Facebook plans to introduce encryption of user IDs as a move to beef up security and to respond to the concerns raised by the recent privacy breach through Facebook apps.
WSJ recently reported that Facebook apps were transmitting user IDs to outside companies. Such information can be used to identify the users and link actions at other websites.
Mike Vernal, Facebook engineer, said “while initial press reports greatly exaggerated the implications” of sharing UIDs, he assured that Facebook is taking the issue very seriously.
Vernal says the issue of data sharing via HTTP headers is a Web-wide problem, and is not limited to Facebook.
“When a browser loads images or other resources on a Web page, it will sometimes send an HTTP header that identifies the URL of the Web page containing the resource. For one type of application written on Facebook Platform (iframe-based canvas applications), after a user has authorized the application, the URL of the iframe may contain the UID of the user. This UID is included in order to enable the application to build a personalized experience for the user.”
He also added that some Facebook developers are already implementing page redirection or “double framing” to remove UIDs from URLs.
The proposed encryption will prevent the accidental disclosure of information via HTTP headers.
Facebook plans to enable parameter encryption as an option to developers over the next few weeks, before it is bundled with various Facebook SDKs.
{ 0 comments }
