Facebook starts rolling out HTTPS by default
Facebook has started securing all data traffic to the social networking site using HTTPS by default. The change started rolling out to all North American users last week, while users in the rest of the world should see HTTPS enabled by default soon. Switching to HTTPS by default will mean that all connections and data, including cookies, will be transmitted over SSL in encrypted form and should no longer be able to be easily read and used for fraudulent purposes by attackers.
While Facebook has used HTTPS connections to protect users' login credentials for some time, it only started offering an HTTPS option for the entire site in January 2011. The feature was not turned on by default and instead required users to manually enable the HTTPS option in their Facebook account settings.
The HTTPS setup was also criticised for being a rather crude implementation. When initially rolling out the HTTPS option, Facebook pointed out that some Facebook features and third-party applications did not support it.
At that time, Facebook also noted that users with HTTPS enabled might find that the site's pages took longer to load. Frederic Wolens, Facebook security policy manager, told TechCrunch that, while enabling HTTPS by default "may slow down connections only slightly," the company has enhanced its load balancing infrastructure to mitigate most of the performance issues involved with making HTTPS the default.
- HTTPS Everywhere 3.0 supports more sites, a report from The H.
- Google is globally switching its search to HTTPS by default, a report from The H.