Twitter adds SSL security

Twitter adds SSL security

Summary: Worried about people grabbing your Twitter password out of the air? You should be. Twitter is finally addressing the problem.

SHARE:

I was sitting in a local coffee shop recently and, since I was bored, I kicked on a Windows instance in VirtualBox on my Mint Linux-powered laptop so I could run Firesheep. Firesheep was, and is, a hacking program meant to frighten people into being serious about their Wi-Fi security. It didn't work. Most people, and Web sites, still don't secure even their logins. So, sure enough, out of twenty-one active Wi-Fi connections, I could look over the shoulder of twenty of them. This is just sad.

Still, some interactive Web sites are finally adding basic security. The Google sites support Transport Layer Security (TLS) and its ancestor Secure Sockets Layer (SSL) for protection, Facebook added encypted security early this year, and now Twitter is joining the list of sites that use SSL to secure its users' connections.

It's about time!

Now that I have that out of my system, here's how it works. Twitter is turning HTTPS, the Web's fundamental data transfer protocol with SSL enabled on by default with some accounts. To see, if you account is one of the lucky ones, go to your Twitter Accounts Preferences.

Once there, go down the display to the Always use HTTPS box and click it on. If you haven't logged in, you'll need to login for this choice to take.

From here on out, whenever you connect with Twitter, your connection will be listed as:

https//twitter.com

instead of

http://twitter.com

Depending on your browser, you may also see a change in color on part of your address bar. With Chrome 13 and Firefox 6, for example, the first part of the URL will be colored green.

On the "official" Twitter iPhone and iPad applications, your communications are always encrypted via HTTPS, regardless of whether you have checked Always use HTTPS on or off. If you visit mobile.twitter.com from your browser, though your communications will be encrypted only if you specifically log in via https://mobile.twitter.com/.

Yeah, they know that's kind of dumb too and they're working on getting it right. Last, but not least, if you're using a third-party application, like my own favorite Twitterfall, whether your Twitter connection is encrypted depends entirely on the application.

Twitterfall, alas, doesn't support SSL or TLS. I get around that problem by using my own Virtual Private Network (VPN). For most people, though, what you really want is just a nice, secure SSL or TLS connection, so good job Twitter! Now, how the rest of you Web sites that are all about user interaction stepping up to the place? Come on, don't be shy, adding SSL/TLS isn't that hard these days.

Related Stories:

Are your search engine queries being hijacked?

A VPN to call your own

We're a long, long way from securing the Web with SSL/TLS

Shearing Firesheep

Topics: Security, Browser, Networking, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • RE: Twitter adds SSL security

    Sorry, but the first link is wrong. It appears as [i]https//twitter.com[/i] but it should be [i]https://twitter.com[/i] (i.e., the colon before the double slashes is missing).
    goyta
    • RE: Twitter adds SSL security

      @goyta DUH! did you even read the article?
      SpankyFrost
  • RE: Twitter adds SSL security

    This is not new. Twitter has forced it on me despite my choosing otherwise in the settings, and it's been like so for months. I wanna get rid of https on Twitter, although there are some sites where it's important. And what's the point of providing that option if they have to always enforce it anyway?
    algotechie
  • HTTPS-Everywhere

    The first add-on I always install in Firefox and recommend to everyone is HTTPS-Everywhere. It automatically forces Firefox to use the encrypted version of a page, if there is one.
    cflange
    • Stupid Microsoft still gives http:// by default in hotmail

      You have to manually go out of your way and choose SSL when it should be the default instead. Not using SSL to log into your mail is just plain stupid.
      ScorpioBlue
  • RE: Twitter adds SSL security

    linux source may be available (mac os x isn't) but hardly <a href="http://www.cambalkon.gen.tr" title="cam balkon">cam balkon</a> any one uses it which is why <a href="http://www.stylishcambalkon.com" title="cam balkon">cam balkon</a> it has so little malware. It would be no more <a href="http://www.ilgazhacihasan.com" title="cankiri">cankiri</a> secure than windows if linux were <a href="http://www.cambalkontr.com" title="cam balkon">cam balkon</a> on 90% of desktops and quite conceivably much less secure since bad guys would have the source <a href="http://www.glasslifecambalkon.com" title="cam balkon">cam balkon</a> which would make it easier to find bugs. Also you couldn't have 3 day turn arounds <a href="http://www.anadoludesign.com" title="web tasarim">web tasarim</a> for patches anymore, as 100k PC shops are not going to deploy a patch with so little testing just to <a href="http://www.elitstarcambalkon.com" title="cam balkon">cam balkon</a> see their entire <a href="http://www.efecambalkon.com" title="cam balkon">cam balkon</a> org. go boom. Basically <a href="http://www.bagdatgelinlik.com" title="gelinlik">gelinlik</a> everything that makes linux sexy would evaporate if <a href="http://www.hasaluminyum.com" title="aluminyum">aluminyum</a> everyone used <a href="http://www.hasaluminyum.com" title="profil">profil</a> it.
    cambalkon
  • RE: Twitter adds SSL security

    Good news! If you?re an Android developer <a href="http://www.yilmazetmakinalari.com" title="yilmazlar et">yilmazlar et</a> living in Brazil, Canada, <a href="http://www.yilmazetmakinalari.com" title="kemik kesme">kemik kesme</a> Russia, or 17 other <a href="http://www.yilmazetmakinalari.com" title="kemik testeresi">kemik testeresi</a> countries you can cancel the movers because Google <a href="http://www.yilmazetmakinalari.com" title="kofte makinasi">kofte makinasi</a> will now let you sell Android apps in the <a href="http://www.yilmazetmakinalari.com" title="hamburger makinasi">hamburger makinasi</a> Market. Likewise, you folks <a href="http://www.epoksiuzmani.com" title="epoksi zemin kaplama">epoksi zemin kaplama</a> in India, Singapore, and 16 other <a href="http://www.epoksiuzmani.com" title="epoksi boya">epoksi boya</a> places can stay right where you are <a href="http://www.bagdatdugunsalonu.com" title="dugun mekanlari">dugun mekanlari</a> because in a <a href="http://www.bagdatdugunsalonu.com" title="istanbul dugun salonlari">istanbul dugun salonlari</a> couple of weeks you?ll be able <a href="http://www.bagdatdugunsalonu.com" title="nikah salonlari">nikah salonlari</a> to pay for those apps. That?s right, Google <a href="http://www.bagdatdugunsalonu.com" title="sunnet salonlari">sunnet salonlari</a> announced a large expansion to <a href="http://www.bagdatdugunsalonu.com" title="nisan salonlari">nisan salonlari</a> the Android Market today when it <a href="http://www.bagdatdugunsalonu.com" title="dugun salonlari fiyatlari">dugun salonlari fiyatlari</a> added 20 new countries where developers <a href="http://www.ilgazhacihasan.com" title="koy web sitesi">koy web sitesi</a> of paid apps can live and <a href="http://www.ilgazhacihasan.com" title="ilgaz">ilgaz</a> 18 more places where consumers of those apps can live. However the number <a href="http://www.yilmazetmakinalari.com" title="kusbasi dograma makinasi">kusbasi dograma makinasi</a> still falls far short of the total number of countries <a href="http://www.efecambalkon.com" title="cam balkon fiyatlari">cam balkon fiyatlari</a> in the world. Here?s a copy of the email they sent out to registered developers.
    anadoluweb
  • RE: Twitter adds SSL security

    What the hell are all those links about?<br><a href="http://www.contactscontactscontacts.com">Buy cheap contacts online</a>
    Superschnauzer