Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

“One of the most important things that Facebook can be doing is looking for new threats in real time,” Weinstein says. “You can stay ahead of that by detecting new patterns of malicious activity and stopping them before you’ve determined malware is present.”

A crucial security feature that Facebook has not yet fully implemented, Weinstein points out, is default encryption (as denoted by Web addresses starting with “https” rather than “http”). The latter, older system leaves someone logging in via Wi-Fi at a Starbucks, for example, at much greater risk of having his or her unencrypted information intercepted.

Last year Gmail moved to https as the default setting.  But Facebook currently offers it only as an option. This is problematic, says Weinstein, because “the people who are most likely to need the feature are the least likely to know they need to turn it on.”

In an e-mail statement, Facebook said it is “making progress daily” toward default encryption. “We continue to work towards making this setting a default feature as soon as possible,” the statement said, but it noted that this requires ironing out site stability and speed issues. Facebook is also working with app developers so that encryption works across the site.

But Bruce Schneier, a cryptologist and security expert with BT Counterpane, points out that Facebook’s ultimate product is your data, which it uses to sell advertisements. “I think the biggest danger of putting things on Facebook is Facebook,” he says. “Facebook knows all of your stuff, and they sell it. It’s like handing your money to a thief who says ‘Nobody else will get your money.’ If you want Facebook security, don’t be on Facebook.”

5 comments. Share your thoughts »

Credit: Facebook

Tagged: Computing, Web, security, Facebook, hackers, phishing, identity theft

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me