Slate's Farhad Manjoo answers your questions on Wi-Fi security, proxy servers, and Google Chat contact confusion.

Your tech questions answered.
Nov. 23 2010 6:02 PM

Wireless Fraud

Slate's tech-advice column on Wi-Fi security, proxy servers, and Google Chat contact confusion.

Illustration by Charlie Powell.

If you've got a burning tech problem you want solved, please send a note to farhad.manjoo@slate.com, with "I've got a tech question!" as the subject line. (Your question may be edited.) You can also read previous "Dear Farhad"columns.

Dear Farhad,

I often find myself using my computer on public Wi-Fi networks—at hotels, libraries, coffee shops, and so on. What is and what isn't safe to do online while on these networks? Can I log into my e-mail? My credit card account? My bank account? Does it matter if the network has a password or not?

—Wondering What's Safe

Dear Wondering,

You're right to worry about browsing in public. Depending on the configuration of the Wi-Fi network and on the sites you visit, it's quite possible that a lot of your personal data is flying around Starbucks for everyone to see.

Advertisement

We got a very public demonstration of this danger just last month. Eric Butler, a software developer in Seattle, just debuted Firesheep, a Firefox add-on that lets you see who else at your coffee shop is logging in to Twitter, Facebook, Flickr, and other social sites. Firesheep even lets you steal other people's online identities. See that cute girl at the other end of the library? You can log in to her Facebook account and read her messages, then sidle up to her and impress her with your deep insight into her soul.

Butler's program takes advantage of the fact that HTTP, the protocol over which Web traffic travels, is public—it doesn't hide or encrypt the traffic between you and the Web servers you visit. Logging in to Facebook, then, is a bit like sending a postcard in the mail. While you're hoping that the mail carrier doesn't read your scribblings, you'd also be foolish to write down your Social Security number.

Fortunately, there's a simple fix to the problem Firesheep highlights. Web sites that store personal information simply need to upgrade their login process using a security system known as SSL. Once a Web site adopts SSL, all communications between you and the site are encrypted. You can think of SSL as a sealed envelope for your postcard.

So, which sites are safe? By default, most banks and other financial sites use SSL, so you shouldn't worry about checking those sites on an unencrypted Wi-Fi network. In January, Google added default SSL access to Gmail, so your webmail session should be safe, too. Butler says he created Firesheep to prod other sites into adopting SSL, and since his demonstration several have adopted better security. Hotmail, for instance, recently announced support for SSL, but the feature isn't on by default—you need to go to your settings page and opt in. But many big sites don't use SSL, with the worst offenders being Facebook and Twitter.

If some Web sites use SSL and others don't, how can you know if you're safe? All major browsers include some kind of icon near the address bar that tells you if a particular site is secure. In Internet Explorer, Chrome, Safari, and Opera you'll see a picture of a padlock next to the URL on a secure site; in Firefox, the lock icon is in the bottom right corner. If you click on the lock, you'll get more information about the security of the site you're visiting.

If you don't see the lock, you could try changing the URL of the site you're visiting. If a site supports SSL but doesn't use it by default, adding an S to the end of the HTTP in the address bar will get you the secure version of that site. If you type https://www.google.com instead of http:// www.google.com, for instance, you'll get a secure version of the search engine. (You can get a Firefox add-on called HTTPS Everywhere that does this automatically at a wide range of sites.)

Finally, the particulars of your Wi-Fi network will also affect your security. If you have to type in a password to get on the network, that could mean that the network itself is encrypting all your Web traffic; this would make your traffic safe from snoopers even if a specific site doesn't use SSL. But I wouldn't rely on this, because a Wi-Fi network's security depends on where it asked you for a password. If you had to enter the password into your operating system, then it's probably secure. If you got on the network first, then typed a password on a Web page, it's not secure. Unfortunately, most public hotspots—at Starbucks, on airplanes, in hotels, and other places—use this second, insecure methodology.

TODAY IN SLATE

Politics

Meet the New Bosses

How the Republicans would run the Senate.

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Cheez-Its. Ritz. Triscuits.

Why all cracker names sound alike.

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

The Afghan Town With a Legitimately Good Tourism Pitch

A Futurama Writer on How the Vietnam War Shaped the Series

  News & Politics
Photography
Sept. 21 2014 11:34 PM People’s Climate March in Photos Hundreds of thousands of marchers took to the streets of NYC in the largest climate rally in history.
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 22 2014 8:07 AM Why Haven’t the Philadelphia Eagles Ever Won a Super Bowl?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Science
Sept. 22 2014 8:08 AM Slate Voice: “Why Is So Much Honey Clover Honey?” Mike Vuolo shares the story of your honey.
  Arts
Television
Sept. 21 2014 9:00 PM Attractive People Being Funny While Doing Amusing and Sometimes Romantic Things Don’t dismiss it. Friends was a truly great show.
  Technology
Future Tense
Sept. 22 2014 7:47 AM Predicting the Future for the U.S. Government The strange but satisfying work of creating the National Intelligence Council’s Global Trends report.
  Health & Science
Bad Astronomy
Sept. 22 2014 5:30 AM MAVEN Arrives at Mars
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.