I was able to kill them and not get bothered with new ones.
Looks like they have fixed that bit!
As for the Apps I don’t use ANY of them, not my cup of tea.
I always try to advise my friends about security issues and I get lots of help from sophos emails
Oh and if I do happen to be picked size Large will fit perfectly. 😉
Thanks sophos!
size large please 🙂 i love the new security. I got hacked last year even though i had spyware. Thank God for my son who knew how to fix it, i was facebook security with no pic for a few hours. nice to know your on a safer site to play. Thank you.
Why on earth would anyone use a noticeboard like Facebook for private information?
Da
I wouldnt mind a T-Shirt lol
Thanks for al you do! I always read your updates and appreciate the tips you give us!
Keep up the good work!
Put me down for a T-shirt size 40 thanks.
Wow! Sophos wins again. I had just checked this to see it it had changed yet. I don't use third party apps on FB and I've had some "saves" thanks to info from Sophos newsletters and Facebook and Google+ feeds.
If this is the entry for a t-shirt, I would love one! A Medium please. You folks are awesome.
I would be very happy to wear this shirt (XL)!!
Just to note there is no HTTPS for there mobile/tablet users:
<a href="http://m.facebook.com/?refsrc=http%3A%2F%2 Fwww.facebook.com%2F&_rdr” target=”_blank”>http://m.facebook.com/?refsrc=http%3A%2F%2 <a hre…” target=”_blank”>Fwww.facebook.com%2F&_rdr
I used to be able to use: https://www.facebook.com to login to fb from my iPod. But that now redirects me to the mobile http page.
They're not all the way there yet.
Also once in fb… apparently there are many non https pages. So beware.
Size: XL ;-)}
I always advise my friends about security issues I find out about, via my SOPHOS emails.
Oh, if I do happen to be chosen, size XL will fit perfectly. 😉
Thanks SOPHOS 😀
Geeks and non-geeks alike always comment on my Dislike t-shirt when I wear it. Someone even wanted to trade me for it at Defcon. More like this, please!
If I get a T-shirt, great, if not! not a problem, the site is worth it's weight in gold