A year and a half ago, I wrote a blog, Nice Try Facebook. This was my response to Facebook’s turning on of HTTPS for users. Probably a response to mitigate the new Firesheep attack. (BTW, happy second birthday Firesheep; more than 2.4 million downloads in two years.)
My issue with Facebook was the HTTPS feature was off by default. Users needed to “opt-in” and take several steps to turn it on. It also was provided on a best-efforts basis and there were some applications that were not supported.
The good news is Facebook has just released a blog stating that they are now “Rolling out HTTPS for all Users.” Per the blog, the feature will be available this week for North American users and then rolling out to the rest of the world.
If you can’t wait, you can turn on HTTPS by going into Facebook’s Account Settings, then Security, and enable Secure Browsing.