In particular, Butler called out social networking sites Facebook and Twitter, claiming that privacy initiatives and other tweaks did little to protect users if the site was vulnerable to HTTP hijacking attacks.
"Facebook is constantly rolling out new 'privacy' features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely?" he said. "Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room."