Twitter has enabled secure hypertext transfer protocol (HTTPS) for all its users by default. This means that traffic on the micro-blogging site is now encrypted. HTTPS provides better protection against man-in-the-middle attacks. The move was welcomed by security firm Sophos, which said using unsecured Wi-Fi hotspots to access Twitter without HTTPS could allow a hacker to “sniff your session cookie” Facebook still has HTTPS disabled by default, despite giving users the option to enable it a year ago.”]
Source: https://www.csoonline.com/article/2131018/twitter-enables-https-by-default.html