Shout me your secrets…

I have a working thesis that, as rough approximation, History began on the 17th century. But for us, Computer Scientists, we can advance that date to the 1970’s. I wonder how many technical decisions made during that magical decade affect our daily lifes even today. End of epoch cataclysms, network-layer homelessness, the subtleties of having several simultaneous private conversations with the parties shouting each other accross the room. You name it.

That last one is rather subtle indeed, and few people seem to realize that, while using most of today’s networks you are basically thrusting your juicy little secrets across the whole segment, making the delight of all Eves and Trudies in the area. The effect is, of course, compounded if the network is wireless, because the concept of “area” becomes much fuzzier: you are fearing not the very physical Trudy plugging her promiscuous network card on the neighboring wall-mounted RJ-45 port, but the aethereal Eve, who, three miles away, with the power of her Cantenna, can pry into your packets from the cloistered shadows of her room.

It seems that consumers are finally waking up for that troubling reality, and the proposed solution is end-to-end, application layer encryption. Always. The 2010’s motto: ‘TLS everywhere’.

In this sense, Google Mail has been a pioneer, first letting its users to use HTTPS for the entire session (and not just for the authentication, as services usually do), and a year and a half later setting it as default. Some other popular services, like Facebook, are already following this model. NYTimes predicts it will inevitably become standard.

Other than that, common sense still applies: no secrets exchanged through unencrypted channels, no commercial transaction on public hotspots, WPA protection on home/work wifi (any Trudy worth her name can get her way into  WEP protection more easily than her way out the proverbial wet bag), and long complex passwords changed every few weeks. So when finally Eve and her number-churning devices get ahold of one — too late ! — it is no longer valid.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s