If you log on to Facebook today, you will now automatically be directed to the secured https website version of the website. In a blog post by Scott Renfro, a software engineer who works in Facebook London’s growing Security Infrastructure team, the process is described as follows:
This feature, which we first introduced as an option two years ago, means that your browser is told to communicate with Facebook using a secure connection, as indicated by the “https” rather than “http” in https://www.facebook.com. This uses Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), and makes the communication between your browser and Facebook servers more secure.
“Turning on https by default is a dream come true”
Turning on https by default is a dream come true, and something Facebook’s Traffic, Network, Security Infrastructure, and Security teams have worked on for years. We’re really happy with how much of Facebook’s traffic is now encrypted and are even more excited about the future changes we’re preparing to launch.
Scott also describes the challenges Facebook faced switching to a secured site such as performance impacts and ineligible devices. Definitely worth a read if you are interested in security.