Facebook has announced that all users will now access the desktop site with HTTPS, a protocol that makes the connection between browsers and the social network more secure. This has been an option since early 2011, and about 35 percent of users had enabled it themselves before Facebook started actively switching people over this year.
Site catches up to app security
The HTTPS connections employ Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL). Although the connections can come with a performance lag, Facebook says it has been able to avoid this "in most cases" by using abbreviated handshakes and upgrading infrastructure. 80 percent of traffic to m.facebook.com now uses a secure connection, too, and the iOS and Android apps are HTTPS-enabled as well.
The company also confirmed that it will be rolling out further security improvements this fall, including forward secrecy. The encryption technique, which avoids using a single key that could be compromised over time, is considered extremely secure by experts, but very few sites on the web have enabled it — Google and Bloomberg are two of the more prominent.