Back in April 2011, I and my then colleagues at Sophos’s Naked Security wrote an open letter to Facebook, calling on the social network to take three steps to better protect their users’ security and privacy.
One of those steps was “https by default”.
In a post published last night by its engineering team, Facebook announced that it was now using “https by default for all Facebook users”.
This is great news.
Implementing HTTPS/SSL means that Facebook’s many millions of users will have their communications with the social network automatically encrypted between their browsers and the site, putting them out of reach of hackers and attackers who could otherwise sniff sensitive information from unencrypted Wi-Fi hotspots.
It’s taken Facebook a while, but I’m glad they’ve achieved it. So, well done Facebook.
If you want to double-check that you have HTTPS enabled for your Facebook sessions, visit your privacy options and you should be able to find the under the security “tab”. Here’s a handy direct link if you find it tricky to find.
You can read more from Facebook’s Engineering team on this topic, and the gradual adoption of HTTPS across the social network, in their blog post.
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.