Facebook rolls out always-on HTTPS by default
Posted on 19 November 2012.
After expanding secure browsing from the login process to the entire site in January 2011, Facebook is finally rolling out HTTPS by default for all users - not just the ones who opted for it.

The social network has understandably gone relatively slow through these changes as, initially, the loading of the pages went more slowly with HTTPS on, and some features as well as third-party applications were not working because they were not supported in HTTPS.

Users who, at the time, did opt in for full HTTPS throughout the site had their connection automatically downgraded to HTTP every time they allowed it in order to use an application that did not support HTTPS. After a while, it was discovered that the switch would also automatically deselect the secure browsing option - a glitch that may or may not have been intentional.

Almost two years have passed since then, and Facebook must have finally concluded that always-on HTTPS will not lead to a decrease of the social network's quality of service, as they have (rather quietly) announced last week the roll out of HTTPS for all North America users, with the rest of the world to follow shortly.

Of course, anyone can still opt into the feature anytime by visiting their account's Security Settings and ticking off the Secure Browsing option. For those who have already done that, this latest Facebook's decision won't present a change at all.


Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 24th