Recently, the easy-to-use browser plug-in “Firesheep” reminded us how vulnerable our information is on open WiFi networks.
Firesheep provides a simple way for wannabe hackers to access your online accounts. Say you’re at a café that offers WiFi (an “open” network), and you decide to hop on Facebook. Once you’ve logged in, Facebook assigns you a cookie, which Firesheep allows others on the network to intercept. From that point forward, the kid sitting across from you sipping a grande raspberry frappuccino with whipped cream could have free reign to update your status whenever he likes. This applies to Twitter, Flickr, and other popular sites too.
[This is a guest post by Mark Stanley, New Media Manager for the Center for Democracy & Technology.]
Now that hundreds of thousands of average joes — most of whom have probably only risen to this level of hacking — have downloaded Firesheep, the three Starbucks down the street have become riskier venues.
Is the safest best to tell your kids simply to avoid open WiFi networks altogether? To avoid cafés … avoid coffee? Not necessarily (although the last one might not be a bad idea). If you or your kids are going to access open WiFi networks, just be sure to look for the “S.”
When “HTTPS” is at the beginning of a URL, it indicates your sessions on that website are encrypted, and therefore more secure. If there is only “HTTP,” it means your sessions are not encrypted. It should be noted that for sites in which personal accounts and log-ins are not required, “HTTP” is perfectly fine.
While many sites do not use SSL (Secure Sockets Layer, the protocol used to secure online traffic and form “HTTPS”) by default, a Facebook spokesperson recently said they “hope to provide [SSL] as an option in the coming months.”
Gmail has switched to “HTTPS,” and CDT has advocated other websites follow its lead. Until they do, you can try out plug-ins such as HTTPS Everywhere, which “encrypts your communications with a number of major websites,” or BlackSheep, created as an “alarm” that tells you when Firesheep has intercepted a cookie.
“HTTPS” isn’t necessarily a miracle solution. Encrypted connections can still be thwarted, but it is much more difficult. So, if you want to give your kids simple advice about using open WiFi networks, just remember the “S.”
Look for future blog posts from CDT here on GeekDad, where we’ll review and rate privacy and other useful browser plug-ins. For more on online privacy, visit CDT’s Take Back Your Privacy page.