Facebook and Twitter Security Over Public Networks for Firefox and Chrome

ÆtherCzar briefly mentioned this last week, but it bears repeating in further detail.

When you log in to Facebook, Twitter, or other such sites over an unsecured WiFi network, you are broadcasting your identity and login information in a way that anyone else on the network can detect and exploit. The technical difficulty of the interception formerly provided some small margin of security, but no longer. There’s an easy-to-install plug-in that makes stealing your identity and hijacking your Facebook or Twitter account as simple as point-and-click. Here are a couple of articles from Gawker (Now Anyone at Your Café Can Hijack Your Facebook Account) and TechCrunch (Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily) about the exploit.

If you still want to be using Facebook or Twitter over unsecured public networks, there is a solution however. If you are using the Firefox browser, you can fix the security problem with an add-on called Force-TLS. This add-on requires Facebook or other sites you designate to encrypt their communications. You’ll see the “http” in the URL change to “https” to let you know you are secure. Be sure to check “force subdomains” when adding www.facebook.com to the secured list, however, or Facebook will happily start out encrypted but then switch to an unencrypted link as you are clicking away.

I’ve been happy with it. Pages will be slower to load since both sides must encrypt and decrypt, but it’s worth it if you want to use Facebook (or Twitter, or other such sites) in public places on open WiFi connections.