The Facebook Blog

A Secured Connection

If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green. This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private. Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure.

Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the "Account Security" section of the Account Settings page.

There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.

Social Authentication

At Facebook we strive to put people at the center of all of our products and to design every experience you have on the site to be social. This is obvious in products like photos, where pictures are organized around the people that appear in them. We also want to bring the benefits of social design to experiences where you wouldn't traditionally expect them, like account security. Social authentication is our latest effort toward this goal.

The vast majority of people who have used Facebook have never experienced a security problem. However, if we detect suspicious activity on your account, like if you logged in from California in the morning and then from Australia a few hours later, we may ask you to verify your identity so we can be sure your account hasn't been compromised.

Many sites around the web use a type of challenge-response test called a captcha in their registration or purchasing flows. The purpose of this test is to verify that you are a human being and not a computer trying to game the system. Traditional captchas have a number of limitations including being (at times) incredibly hard to decipher and, since they are only meant to defend against attacks by computers, vulnerable to human hackers.

Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are.

We will continue to test social authentication and gather feedback from you and the security community on how to make this and other social features safe and useful.

To learn more about how to keep your information safe on Facebook and across the internet, please visit the Facebook Security Page.

Alex Rice, a security engineer, is enjoying Facebook from a coffee shop.

In the example below, you can see that I use Facebook to sign into Loopt. On my mobile settings page, I can now control the information I've allowed Loopt to access, such as whether or not my check-ins can be used to personalize my experience.

Other settings you can adjust include access to your basic profile information, photos and videos, friends' information and more. To see your privacy controls on mobile, go to m.facebook.com/privacy or visit the Settings page and click the "Change" link next to "Privacy Settings."

These new mobile features will begin rolling out to everyone over the next few weeks. It's important for you to always have control over the information you want to share. And as more people use their phones to connect and share information, we'll continue to innovate and improve your mobile privacy controls so you can enjoy Facebook wherever you go.

Rose is a mobile product manager at Facebook.

We've long heard that people would find Facebook more useful if it were easier to connect with smaller groups of their friends instead of always sharing with everyone they know. For some it's their immediate family and for others it's their fantasy football league, but the common concern is always some variant of, "I'd share this thing, but I don't want to bother 250 people. Or my grandmother. Or my boss."

Until now, Facebook has made it easy to share with all of your friends or with everyone, but there hasn't been a simple way to create and maintain a space for sharing with the small communities of people in your life, like your roommates, classmates, co-workers and family.

We set out to build a solution that could help you map out all of your communities, that would be simple enough that everyone would use it and that would be deeply integrated across Facebook and applications so you can communicate with your different groups in lots of different ways.

We approached this problem as primarily a social one. Rather than asking all of you to classify how you know all of your friends, or programming machines to guess which sets of people are likely cohorts, we're offering something that's as simple as inviting your best friends over for dinner. And we think it will change the way you use Facebook and the web.

Today we're announcing a completely overhauled, brand new version of Groups. It's a simple way to stay up to date with small groups of your friends and to share things with only them in a private space. The default setting is Closed, which means only members see what's going on in a group.

From this space, you can quickly post photos, make plans and keep up with ongoing conversations. You can also group chat with members who are online right now. You can even use each group as an email list to quickly share things when you're not on Facebook. The net effect is your whole experience is organized around spaces of the people you care most about.

I'm also excited to share a couple of other new things we've been working on that will give you more control and make it easier to stay connected no matter what you're trying to do.

First, we've built an easy way to quickly download to your computer everything you've ever posted on Facebook and all your correspondences with friends: your messages, Wall posts, photos, status updates and profile information.

If you want a copy of the information you've put on Facebook for any reason, you can click a link and easily get a copy of all of it in a single download. To protect your information, this feature is only available after confirming your password and answering appropriate security questions. We'll begin rolling out this feature to people later today, and you'll find it under your account settings.

Second, we're launching a new dashboard to give you visibility into how applications use your data to personalize your experience. As you start having more social and personalized experiences across the web, it's important that you can verify exactly how other sites are using your information to make your experience better.

As this rolls out, in your Facebook privacy settings, you will have a single view of all the applications you've authorized and what data they use. You can also see in detail when they last accessed your data. You can change the settings for an application to make less information available to it, or you can even remove it completely.

We've heard loud and clear that you want more control over what you share on Facebook—to manage exactly who sees it and to understand exactly where it goes. With this new Groups experience and the other tools we're rolling out today, we're taking a few important steps forward towards giving you precise controls. We hope these tools bring you more confidence as you share things on Facebook, and that your experience grows richer and more real as a result.