Facebook offers HTTPS browsing, but not yet by default

Facebook offers HTTPS browsing, but not yet by default

Summary: Facebook has finally added a new feature to browse the popular social network on a secure connection. However, it is not yet turned on by default.

SHARE:

Facing a wave of criticism for not offering a secured browsing option, Facebook has finally added a new feature to browse the popular social network on a secure connection (https).

However, the https:// browsing is not turned on by default and must be manually activated from an “Account Settings” page on Facebook.

Here's the company's explanation:

If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green. This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private. Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure.

Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools.

Facebook offers peek at incoming malware attacks

However, instead of being on by default (as it is with GMail, for example), Facebook is urging users to activate secure browsing via the "Account Security" section of the Account Settings page.

The new feature will effectively kill tools like Firesheep which were created to highlight the weaknesses of Web sites that don't offer a secure browsing option.   Firesheep, released as a Firefox plug-in, offered a point-and-click interface to fully compromise Facebook browsing sessions.

Facebook says the new feature may slow down surfing on the site because encrypted sessions typically take longer to load.  In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS, which will cause problems.

The company says it hopes to offer HTTPS as a default setting "sometime in the future."

Topics: Security, Malware, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

44 comments
Log in or register to join the discussion
  • RE: Facebook offers HTTPS browsing, but not yet by default

    I just logged into my FB acct and that option does not show up. Is this something that's currently available to everyone or are they(FB) rolling it out over the next few weeks? What's up?
    reebus856
    • Same here

      Here alo, no such option available yet.
      Daniel Breslauer
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @reebus856 None for me either.
      rag@...
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @reebus856 Same here. My guess is that it's gradually being rolled out to everyone.

      _ryan
      Ryan Naraine
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @reebus856 No such option for me either. Has it got to do with one's language setting? Mine is set to Dutch
      j.theunisz
  • Firefox Noscript plugin asserts https for ANY site that supports SSL

    Set Options->Advanced "Force the following sites to use secure (HTTPS) connections: *.facebook.com
    Dietrich T. Schmitz, ~ Your Linux Advocate
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @Dietrich T. Schmitz, Your Linux Advocate

      Is it just me or did that disable chat?
      The one and only, Cylon Centurion
      • https anywhere does disable chat

        @Cylon Centurion 0005
        I've been using https anywhere and it does prevent chat from loading. I guess the chat is not SSL enabled.
        pattas@...
      • RE: Facebook offers HTTPS browsing, but not yet by default

        @Cylon Centurion 0005

        Yup, it disables chat :-(
        sibblezdnet
      • RE: Facebook offers HTTPS browsing, but not yet by default

        Yes, HTTPS has been available for quite a long time. My big beef with Facebook's former/existing HTTPS implementation is that it directs you to a HTTP login screen. Duh. Also, many of the UI links are hard coded to HTTP.

        @Cylon Centurion 0005 Yes, no chat via HTTPS. Although, Facebook chat is available via XMPP with your account as username@chat.facebook.com. I use Xabber on my Android devices and Pidgin on my desktops to chat. I find that more convenient anyway. I can stay on FB chat 24/7 without a browser being stranded there.
        cabdriverjim
      • RE: Facebook offers HTTPS browsing, but not yet by default

        @Cylon Centurion 0005

        excellent! i HATE that freakin' chat. i've wanted a way to turn it off, so this makes me happy.
        tiaza
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @Dietrich T. Schmitz, Your Linux Advocate

      that only partially works, with that enabled in noscript, you can't actually access the account privacy settings :-(

      You get (in Firefox)

      The page isn't redirecting properly

      Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

      * This problem can sometimes be caused by disabling or refusing to accept
      cookies.
      sibblezdnet
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @Dietrich T. Schmitz, Your Linux Advocate
      No such setting on mine.
      jet1959mo@...
  • Add the "s" yourself

    If the Facebook setting is not available for your account yet, you could always switch to secure browsing using the manual method: add the "s" yourself.
    (And then bookmark it so next time you start with the secure connection.)

    On a related note, I'm pleased as punch that many third-party applications don't work when using an HTTPS connection to Facebook. (Stay away from my data, you leeches!)
    R_Connelie@...
    • RE: Facebook offers HTTPS browsing, but not yet by default

      @R_Connelie@...

      problem is after you login, it automatically switches to http:// only so that's not much of a solution.
      sibblezdnet
      • RE: Facebook offers HTTPS browsing, but not yet by default

        @sibblezdnet

        Perhaps I don't log out often enough, because it's never been a problem for me - I'm usually not asked to login, so my https shortcut works as desired. (Does this mean I'm on the site too much...?)

        For those few times I do have to login in, it's easy enough to add that "s" and the rest of my facebook session is secure.
        R_Connelie@...
  • RE: Facebook offers HTTPS browsing, but not yet by default

    Still don't see the option anywhere.
    ncted
  • RE: Facebook offers HTTPS browsing, but not yet by default

    If someone figures out how to use https, please, please explain ? I cannot find the "force web sites" or anything like that. Help !
    pjsvalli@...
    • force https

      @pjsvalli@... That was mentioned for people that have FIREFOX installed, and have the NOSCRIPT add-on installed in it. That's the only place those instructions make any sense.
      janitorman
  • RE: Facebook offers HTTPS browsing, but not yet by default

    https://www.eff.org/https-everywhere

    ( o:
    Jack-Booted EULA