From quite some time tech guys of Facebook are busy in building a secure infrastructure for its users by turning on the safe HTTPS browsing for all of the facebook uses as a default. Facebook enables the optional HTTPS connection a while back that was to protect information that was going to some less secured networks e.g. internet café, terminals of airports etc. Details of logins are always been sent over from HTTPS, but before giving the option, anybody can smell the traffic that is being sent of the network, once the login session was established.
Facebook has seen many users preferring secure browsing, but that number was very low. From the April of 2011, to the end of 2012, only 35 & users opted to go for secured option, when facebook starting to move to https by default. These low opted rates are somewhat good news for the company. Although, to make it default for all the users worldwide, facebook needs to make some crucial changes on the back end as well as the developer policies. Facebook first suspected that HTTPS rolling out will slow down the sessions, and due to this the third party apps can break. But the above issue was solved in two was. Firstly, the investment of facebook on physically transferring its infrastructure that makes it more near to the user and secondly by a cut down version of how the company sets up safe connections between its servers and users computer’s.
Scott Renfro, who is a facebook infrastructure team software engineer based in London wrote on his blog that suppose you are sitting in Jakarta, from where a round trip takes about 300ms, a proper handshake can add 600ms. When it is mixed with slow connection, the additional latency created on each request can be very irritating. Thankfully, now we are able to shun this additional latency mostly by upgrading the infrastructure and using some abbreviated handshakes.
TLS Handshakes are the ones sometimes referred as abbreviated handshakes. A simple explanation is that once a full handshake is created, common secure unique session would be setup and then verified , which then does not requires a full handshake to be established on next sessions. The cut down on the number of roundtrips will make sure that all sessions are now secure.
Facebook working on safety and security is not completed yet and the work is on. One more news that came from facebook office was that more and more of public content will be made accessible on other websites. It will be done by introducing a new embedded posts feature, that is going to allow other websites to take make public content of facebook taken and then post it on their own website. It is very much alike the twitter’s feature that many websites are already using to embed tweets directly in their articles. Facebook is in talks with CNN, Bleacher report, Mashables, Huffington post etc for now, but it is going to be for all in some time soon.