Twitter Turns On 'Always Use HTTPS' Encryption
Twitter has listened to its users, competitors and at least one critical hacker and now offers an option for an encrypted https connection to its homepage.
Using HTTPS for your favorite Internet services is particularly important when using them over unsecured WiFi connections, chirped the microblogging service's Carolyn Penner on the company's official blog yesterday (March 15).
Penner is right. Naughty PC users sitting near you in a café or airport can easily sidejack your unencrypted social-networking sessions, as a prankish researcher proved last fall when he released the sidejacking Firefox add-on Firesheep to an unprepared world.
Facebook in January enabled an always-encrypted option in its user settings, but Twitter, despite its simpler interface, was taking its sweet time.
It did let users access its home page via https://twitter.com instead of the regular http protocol prefix, but such a manual workaround gets tiresome quickly.
Impatience among Twitter users was perhaps best expressed two weeks ago when someone sidejacked actor Ashton Kutcherâ??s feed while the Hollywood and Twitter star was attending the TED Conference in Long Beach, Calif.
Ashton, you've been Punk'd, the miscreant tweeted on Kutcher's AplusK feed. This account is not secure. Dude, where's my SSL?
In networking parlance, SSL secure sockets layer is combined with the Web-standard hypertext transfer protocol (HTTP) to form the hypertext transfer protocol secure, or HTTPS.
Now every Twitter user can go to his or her settings page and check off Always use HTTPS to ensure automatic encryption when accessing the Twitter website.
It also works for users of the official Twitter iPhone and iPad apps.
However, that doesn't affect those Twitter users who access the service via any of dozens of third-party smartphone apps and browser add-ons, each of which has its own encryption policies.
Penner recommends that those users instead browse straight to the encrypted front pages: https://twitter.com and https://mobile.twitter.com.
- Ashton Kutcher's Twitter Account Gets Punk'd
- Was Kim Kardashian's Twitter Feed Really Hacked?
- Security and Privacy Software Reviews