Facebook will begin turning on secure browsing for its millions of users in North America, which will make HTTPS the default connection option for all sessions and will give users a baseline level of security and help prevent some common attacks.
While at first thought, this may seem more consumer-oriented than manufacturing automation-focused, but with more manufacturers using social media as an e-commerce tool and an arrow in their marketing quiver, this could add one more layer of defense.
Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not the default protection and users had to manually make the change in order to get the better protection of HTTPS. When users have to take that extra step, they often just go with the default settings.
Now, users will have to manually turn HTTPS off if they don’t want it, a distinction that is a major change, especially for Facebook’s massive user base, which has become a major target for attackers.
Facebook is under constant attack by hackers. One of the common techniques used to compromise users is a man-in-the-middle attack, through which attackers intercept traffic between a client and the server it should be going to. This type of attack is much easier when that traffic remains unencrypted and attackers really don’t need to do much in order to get it.
HTTPS encrypts the connection between the user’s machine and the server on the other end, obscuring it from attackers, even if they are able to sniff the traffic on the wire or on a wireless connection. The technology is by no means “the silver bullet” for Web-based attacks, but it can slow down or cut out some basic types of attacks.
Using HTTPS also won’t protect you if there is malware on your machine that’s capable of logging keystrokes. But it is an important change for Facebook, something that has become not just a social network but also an e-commerce platform.