Facebook Plans Encryption To Fix PrivacyFacebook Plans Encryption To Fix Privacy
Developers have been asked to review a proposal to encrypt information passed through Facebook application URLs.
October 21, 2010
Responding to concerns raised earlier this week that popular Facebook apps expose user identification numbers (UIDs), Facebook on Thursday proposed addressing the issue through encryption.
Facebook engineer Mike Vernal published the proposal on the Facebook developer's blog, noting that Facebook hopes to lay the groundwork to implement encrypted UIDs over the next few weeks and then to add support for encryption following community feedback. A specific migration timeline will be announced later.
The issue is that certain Facebook apps transmit UID numbers, which may be used to identify Facebook users and link actions at other Web sites to a Facebook identity. When a Facebook user requests a Web page with images or other resources, the user's browser may send HTTP header information that includes the URL of the Web page. For a particular type of Facebook Platform application, an iframe-based canvas application that includes a third-party iframe or resource, the HTTP Referrer header may include the user's UID number once the user has authorized the application.
The UID number is used to personalize Web pages. It's what allows Web pages to include information about one's friends. Unfortunately, it can also compromise user privacy, particularly if the user is not aware that his or her UID is being shared.
Vernal says that while some Facebook developers have been employing page redirection or "double framing" to remove UIDs from URLs, Facebook wants to develop a better fix for the problem.
The change will prevent the accidental sharing of UIDs through the Referer header; it won't stop deliberate UID sharing that violates Facebook's developer rules.
It also won't make HTTP Referer headers less prone to exposing information related to other Web sites or Web applications.
"While this proposal will address the inadvertent sharing of this information on Facebook, the underlying issue of data sharing via HTTP headers is a Web-wide problem," wrote Vernal. "We look forward to working with the Web standards community and browser vendors over the coming months to help address this issue."
Read more about:2010
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023