In response to the news that several of Facebook's popular applications were sending user IDs and other identifying information to third parties Facebook says it plans to encrypt user IDs. (Of course, the announcement didn't come until privacy groups and legislators made significant noise about the data "leaks," so I'm sure that helped the decision along.)
[T]he parameters that are passed back to iFrame-based applications will be encrypted using an application's secret key, meaning that only the actual application will be able to read the information and accidental disclosures over HTTP headers will no longer be possible.
Though Facebook indicated last week that possession of the user IDs doesn't automatically give third parties access to private user information, the fact that Facebook policies prohibit sharing user IDs suggests that they are not without value, Mashable writer Christina Warren explained.
Obviously, the decision to encrypt is a good one. But like Warren, I'm wondering why it took Facebook this long to decide to do it. Moreover, I'm not sure it will be enough to satisfy the legislators who are working to see Facebook take further steps toward user privacy.