[evgen]

Jabber support for FB Chat is nice, but failing to support SSL/TLS is not really acceptable...

[aaronblohowiak]

When would you use FB chat and care about the privacy of the communication?

[evgen]

When I am using a real Jabber client.

[compay]

At work, probably.

[aw3c2]

This includes the login I guess...

[philfreo]

can someone confirm that login info is sent in the clear? that's pretty terrible.

[kam]

They claim they're using DIGEST-MD5, so not quite plaintext, but a broken hash algorithm

http://www.facebook.com/help/?faq=16742

http://www.facebook.com/help/?faq=16741

[j0]

yep. they could have at least supported SASL to have the login info encrypted and then transport the rest of the stream unencrypted, but they did not.

[presto10]

Where does it say SSL/TLS is not supported?

[natrius]

When you try to connect with "Require SSL/TLS" enabled.

[zppx]

Just check the instructions for iChat it clearly says to uncheck SSL.

[rlpb]

Has the AJAX-based chat built into the web application ever been encrypted?