Facebook officially enforced the change for Pages and Applications to provide a secure connection and environment (HTTPS and OAuth 2.0) for their users to interact with customized content on the Facebook Platform. Were you ready for the change? Is your application still locked in Sandbox mode today? What is HTTPS and why do you need to switch? What is going on?
In May 2011, Facebook announced on their Developer’s Roadmap the intention to complete the migration of all Facebook pages and applications towards a more secure platform using HTTPS and OAuth 2.0 by 1st October 2010. Given the open nature of the internet and the sensitivity of the data users put online these days, this move has been seen as long overdue by many in the Tech industry. So, how does browsing Facebook over HTTPS help you secure your information? If you are unsure of what HTTPS does, it simply means that there are additional layers of verification and encryption to who is receiving your data and how your data is being transmitted and received. To find out exactly how does HTTPS work, simply google “HTTPS”.
If you have yet to enable HTTPS for your Facebook Page and/or Application, you will notice that Facebook has put your page and/or application into a “Sandbox” mode. Users can see that your page/application exists, but they will not be able to access your page/application. During this transition period, users can still access your sand-boxed page/application though by disabling secure browsing.
So what does this update really bring for us everyday users like you and me?
You as a User
On the surface as a user, the visible effect of the changes are not much, compared to the launch of Timeline on Facebook this week. You probably did not even feel the change before reading this. You will notice that there is an extra S in the http you see in the address bar, your favourite applications are no longer working (fix this application!) and you get lots of pop up messages from Facebook asking you to disable secure browsing only to realize that you need to restart Facebook to be back on secure mode.
What is important, however, are the changes that is not so visible.
Being on secure mode means that the data we send and receive goes through an additional layer of encryption and decryption. On normal broadband speeds, this is hardly noticeable. However if you are surfing on a 3G network or on a slow connection, you will notice that ALL pages on Facebook will take a longer time to load.
What you are trading all these inconveniences for, is essentially a peace of mind. Given the recent incidents on the security loopholes in many companies on the internet, this added security means it is harder for your account and information to be hijacked by malicious software and hackers. This change also opens up more options in terms of services which companies can offer on Facebook with a secure platform. E-Commerce, access to Banks and Government services are just some of the few possibilities on the horizon.
As a user, you might not be getting much except for security at the moment, but once things starts to get integrated together, that is when things starts to get fun and exciting!
You as a Developer
The first and foremost concern which most developers have when they heard about the move to HTTPS was the cost. In order to provide a HTTPS connection for Facebook to connect to their content, developers now need to ensure that the site they are hosting on has a valid SSL certificate. And this certificate is not free. Some hosts provide add-on services which you can opt-in for SSL certificate at an additional monthly premium, some hosts do not provide the certificate and require you to secure your own.
For developers working in a corporate environment, this is not an issue as the cost is borne by the company. The hardest hit will be the casual or freelance developers who have to now either pay from their own pocket or transfer the costs to the clients. This change will effectively cause a shift in the freelance / casual developers community in time to come. Will we see a collaboration in the community to create a shared SSL service to defray the costs? How will they work around this issue?
Delivering secure content over the web using HTTPS involves verification of the host and encryption/decryption of the transmitted data. These additional steps will introduce overheads in processing time for web pages. Web page optimization will become even more important when it comes to delivering content with high user experience satisfaction. For browsing HTTPS over broadband, the difference will not be noticeable. However more and more users are surfing the web on tablets and mobile phones using 3G and public WIFI connections. Is your application today well optimized to deliver content over slower networks with HTTPS?
With this step taken towards a more secure platform, Facebook is opening up doors for developers to create applications that was considered unsuitable due to security concerns. What will be the next application you’ll be working on? Let us know!
You as a Business Owner
If today you have yet to update your pages and applications to work on the secure platform, the good news is, users can still access them for the time being.
However, each time they access your page/application, Facebook will prompt them to disable secure browsing first. Not exactly a good way to encourage users to interact and engage your brand. And you know that once the User un-like your page, it can create a domino effect and it will be difficult to get them back.
This change in secure browsing is essentially the first step towards opening up users, corporations and governments to be more receptive to the idea of performing secure transactions on Facebook. Once the momentum catches on, you will be able to integrate your pages and applications with services from all sectors, from entertainment, education, e-commerce, work related applications, government services and so on.
Are you in the right position in this change to come? Getting out of the Sandbox is fast, easy and does not need to be costly. Feel free to ask Clickr today!
On the Near Horizon
Now let’s look ahead. The next change will begin in January 1st 2012, when Facebook stops supporting all pages previously done using FBML, and finally pulling the plug on FBML pages on the 1st of June, 2012. So if you have yet to begin updating your current Facebook pages and applications, do not procrastinate any longer, or you will be more than just 2 steps behind the world. For a free consultation, ask Clickr today!