In response to concerns expressed over the last few days that widely-used Facebook applications expose user data, the social networking giant on Thursday suggested dealing with the issue through the use of encryption.
Mike Vernal, the Facebook engineer, presented the suggestion on the social network's developer's blog, saying that Facebook expects to lay the foundation to implement encrypted user data within the next few weeks. This will be followed by the addition of support for encryption after community feedback. A more specific transformation schedule is due to be announced later.
Earlier this week, it was discovered that a number of Facebook applications transfer user data to third party websites.
Vernal said that even though many Facebook developers are already employing "double framing" (or page redirection) to remove UIDs (user identification numbers), which can be used to identify users , from URLs, the company wants to find a better solution to the problem.
The proposed change will also eliminate the likelihood of unintentional sharing of UIDs via the Referer header; it will not stop intentional UID sharing that is against Facebook's privacy policy.
It will also not make Referer headers less likely to transmit information concerning other web applications or websites. "While this proposal will address the inadvertent sharing of this information on Facebook, the underlying issue of data sharing via HTTP headers is a Web-wide problem," stated Vernal. "We look forward to working with the Web standards community and browser vendors over the coming months to help address this issue".
