According to a recent blog post, Facebook is in the process of moving all of its users in North America — and soon the rest of the world — to a type of Internet connection that is more secure but also tends to slow down Web browsing a bit.
Called HTTPS, as opposed to less-secure HTTP, it’s the connection you see on online retail sites when you’re about to enter credit card information or a password. Sometimes a little lock icon appears in the browser window when you’re connected to a site with HTTPS. (The “s,” by the way, stands for “secure.”)
“As the Web evolves, expectations around security change,” Facebook’s Alex Rice wrote last year when he announced that HTTPS would become an option on Facebook. “For example, HTTPS — once a technology used primarily on banking and e-commerce sites — is now becoming the norm for any Web app that stores user information.”
The new change is that Facebook is starting make HTTPS the default setting for all its 1 billion-plus users, so people who haven’t selected that option soon will get added security — and, potentially, slower browsing.
“People will be able to opt-out of HTTPS for maximum speed if that’s how they roll,” according to the blog TechCrunch.
“It is far from a simple task to build out this capability for the more than a billion people that use the site and retain the stability and speed we expect,” Facebook’s Frederic Wolens told that tech news site, “but we are making progress daily towards this end.
“This may slow down connections only slightly, but we have deployed significant performance enhancements to our load balancing infrastructure to mitigate most of the impact of moving to HTTPS, and will be continuing this work as we deploy this feature.”
How will you know whether you’re using HTTPS or HTTP? Look at the top of your browser window, where you enter Internet addresses. If you go to Facebook and see https://facebook.com in that box, then you’re browsing on the more-secure connection, which scrambles data as it sends it back and forth to Facebook’s servers, making it more difficult for someone in the middle to nab your passwords or other sensitive data.
“Think of it like this: you’re having a private conversation with your new boyfriend or girlfriend, and your ex — unbeknownst to you — is a few tables over listening to every word,” the blog Lifehacker writes in a post titled “WTF is HTTPS.” “That’s the sort of risk HTTP poses, whereas HTTPS would be more like if you and your new romantic interest were speaking a new language that only the two of you understood. To your stalker of an ex, this information would sound like gibberish and s/he wouldn’t get any value from listening if s/he tried.
“HTTPS is a way for you to exchange information with a web site securely so you don’t have to worry about anyone trying to listen in.”
Other online services, including Gmail, already use HTTPS by default.