Facebook offers HTTPS browsing, but not yet by default

Summary:Facebook has finally added a new feature to browse the popular social network on a secure connection. However, it is not yet turned on by default.

Facing a wave of criticism for not offering a secured browsing option, Facebook has finally added a new feature to browse the popular social network on a secure connection (https).

However, the https:// browsing is not turned on by default and must be manually activated from an “Account Settings” page on Facebook.

Here's the company's explanation:

If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green. This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private. Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure.

Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools.

Facebook offers peek at incoming malware attacks

However, instead of being on by default (as it is with GMail, for example), Facebook is urging users to activate secure browsing via the "Account Security" section of the Account Settings page.

The new feature will effectively kill tools like Firesheep which were created to highlight the weaknesses of Web sites that don't offer a secure browsing option.   Firesheep, released as a Firefox plug-in, offered a point-and-click interface to fully compromise Facebook browsing sessions.

Facebook says the new feature may slow down surfing on the site because encrypted sessions typically take longer to load.  In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS, which will cause problems.

The company says it hopes to offer HTTPS as a default setting "sometime in the future."

Topics: Security, Malware, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.