duncanmac

Ever since the hijacking of login sessions over WiFi was made really easy last year, I have been wary of using WiFi in any setting that requires a login (including LiveJournal and Facebook). I was hoping that more websites would switch to full support of Transport Layer Security (TLS, formerly known as SSL) and ensure that people could access their account without risk of external tampering. [If you think that people can afford to upgrade their WiFi hardware (part of their PC) just to ensure that their connection is securely encrypted, think again. That requires lots of money, just what they have right now ... not.]

Some sites have made an effort; in particular, Facebook has gone some way to fixing the problem. That change, along with an extension to the Firefox browser known as “HTTPS Everywhere,” means that I can log in to Facebook and a number of other websites securely.

But not LiveJournal. This site will support a secure link for the initial login, but the session in general is not secure.

I will be checking if Dreamwidth has been served a clue about TLS or SSL. Until then, it seems I will be rather less active here. Given the problems that Facebook has in handling lots of text in a post (why??), that is decidedly frustrating.

UPDATE: I checked the site list that "HTTPS Everywhere" supplies. Both Dreamwidth and LiveJournal have the same entry, reflecting the fact that users who aren't logged in are not supported with a secure connection. It seems that Dreamwidth has not fixed the problem ... yet.

What do others think? As always, this inquirer would like to know.