Facebook this week will start turning on secure browsing by default for its millions of users in North America. The modification will establish HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security.
The utilization of HTTPS by default is a important change for Facebook. Among the common methods used to compromise many users is a man-in-the-middle attack, through which attackers intercept traffic between a client and the server for which it’s designated.
This attack is made much easier when that traffic is unencrypted and attackers do not need to do anything fancy in order to get to intercept traffic.