Back in March, after at least one high profile security incident, Twitter created an option to turn on HTTPS at all times. But you could only enable the more secure way of viewing twitter.com by manually selecting it in your profile (or typing “https://” each time you went to Twitter). Starting today, the service is beginning to enable HTTPS by default.
At first, this will only be enabled for a small group of users, Twitter says. Over time, they’ll roll it out to more. It’s a welcome change that other services like Gmail have added over the years. Google has even experimented with it for google.com, and Facebook has an option to use it as well after years of avoiding it.
A lot services avoid using it because it does mean a slight performance hit. Others don’t like it because it scrubs referral data. And it can mean that certain third-party data can act funky. But in the age of Firesheep, HTTPS is becoming necessary.
If you’re not in the on-by-default test group and want to learn more about HTTPS, you can do so here. Twitter recommends that everyone turns it on while they slowly roll it out to all.