Wednesday, February 23, 2011

Facebook embraces https (as of late Jan.); do "ordinary personal sites" need https?

Okay, I changed my security settings on my own Facebook account today to make all use of the site https.  Really, the main place it matters is public places.  Facebook’s own blog entry, as of Jan. 26, is (website url) here and a typical commentary is here with a CNET video.

Should “ordinary” websites and blogs be required or “expected” to implement https?  They should if they require user login with password, or if they take credit card information or any other PII.  But if all you have is one-way content (text, pictures, videos) and you don’t require login for comments, it doesn’t seem necessary to me.

No comments: