Skip to main content

Facebook switches on secure browsing by default

Facebook switches on secure browsing by default

Share this story

Facebook has announced that all users will now access the desktop site with HTTPS, a protocol that makes the connection between browsers and the social network more secure. This has been an option since early 2011, and about 35 percent of users had enabled it themselves before Facebook started actively switching people over this year.

Site catches up to app security

The HTTPS connections employ Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL). Although the connections can come with a performance lag, Facebook says it has been able to avoid this "in most cases" by using abbreviated handshakes and upgrading infrastructure. 80 percent of traffic to now uses a secure connection, too, and the iOS and Android apps are HTTPS-enabled as well.

The company also confirmed that it will be rolling out further security improvements this fall, including forward secrecy. The encryption technique, which avoids using a single key that could be compromised over time, is considered extremely secure by experts, but very few sites on the web have enabled it — Google and Bloomberg are two of the more prominent.