Whenever I’m asked about security, I always start by informing the person who is asking that, “You are not the NSA.” Security is in fact less of a concern for the average person than the average person thinks. The problem, when I talk to people, isn’t that they’re lackadaisical about security, but that the whole topic seems sufficiently vast and complex that they don’t feel like they’re up to the challenge.
But as I say, you are not in fact the NSA (unless of course you are, in which case… hi!). You don’t need to be Fort Knox online, you just need to follow a few basic procedures to keep the lower-level thugs and hooligans stymied, because the big boys don’t have time for you. But seeing as how we’re in the middle of something of a cyberwar with Anonymous and LulzSec and the rest, its worth the piece of mind to just make sure you are following those rules. First and foremost, people, get yourself a few decent passwords.
But beyond that, many online web services – including all the major social networking services – offer the option to browse their content via HTTPS. HTTPS is a “secure tunneling” system, meaning that all traffic between you and Twitter, for example, is sent encrypted so that the nefarious elements of the Internet cannot snoop your communications or even hijack your connection.
So, a good password means only you can log onto your own accounts. And a secure connection means that nobody can take control of your account after you’ve logged in by piggy-backing on your session. That’s about as much security as most anybody needs online, so lets talk about how to get that HTTPS connection on your Social Networks.
Once you’ve logged onto Twitter, check the settings page, under your username, and you’ll see this page:
Scroll to the bottom and you’ll see the option to “Always use HTTPS,” check the box, hit save (it will ask you for your password again) and you’re done:
From your normal page, at the top right, you can access your “Account Settings” page:
From there, on the main “settings” tab, towards the bottom, you will see the option to use a secure connection. Not also: you can have an email or text message sent to you whenever your account is logged into, in case you are concerned that someone may be accessing your account:
It appears as though, with the newly-minted Google+ system, if you’re using your Gmail on an HTTPS connection, then the same will be true for browsing your Circles. I note, however, that my Google Reader account – which now sports a Google+ centered menu bar – does not use HTTPS. So, this is a potential downfall of the Google+ system that I hope they resolve soon.
But to secure your Gmail account and (mostly) your Google+ account, log into your Gmail account. From the upper-right menu, select “Mail Settings”:
From here, you can select your secure connection from right on the General tab:
These are just a few popular social networking tools you might be using. There are many others and I’m sure if you do a little digging around in your account settings, you will find the same option for secure connection. If there is no such option, I would seriously consider deleting that account and moving on from that service.
I hope you find this helpful, and if so, that you pass it on to other people in your Friends / Followers / Circles and let them know how to stay a little bit safer on the Internet.
2 replies on “Securing Social: Keeping Prying Eyes at Bay”
[…] Computing. Securing Social: Keeping Prying Eyes at Bay […]
[…] attacks are a very serious type of attack – and one which this blog has warned its readers about in the past. Far more worrisome in this case is the fact that the MITM attacks took place on […]