You never know when someone on your Wi-Fi network is trying to change your Facebook status, tag Aaron Phillips in your profile picture, play FarmVille, or worse. Fortunately, such profile infiltration is easily avoidable. Bwog updates you on how to keep your digi-self free from malicious tampering.
Columbia’s wireless network is unencrypted, which means nefarious eavesdroppers can monitor how many times a day you visit Bwog or discover your secret love for Rick Astley’s complete works (and mash–ups thereof). It also means that, without too much trouble, they can log into your Facebook. Luckily, Lord Zuckerberg and his minions have recently released a feature allowing you to protect your Facebook data from snoopers.
Facebook does automatically encrypt your password, hooray! But once you’ve logged in, your computer is assigned a temporary unique identifier called a cookie that is used to keep track of you on the site—so that you don’t have to enter your password again every time you click a link—and this cookie is unencrypted by default. Armed with your cookie, creepers can imitate your computer and surf Facebook with your identity.
There’s a simple fix. To enable full encryption: log into Facebook, choose Account–>Account Settings–>Account Security (change). Then check this box:
visual stimulation via Wikimedia Commons
16 Comments
@... when you enter sallie mae hall through the new revolving doors, you can hear the last dying squeals of the pixies who once looked after your dreams prior to their suffocation in a torrent of cement, backlit handrails and other assorted irrelevant bullshit.
@Anonymous man, you tripin’ brotha
@Anonymous this post is creepy
@test testing
@wow this is such old news. i’ve been securely browsing facebook for at least 3 weeks get it together, bwog.
@Jason If you actually had it together yourself, you would have been using HTTPS for far longer than three weeks. There are plug-ins like HTTPS-Everywhere that enabled this before Facebook included the checkbox: http://www.eff.org/https-everywhere .
The first commit on the facebook rule file was June 22, 2010.
https://gitweb.torproject.org/https-everywhere.git/history/HEAD:/src/chrome/content/rules/Facebook.xml
@.... Jason, you are baller.
@my point remains... this is still old news. go be more bitter.
@hair done, nails done oh, you fancy, huh?
@Playing FB Games Sadly for those of us that like to procrastinate during midterms week with Facebook games, many of them require you to switch back from secure https to regular http connection to display the content.
@zx2c4 Yea that’s a shame. If you’re on unprotected wifi, you can always encrypted tunnel through CUNIX ssh. It’ll still be unencrypted when coming out of the server, but someone has to work a lot harder to sniff those wired packets from the server room.
To set up a SOCKS5 proxy:
$ ssh -D 1080 myuni123@cunix.columbia.edu
Then leave the prompt as it is and set up your web browser to SOCKS proxy through port 1080 on localhost.
If you’re stuck on windows, you can do the same thing with PuTTY:
http://the.earth.li/~sgtatham/putty/0.54/htmldoc/Chapter4.html#4.19.2
…notably, this technique also removes the bandwidth quotas…
@Anonymous There is a bandwidth limit? What is it capped at?
@zx2c4 http://www.columbia.edu/cgi-bin/acis/networks/quota/netquota.pl
@woooooooo how did you hack bwog to get your link as your name
@Anonymous isnt this dangerous though… i mean im sure CUIT can tell if you are abusing cunix (avoiding bandwidth quota)
@Anonymous If you’re just using it to play a few facebook games without being snooped, I doubt they’d have a problem.