Facebook has announced an updated plan for the way of handling the user IDs transmission. It would not need the use of the encryption. After talking to the community, an engineer of Facebook, Mike Vernal, has written in one of his blog posts that they have updated the planned solution of using a different system which would provide a better security for the Facebook users whilst reducing the impact on the existing applications along with the elimination of the need for using the encryption libraries.
The proposed solution would be embedding a user ID in the body of HTTP POST. Thus, encrypted or unencrypted, it would not be showed in any of the header of the HTTP referrer.
When the browser is loading information, sometimes it sends HTTP header that recognizes the Uniform Resource Locator of the certain page containing the information. When the user of Facebook authorizes an application, apps named iframe-based canvas, which contains the user ID of the user, are written on the Platform of Facebook.
As per what Vernal wrote in his blog, the User ID is integrated with the purpose of enabling the application for building a modified experience for the Facebook user.
It was published in an article of the Wall Street Journal of the October issue that the apps of Facebook have been sharing the information of User ID with the networks of advertising and other companies of internet tracking. According to Facebook, it would not overlook such actions and would certainly begin encrypting the strictures it has been sending to the iframe-based apps.
Vernal also mentioned that the new proposed solution would not need the encryption and would only need nominal effort for the developers and the addresses from where they have been receiving the feedback till now. They do it by making a targeted form element at the Canvas URL of application.