"It was on Christmas Day that Facebook's Chief Security Officer Joe Sullivan first noticed strange things going on in Tunisia," Alexis Madrigal wrote earlier this week in his account of how Facebook's team responded when Tunisia's Internet service providers started running a malicious code that recorded users' login information when they visited the social networking site. Sullivan and his team quickly put in place a system that routed all Tunisian requests for Facebook through an https server. "Https protocol encrypts the information you send across it, so it's not susceptible to the keylogging strategy employed by the Tunisian ISPs," Madrigal explained.
It's a protocol already employed by a number of larger sites and one that Facebook has now decided to begin rolling out to all of its users, both inside and outside of Tunisia and other less-than-stable countries, as part of a series of features designed to make your profile more secure.
"If you've ever done your shopping or banking online, you may have noticed a small 'lock' icon appear in your address bar, or that the address bar has turned green," wrote Facebook's Alex Rice in an official blog post. "This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private. Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep you data even more secure."
To enable https for your profile, login and visit the 'Account Settings' page. There, you will have the option to check a box for 'Secure Browsing.' If this option isn't available on your page yet, sit tight; Facebook is rolling it out over the next few days to all 500 million-plus users.
A couple of things to note: Encrypted pages take a little longer to load, so if you decide to enable https, you might experience a bit of lag time when you visit Facebook. Furthermore, the site is unable to encrypt some of the features offered by third-party applications; even when using https, products designed by outside developers may put your data at risk.