Facebook rolls out always-on HTTPS by default
Posted on 19 November 2012.
After expanding secure browsing from the login process to the entire site in January 2011, Facebook is finally rolling out HTTPS by default for all users - not just the ones who opted for it.

The social network has understandably gone relatively slow through these changes as, initially, the loading of the pages went more slowly with HTTPS on, and some features as well as third-party applications were not working because they were not supported in HTTPS.

Users who, at the time, did opt in for full HTTPS throughout the site had their connection automatically downgraded to HTTP every time they allowed it in order to use an application that did not support HTTPS. After a while, it was discovered that the switch would also automatically deselect the secure browsing option - a glitch that may or may not have been intentional.

Almost two years have passed since then, and Facebook must have finally concluded that always-on HTTPS will not lead to a decrease of the social network's quality of service, as they have (rather quietly) announced last week the roll out of HTTPS for all North America users, with the rest of the world to follow shortly.

Of course, anyone can still opt into the feature anytime by visiting their account's Security Settings and ticking off the Secure Browsing option. For those who have already done that, this latest Facebook's decision won't present a change at all.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th