Facebook transitions to secure browsing by default for everyone

Share this article:

Facebook has completed its migration to secure browsing by default for all users, a years-long initiative that other online-based organizations have also implemented

'HTTPS', symbolized by the padlock in the left end of the address bar, is an encrypted protocol that prevents the unauthorized hijacking of private sessions and data.

The massively popular social network introduced secure browsing – using Transport Layer Security (TLS) to make web communications more secure – as an option in 2011 and saw a steady increase in adopters before it started actively migrating users to HTTPS by default toward the beginning of this year.

The migration to default secure browsing presented some challenges along the way, admitted software engineer Scott Renfro in a blog post.

Performance issues were perhaps the greatest challenges the engineering team at Facebook was able to overcome when making the transition to secure browsing, said Renfro. He explained HTTPS at least doubles the amount of “round trips” necessary for a web browser to communicate with Facebook servers.

“When combined with an already-slow connection, this additional latency on every request could be very noticeable and frustrating," he wrote. "Thankfully, we've been able to avoid this extra latency in most cases by upgrading our infrastructure and using abbreviated handshakes."

Renfro added that some mobile phones and mobile carrier gateways do not yet fully support HTTPS, so users will experience a session downgrade in some instances.

He said there is ongoing work that includes moving to 2048-bit RSA keys, elliptic curve cryptography, elliptic curve ephemeral Diffie-Hellman (ECDHE) key exchange, certificate pinning and HTTP Strict Transport Security (HSTS). All are meant to create for a safer web browsing experience.

“We're really happy with how much of Facebook's traffic is now encrypted and are even more excited about the future changes we're preparing to launch,”  he wrote.

A Facebook spokesman deferred a request for comment to the blog post by Renfro.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.