Facebook and HTTPS – The Truth
Of course, while your login is kept secure when using Facebook, little else is. Perhaps it is down to the sheer number of users and the configuration of the services, but things like chat, gaming and messaging don’t take place across a secure connection.
This will come as a surprise, but even signing into Facebook avoids using HTTPS by default. Even forcing other pages of the service to use HTTPS (by altering the "HTTP" portion of the address) defaults back to the standard HTTP page.
HTTPS is the version of the standard Hyper-Text Transfer Protocol that uses SSL (secure socket layer) for private data transactions, and is used successfully by Amazon and PayPal, as well as various online banking systems and many other websites, and is a key element in the fight against data theft.
So why doesn’t Facebook employ the system more widely?
Until this question is addressed, however, the usual rules about using the service apply – don’t share any useful, identifiable information, don’t use the same password as you use for any other services and most of all don’t use Facebook and expect security from HTTP packet sniffers that can read unencrypted data.
In fact, unless you’re able to guarantee that your Facebook connection is safe and secure, you should seriously consider not using the service at all.