Facebook migrates everyone to https connection

The social network attempts to protect members en masse by establishing a more secure connection between their browser and Facebook's servers.

Jennifer Van Grove Former Senior Writer / News
Jennifer Van Grove covered the social beat for CNET. She loves Boo the dog, CrossFit, and eating vegan. Her jokes are often in poor taste, but her articles are not.
Jennifer Van Grove
Matt Harnack/Facebook

Facebook said Wednesday that https is now the default standard for everyone browsing its social network, meaning that almost all traffic to its Web site and a majority of traffic to its mobile site will be established through a secure connection.

"We now use https by default for all Facebook users," Facebook infrastructure engineer Scott Renfro wrote in a blog post on the update. "This feature ... means that your browser is told to communicate with Facebook using a secure connection, as indicated by the 'https' rather than 'http' in https://www.facebook.com. This uses Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), and makes the communication between your browser and Facebook servers more secure."

The protocol is intended to provide an extra layer of security around members' Facebook browsing and communication activities. The hope is to insulate people from man-in-the-middle and eavesdropping attacks, and prevent members' accounts from being comprised.

Facebook first introduced secure browsing through https as an option two years ago and said that more than one-third of users had enabled feature prior to the forced, full migration.

"Turning on https by default is a dream come true, and something Facebook's Traffic, Network, Security Infrastructure, and Security teams have worked on for years," Renfro said. "We're really happy with how much of Facebook's traffic is now encrypted and are even more excited about the future changes we're preparing to launch."