Facebook now implements secure browsing by default

Users of Facebook may benefit from a new security feature implemented by the social networking giant: secure browsing by default.

In a blog post, Facebook said it now uses https by default for all Facebook users—a feature that was only optional two years ago.

“Now that https is on by default, virtually all traffic to www.facebook.com and 80 percent of traffic to m.facebook.com uses a secure connection. Our native apps for Android and iOS have long used https as well,” it said.

It noted more than a third of users had enabled the feature following its introduction.

"We've focused on making it faster throughout the world and improving its compatibility with platform applications," it added.

Facebook said it has in effect instructed the browser to only send cookies on https requests, "so the cookies won't be visible on the network if you happen to visit an insecure link to Facebook."

Also, Facebook added a new cookie named "csm" that is sent on all requests—when the server sees a csm cookie but no authentication cookies, it redirects to https.

Facebook is also working with mobile phone makers and mobile carrier gateways that presently do not yet fully support https.

"We've seen issues only with some feature phones; desktop browsers and smartphones all seem to work fine," Facebook said. — VC, GMA News