Facebook Adopts HTTPS By Default To Increase Security For Its 1B+ Users
Facebook has decided to move its massive user base to HTTPS connections for added security, in a bid to prevent cyber attacks over Wi-Fi networks.
HTTPS is the secure version of the Hypertext Transfer Protocol (HTTP), the essential method a browser employs to connect with Web sites. HTTPS basically adds a layer of encryption to data transfer, making the information harder to breach by attackers on the same wireless network. To achieve this added security, it slightly reduces transfer speeds.
Facebook, however, did not want to sacrifice neither speed nor security for its 1 billion users. Consequently, the social networking giant spent the last two years enhancing its infrastructure so that moving all of its users to HTTPS will "slow down connections only slightly," according to TechCrunch.
"This week, we're starting to roll out HTTPS for all North America users and will be soon rolling out to the rest of the world," Facebook announced on Thursday, Nov. 15, in a post on its Developer Blog.
Gathering information over a local network is very simple without HTTPS. Firesheep, FaceNiff, and other such packet sniffers are designed particularly for this purpose, and don't require much technical knowledge. Such tools make it incredibly easy to discover someone's login details or other sensitive information over standard HTTP connections.
That's where HTTPS comes in. Increasingly more Web services beyond e-commerce sites and financial institutions have adopted HTTPS to add extra security. Gmail, for instance, made HTTPS the default for all users back in 2010. Twitter made the same leap this year, and now it's Facebook's turn.
It's true that Facebook added HTTPS last year, but only as an option, and many third-party apps did not support the protocol. All apps have since been required to support HTTPS, and Facebook is now rolling out the protocol to all users.
Still, because this added security comes at the expense of speed (encryption adds load time to Web pages), users will be allowed to opt-out of HTTPS in their account settings, according to TechCrunch.
The address bar in a browser shows whether the site is using an HTTPS connection or the standard HTTP protocol. When the connection is secure, the URL in the address bar will start with "https://."
For extra security on other Web sites, Firefox and Chrome users can also install the HTTPS Everywhere add-on, which will automatically activate HTTPS on sites where it is supported, but not default.