Facebook moves to more secure connection

Posted by Emma Woollacott

Facebook has rolled out HTTPS security across the site, meaning it may be a little slower - but a lot safer.

HTTPS, commonly used by banks and e-commerce sites, automatically encrypts communications, preventing hackers and attackers from sniffing out sensitive data when people use unencrypted wifi hotspots.

Until January last year, Facebook only used HTTPS during the log-in process, but then announced that it planned to extend it to the whole Facebook experience. Unfortunately, though, it made the feature opt-in - and not many people did.

Now, though, it's starting to roll out HTTPS across the board, starting this week with North America. Users will start to see 'https://facebook.com' at the top of their browser window.

Security firm Sophos is so chuffed with the new move it's giving away T-shirts to celebrate: "Sure, we might have liked it if Facebook had enabled HTTPS by default more quickly, but it would be churlish to grumble now they're doing it," says senior technology consultant Graham Clueley.

The downside of the change is that encrypted pages take longer to load, which means users will almost certainly notice some slowing of the site.  However, part of the reason for the long delay in introducing the feature is that the company's been working on ways to mitigate this through load balancing. Still, anyone that wants to opt out can.

Google made a similar move to HTTPS on Gmail in January last year, and Twitter has also made the change.