Facebook instigates secure-by-default surfing for users

Facebook has started to make HTTPS the default protocol for all its webpages.

Previously, Facebook users had the option to make HTTPS the default protocol for connecting to the social networking site. Last year, Facebook announced its plans to roll out default HTTPS encryption, following the example of companies such as Twitter. 

"This week, we're starting to roll out HTTPS for all [US] users and will be soon rolling out to the rest of the world," said Facebook platform engineer Shireesh Asthana in a blog post.

HTTPS uses Secure Socket Layer (SSL) protection to bring an added sub-layer of security to webpages accessed using HTTP. The added layer of security is said to help prevent things like man-in-the-middle attacks.

Traditionally, HTTPS was used for logging into websites that require a user's credit card information. However, the protocol has slowly started to be adopted for social networking sites.

Twitter made HTTPS a default for all its webpages last February. Google+ also uses the protocol as a standard.

In 2011, Sophos researcher Graham Cluley wrote a letter to Facebook asking the firm to make HTTPS mandatory.

"We welcome you recently introducing an HTTPS option, but you left it turned off by default. Worse, you only commit to provide a secure connection 'whenever possible'," Cluley wrote in the letter from 2011.

"Facebook should enforce a secure connection all the time, by default. Without this protection, your users are at risk of losing personal information to hackers."