Facebook To Flip Switch On HTTPS


Earlier this week, Facebook announced that it is planning to enable HTTPS (Hypertext Transfer Protocol Secure) as the default setting for all of its 1 billion users. In a move that has apparently been in the works for a couple of years, the default option will help keep users’ data secure.

HTTPS grants benefits over regular HTTP, in that is encrypts all traffic from end to end. For a while now, Facebook has used HTTPS when logging in to the site, but only offered an opt-in service for users who wanted all of their Facebook interactions encrypted. Why the option? First and foremost, HTTPS is slower than HTTP. Because of the overhead necessary to encrypt and decrypt data, page load times take longer. Facebook says, though, that it has been working on infrastructure improvements that should minimize speed decreases once HTTPS is turned on by default.

Facebook’s security policy manager, Frederic Wolens, told TechCrunch:

“It is far from a simple task to build out this capability for the more than a billion people that use the site and retain the stability & speed we expect, but we are making progress daily towards this end. This may slow down connections only slightly, but we have deployed significant performance enhancements to our load balancing infrastructure to mitigate most of the impact of moving to HTTPS, and will be continuing this work as we deploy this feature.”

While the desire to keep its users data safe is certainly admirable, there’s one more hurtle that Facebook will need to consider: some countries have an explicit ban on the import of cryptographic tools. This means that many users around the world may have legal issues obtaining software (such as a web browser) that can handle HTTPS. Fortunately, Facebook is offering users the ability to opt-out of the default HTTPS.