[aaronblohowiak]

When would you use FB chat and care about the privacy of the communication?

[evgen]

When I am using a real Jabber client.

[compay]

At work, probably.

[aw3c2]

This includes the login I guess...

[philfreo]

can someone confirm that login info is sent in the clear? that's pretty terrible.

[kam]

They claim they're using DIGEST-MD5, so not quite plaintext, but a broken hash algorithm

http://www.facebook.com/help/?faq=16742

http://www.facebook.com/help/?faq=16741

[j0]

yep. they could have at least supported SASL to have the login info encrypted and then transport the rest of the stream unencrypted, but they did not.