Well if you had read my previous post, you will know that Facebook’s HTTPS implementation was pretty crap.
Now Facebook has officially rolled out HTTPS, great!
Only problem, currently Apps do not support HTTPS and take the user back to basic HTTP, this wouldn’t normally be a problem but upon test, it doesn’t just put the user to HTTP, it disables the option to use HTTPS in the user option so the user has to turn it back on in the options again and every time they visit an app.
so great implementation that is disabled as soon as HTTPS isn’t used, instead of just temporarily disabling the option then reinstating it where is it supported, they turn it off completely.
So overall you can have security without features or features without security.
How can implementation of a basic protocol that has been around since 1994 be so rubbish that even a basic web developer should be able to grasp?