Facebook Plans Encryption To Fix Privacy

  /     /     /  
Publicated : 22/11/2024   Category : security

Facebook Plans Encryption To Fix Privacy


Developers have been asked to review a proposal to encrypt information passed through Facebook application URLs.


Responding to concerns raised earlier this week that popular Facebook apps
expose user identification numbers (UIDs)
, Facebook on Thursday proposed addressing the issue through encryption.
Facebook engineer Mike Vernal published the proposal
on the Facebook developers blog
, noting that Facebook hopes to lay the groundwork to implement encrypted UIDs over the next few weeks and then to add support for encryption following community feedback. A specific migration timeline will be announced later.
The issue is that certain Facebook apps transmit UID numbers, which may be used to identify Facebook users and link actions at other Web sites to a Facebook identity. When a Facebook user requests a Web page with images or other resources, the users browser may send HTTP header information that includes the URL of the Web page. For a particular type of Facebook Platform application, an iframe-based canvas application that includes a third-party iframe or resource, the HTTP Referrer header may include the users UID number once the user has authorized the application.
The UID number is used to personalize Web pages. Its what allows Web pages to include information about ones friends. Unfortunately, it can also compromise user privacy, particularly if the user is not aware that his or her UID is being shared.
Vernal says that while some Facebook developers have been employing page redirection or double framing to remove UIDs from URLs, Facebook wants to develop a better fix for the problem.
The change will prevent the accidental sharing of UIDs through the Referer header; it wont stop deliberate UID sharing that violates Facebooks developer rules.
It also wont make HTTP Referer headers less prone to exposing information related to other Web sites or Web applications.
While this proposal will address the inadvertent sharing of this information on Facebook, the underlying issue of data sharing via HTTP headers is a Web-wide problem, wrote Vernal. We look forward to working with the Web standards community and browser vendors over the coming months to help address this issue.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Facebook Plans Encryption To Fix Privacy