Skip to main content

Facebook adds encryption, social captchas

Popular social networking service Facebook has announced a new security drive that sees ubiquitous encryption and all-encompassing 'social captchas' added to the site.

The announcement, which comes in the wake of news that chief executive Mark Zuckerberg's personal fan page on Facebook was hacked by assailants unknown, is designed to reassure the site's millions of users that their personal data is secure from ne'er-do-wells.

Perhaps the biggest change is the option to completely encrypt your connection to the Facebook site using HTTPS - a feature previously only used to protect a user's password during the login process. By making the page encrypted all the time, Facebook makes it a lot harder to snoop or hijack a session - although man-in-the-middle attacks could still disclose data.

Sadly, the company isn't making the option a default one. Rather, users are asked to browse to the 'Account Security' section of their 'Account Settings' page and enable 'Secure Browsing' manually.

In a statement, Facebook security engineer Alex Rice claimed that the company has good reason not to enable the functionality by default: "Encrypted pages take longer to load, so [users] may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS."

To further boost security, and to stem the growing tide of spammers targeting the service, Facebook is also adding a new technology it calls 'social captchas' to the site.

Unlike traditional captchas, which use difficult-to-read text that a computer is unable to unscramble, Facebook's system pulls tagged photos from your friends' pages and asks you to identify who that person is.

It's a neat system, and one that may go some way to help alleviate Facebook's problems without inconveniencing its users too much. Both features should be fully rolled out across Facebook's many users over the next few weeks.