OK, so Facebook now gives you the option of talking to their site over an encrypted protocol. Cool. Well, sorta. But not really. I am not saying using HTTPS is not better than straight HTTP web browsing, but if regular (non-technical) users think it will make their use of Facebook safer, they probably really don't understand what makes Facebook (or any website) truly insecure to them as users.
First, Secure Sockets Layer is not new. Facebook didn't just discover it or something, it has been around since 1995 (see http://en.wikipedia.org/wiki/Transport_Layer_Security for more info). The purpose of HTTPS (the particular implementation of SSL that is being talking about) is simply so that when you are talking to a particular website that the communications directly to that site cannot be falsely interrupted, decoded, or mimicked without someone who has a very, very high level of acumen in digital security.
However, the problem with internet security is not HTTPS usage- it is almost 99% about leading legitimate web surfers to an illegitimate site. This means that there are people out there who try to get you to click on links that lead you to somewhere OTHER than where you expected to go. And once you are at their phoney site, they have you normally enter some personal data that they later use to exploit you or steal your identity.
It goes like this-
That above scenario happens in email scams with everything from Bank "notifications" (phoney ones) to Facebook updates to whatever.
The point is, SSL or HTTPS doesn't make that above situation any safer. If you followed your email links then nothing appeared to be wrong, and HTTPS operating on the real Facebook won't be of any help to you while you are logging on a phoney website that is only made to look like Facebook to steal your access.
There are really two main rules that will cover about 80% (making that figure up in my head) of your problems on Facebook or any site:
The HTTPS thing in Facebook merely gives people a bit more safety while they surf facebook, but doesn't protect them from the above two items, which ultimately cause vastly more security and other problems. If you aren't careful enough to note click on emails from anyone that might look like Facebook in your email, then you likely aren't watching to see if you are locked secure while surfing Facebook either.
Now don't get me wrong, HTTPS settings on your login in Facebook does make that part safer. But for most users, it is the email and other links getting you to a "supposed" Facebook location that cause more problems. And once people are in Facebook, it is the propensity to use Apps (and even spoofed bad apps as well) that poses a greater risk than actually getting thread attacks into your browser during an actual session on Facebook, in my opinion.
keep on surfing safely people...
Kim Gentes