Facebook Enables HTTPS By Default for North America
Facebook is expanding its use of HTTPS by turning it on by default for some of its massive user base. A rollout for the rest of the world will follow at a later date.Facebook is taking a page from Google and other sites by making HTTPS default for user connections in North America, following through on plans announced last year. The move is meant to provide secure browsing for part of the social network's user base, which as of September is counted by the company to be more than a billion. The rollout began last week, and Facebook stated there are plans to make HTTPS default for the rest of the world as well. No specific date was given as to when that would be. Starting last year, Facebook gave users the opportunity to turn on HTTPS so that it was used to protect their entire sessions as opposed to only being used whenever they entered their passwords. The option could be enabled through the Account Security section of the Account Settings page. At the time, Facebook advised users that while HTTPS improves security, encrypted pages take longer to load, and could slow down their experience using the site. HTTPS layers HTTP on top of the SSL/TLS protocol and provides authentication of the Website and Web server a user is communicating with and keeps the session cookie encrypted to provide protection against man-in-the-middle attacks.
Google opted to turn HTTPS on by default for Gmail in 2010 after calls from security and privacy experts and the emergence of reports of attempts to access the Gmail accounts of Chinese human rights activists. In 2011, Google began redirecting users signed into their Google accounts to the HTTPS version of Google.com to encrypt the searches users perform and the results they receive. Earlier this year, Twitter enabled HTTPS by default for all its users as well, roughly a year after introducing it as an option. Users can turn the option of on their account settings page.