Facebook is enabling use of HTTPS connection as a default setting for its huge customer base. As of now, it is expanding its HTTPS base for North America and its roll-out for other regions will follow later on. It is trying to take page from Google and other websites by making HTTPS default for customer links in North America, as per plans that it announced previous year.
The change is intended to offer protected browsing for part of the social media network’s client base that as of Sept is accounted by the firm to be more than a billion. The HTTPS default rollout started last week and the company declared there are plans to set it default for rest of the world too, though didn’t give a specific date.
Kicking off the project last year, it gave customers the option to turn on HTTPS so as to be used to secure the whole session as resistant to only being used at the time they enter their passwords. The option can be enabled through Account Settings page’s Security section. During that time, it warned users that HTTPS can improve security, but could slowdown user’s experience as encrypted pages take longer time than usual to load.
HTTP leading the TLS/SSL protocol, offers verification of the Web server and Website. HTTPS layers keep the cookie encrypted, offering best protection. However, Facebook isn’t the only site to opt for HTTPS by default; in 2010, Google made it default setting for Gmail, after calls from privacy and security experts and the urgent need for reports of challenges to access the Gmail accounts of China’s human right fighters. Last year, it started redirecting clients signed into their G-mail accounts to HTTPS version to encrypt the searches that consumers perform and the results that they get and in the same year, Twitter introduced it as an option, but in early 2012, Twitter expanded HTTPS by making it default for all its followers.
On the other hand, few researches claim that HTTPS shouldn’t be considered as a fool-proof way of dealing with things. It set the example of last year’s Buenos ekoparty Security Conference, where researchers illustrated a tool, named Beast, which can be used to steal cookies. Sophos senior technology consultant, Graham Cluley says default HTTPS is a good step as it allows users to automatically encrypt their communications, preventing attackers and hackers from sniffing the personal information, while using unencrypted Wi-Fi networks.