Slate's Farhad Manjoo answers your questions on Wi-Fi security, proxy servers, and Google Chat contact confusion.

Your tech questions answered.
Nov. 23 2010 6:02 PM

Wireless Fraud

Slate's tech-advice column on Wi-Fi security, proxy servers, and Google Chat contact confusion.

Illustration by Charlie Powell.

If you've got a burning tech problem you want solved, please send a note to farhad.manjoo@slate.com, with "I've got a tech question!" as the subject line. (Your question may be edited.) You can also read previous "Dear Farhad"columns.

Dear Farhad,

I often find myself using my computer on public Wi-Fi networks—at hotels, libraries, coffee shops, and so on. What is and what isn't safe to do online while on these networks? Can I log into my e-mail? My credit card account? My bank account? Does it matter if the network has a password or not?

—Wondering What's Safe

Dear Wondering,

You're right to worry about browsing in public. Depending on the configuration of the Wi-Fi network and on the sites you visit, it's quite possible that a lot of your personal data is flying around Starbucks for everyone to see.

Advertisement

We got a very public demonstration of this danger just last month. Eric Butler, a software developer in Seattle, just debuted Firesheep, a Firefox add-on that lets you see who else at your coffee shop is logging in to Twitter, Facebook, Flickr, and other social sites. Firesheep even lets you steal other people's online identities. See that cute girl at the other end of the library? You can log in to her Facebook account and read her messages, then sidle up to her and impress her with your deep insight into her soul.

Butler's program takes advantage of the fact that HTTP, the protocol over which Web traffic travels, is public—it doesn't hide or encrypt the traffic between you and the Web servers you visit. Logging in to Facebook, then, is a bit like sending a postcard in the mail. While you're hoping that the mail carrier doesn't read your scribblings, you'd also be foolish to write down your Social Security number.

Fortunately, there's a simple fix to the problem Firesheep highlights. Web sites that store personal information simply need to upgrade their login process using a security system known as SSL. Once a Web site adopts SSL, all communications between you and the site are encrypted. You can think of SSL as a sealed envelope for your postcard.

So, which sites are safe? By default, most banks and other financial sites use SSL, so you shouldn't worry about checking those sites on an unencrypted Wi-Fi network. In January, Google added default SSL access to Gmail, so your webmail session should be safe, too. Butler says he created Firesheep to prod other sites into adopting SSL, and since his demonstration several have adopted better security. Hotmail, for instance, recently announced support for SSL, but the feature isn't on by default—you need to go to your settings page and opt in. But many big sites don't use SSL, with the worst offenders being Facebook and Twitter.

If some Web sites use SSL and others don't, how can you know if you're safe? All major browsers include some kind of icon near the address bar that tells you if a particular site is secure. In Internet Explorer, Chrome, Safari, and Opera you'll see a picture of a padlock next to the URL on a secure site; in Firefox, the lock icon is in the bottom right corner. If you click on the lock, you'll get more information about the security of the site you're visiting.

If you don't see the lock, you could try changing the URL of the site you're visiting. If a site supports SSL but doesn't use it by default, adding an S to the end of the HTTP in the address bar will get you the secure version of that site. If you type https://www.google.com instead of http:// www.google.com, for instance, you'll get a secure version of the search engine. (You can get a Firefox add-on called HTTPS Everywhere that does this automatically at a wide range of sites.)

Finally, the particulars of your Wi-Fi network will also affect your security. If you have to type in a password to get on the network, that could mean that the network itself is encrypting all your Web traffic; this would make your traffic safe from snoopers even if a specific site doesn't use SSL. But I wouldn't rely on this, because a Wi-Fi network's security depends on where it asked you for a password. If you had to enter the password into your operating system, then it's probably secure. If you got on the network first, then typed a password on a Web page, it's not secure. Unfortunately, most public hotspots—at Starbucks, on airplanes, in hotels, and other places—use this second, insecure methodology.

TODAY IN SLATE

Politics

Smash and Grab

Will competitive Senate contests in Kansas and South Dakota lead to more late-breaking races in future elections?

I Am 25. I Don’t Work at Facebook. My Doctors Want Me to Freeze My Eggs.

The XX Factor
Oct. 20 2014 6:17 PM I Am 25. I Don’t Work at Facebook. My Doctors Want Me to Freeze My Eggs.

Republicans Want the Government to Listen to the American Public on Ebola. That’s a Horrible Idea.

The Most Ingenious Teaching Device Ever Invented

Tom Hanks Has a Short Story in the New Yorker. It’s Not Good.

Brow Beat

Marvel’s Civil War Is a Far-Right Paranoid Fantasy

It’s also a mess. Can the movies do better?

Watching Netflix in Bed. Hanging Bananas. Is There Anything These Hooks Can’t Solve?

The Procedural Rule That Could Prevent Gay Marriage From Reaching SCOTUS Again

  News & Politics
Politics
Oct. 20 2014 8:14 PM You Should Be Optimistic About Ebola Don’t panic. Here are all the signs that the U.S. is containing the disease.
  Business
Moneybox
Oct. 20 2014 7:23 PM Chipotle’s Magical Burrito Empire Keeps Growing, Might Be Slowing
  Life
Outward
Oct. 20 2014 3:16 PM The Catholic Church Is Changing, and Celibate Gays Are Leading the Way
  Double X
The XX Factor
Oct. 20 2014 6:17 PM I Am 25. I Don't Work at Facebook. My Doctors Want Me to Freeze My Eggs.
  Slate Plus
Tv Club
Oct. 20 2014 7:15 AM The Slate Doctor Who Podcast: Episode 9 A spoiler-filled discussion of "Flatline."
  Arts
Brow Beat
Oct. 20 2014 9:13 PM The Smart, Talented, and Utterly Hilarious Leslie Jones Is SNL’s Newest Cast Member
  Technology
Future Tense
Oct. 20 2014 4:59 PM Canadian Town Cancels Outdoor Halloween Because Polar Bears
  Health & Science
Medical Examiner
Oct. 20 2014 11:46 AM Is Anybody Watching My Do-Gooding? The difference between being a hero and being an altruist.
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.