A very big thank you to the team at Facebook for allowing users in the Sudan to access Facebook securely. Instead of using the regular http:// access to the site, using https:// means that your connection is securely encrypted. This prevents malicious users from spying on your account and seeing your password, for example. This is why all online banking websites use https, as does Google with gmail. Tunisia in many ways set the precedent. Read this excellent account on the inside story of how Facebook responded to Tunisian hacks.
As we have seen in many situations, Facebook is often used by activists to schedule and coordinate mass action. This is equally true of the Sudan, with this Jan30 Facebook group, which now has over 17,000 members. However, in my recent Skype conversations with a number of Sudanese activists, I’ve realized that many of them didn’t know that the Tunisian government (for example) had been able to hack into Facebook accounts. While using https is not a complete panacea, it definitely is a step in the right direction re communicating securely in repressive environments. I’ve also encouraged colleagues to switch to using Hushmail for email communication.
So for colleagues in the Sudan, to set up https:// access, go to “My Account” then “Settings” and then “Account Security.” Here’s the equivalent in the Arabic interface:
You should click on “Browse Facebook on a secure connection (https) whenever possible” and also on “Send me an email” that way you get sent an automated email when a new computer or mobile phone logs into your account. If you have any questions, feel free to add them in the comments section of this blog.
Here are some other steps you can take to use Facebook more securely:
1. Do not share sensitive info on FB
2. User passphrases instead of passwords
3. Change you name, or at least do not provide your full name on FB*
4. Do not use a picture of yourself for your FB profile picture
5. Logout of FB when not using the site
* Use this with caution as it violates FB’s terms of service and if someone is targeting you, they can report you to FB. Also do not give FB your identification if asked (@JillianYork).
Again, using https and following these five steps is no guarantee that your account won’t be hacked, but it maximizes your chances of using Facebook more safely. If you have any security tips to share, please add them in the comments section of this blog post.
A big thank you once again to Facebook. I emailed them (via another colleague) with my concerns regarding Sudanese activists and they responded in a just a matter of hours. Facebook is also in the process of rolling this https option out for all their users worldwide.