Facebook to Use Secure Web Protocol by Default

Users will now access the social networking site via HTTPS, unless they purposely opt for HTTP.
Posted November 20, 2012
By

Cynthia Harvey


Facebook has announced that it is beefing up security for users by making HTTPS the default protocol for accessing the social network. Users may notice a slight slowdown on the website as a result.

InformationWeek's Mathew J. Schwartz reported, "Facebook has begun making HTTPS, which provides SSL/TLS encryption, the default protocol for accessing all pages on its site. 'As announced last year, we are moving to HTTPS for all users,' said Facebook platform engineer Shireesh Asthana in a Facebook developer forum blog post. 'This week, we're starting to roll out HTTPS for all North America users and will be soon rolling out to the rest of the world.'"

CNN's John D. Sutter wrote, "Bad news: Your Facebook page is likely about to slow down. Good news: The change will help keep online thieves away. According to a recent blog post, Facebook is in the process of moving all of its users in North America -- and soon the rest of the world -- to a type of Internet connection that is more secure but also tends to slow down Web browsing a bit. Called HTTPS, as opposed to less-secure HTTP, it's the connection you see on online retail sites when you're about to enter credit card information or a password. Sometimes a little lock icon appears in the browser window when you're connected to a site with HTTPS. (The 's,' by the way, stands for 'secure.')"

TechCrunch's Josh Constine observed, "When you’re dealing with 1 billion people’s personal info, security is critical. But Facebook didn’t want to sacrifice speed. That’s why it spent the last two years making infrastructure improvements so that its transition of all its users to HTTPS which starts this week will 'slow down connections only slightly.' People will be able to opt-out of HTTPS for maximum speed if that’s how they roll."

InfoWorld's Lucian Constantin noted, "For the past several years, security experts and privacy advocates have called on Facebook to enable always-on HTTPS by default because the feature prevents account hijacking attacks over insecure networks and also stops the governments of some countries from spying on the Facebook activities of their residents."




Tags: Facebook, social network, HTTPS, privacy, encryption, secure, protocol


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.