Facebook rolls out always-on HTTPS by default
Posted on 19 November 2012.
After expanding secure browsing from the login process to the entire site in January 2011, Facebook is finally rolling out HTTPS by default for all users - not just the ones who opted for it.

The social network has understandably gone relatively slow through these changes as, initially, the loading of the pages went more slowly with HTTPS on, and some features as well as third-party applications were not working because they were not supported in HTTPS.

Users who, at the time, did opt in for full HTTPS throughout the site had their connection automatically downgraded to HTTP every time they allowed it in order to use an application that did not support HTTPS. After a while, it was discovered that the switch would also automatically deselect the secure browsing option - a glitch that may or may not have been intentional.

Almost two years have passed since then, and Facebook must have finally concluded that always-on HTTPS will not lead to a decrease of the social network's quality of service, as they have (rather quietly) announced last week the roll out of HTTPS for all North America users, with the rest of the world to follow shortly.

Of course, anyone can still opt into the feature anytime by visiting their account's Security Settings and ticking off the Secure Browsing option. For those who have already done that, this latest Facebook's decision won't present a change at all.


Stagefright 2.0: A billion Android devices could be compromised

Most Android users are, once again, in danger of having their devices compromised by simply previewing specially crafted MP3 or MP4 files.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 2nd