If you’ve got a burning tech problem you want solved, please send a note to firstname.lastname@example.org, with “I’ve got a tech question!” as the subject line. (Your question may be edited.) You can also read previous “Dear Farhad”columns.
I often find myself using my computer on public Wi-Fi networks—at hotels, libraries, coffee shops, and so on. What is and what isn’t safe to do online while on these networks? Can I log into my e-mail? My credit card account? My bank account? Does it matter if the network has a password or not?
—Wondering What’s Safe
You’re right to worry about browsing in public. Depending on the configuration of the Wi-Fi network and on the sites you visit, it’s quite possible that a lot of your personal data is flying around Starbucks for everyone to see.
We got a very public demonstration of this danger just last month. Eric Butler, a software developer in Seattle, just debuted Firesheep, a Firefox add-on that lets you see who else at your coffee shop is logging in to Twitter, Facebook, Flickr, and other social sites. Firesheep even lets you steal other people’s online identities. See that cute girl at the other end of the library? You can log in to her Facebook account and read her messages, then sidle up to her and impress her with your deep insight into her soul.
Butler’s program takes advantage of the fact that HTTP, the protocol over which Web traffic travels, is public—it doesn’t hide or encrypt the traffic between you and the Web servers you visit. Logging in to Facebook, then, is a bit like sending a postcard in the mail. While you’re hoping that the mail carrier doesn’t read your scribblings, you’d also be foolish to write down your Social Security number.
Fortunately, there’s a simple fix to the problem Firesheep highlights. Web sites that store personal information simply need to upgrade their login process using a security system known as SSL. Once a Web site adopts SSL, all communications between you and the site are encrypted. You can think of SSL as a sealed envelope for your postcard.
So, which sites are safe? By default, most banks and other financial sites use SSL, so you shouldn’t worry about checking those sites on an unencrypted Wi-Fi network. In January, Google added default SSL access to Gmail, so your webmail session should be safe, too. Butler says he created Firesheep to prod other sites into adopting SSL, and since his demonstration several have adopted better security. Hotmail, for instance, recently announced support for SSL, but the feature isn’t on by default—you need to go to your settings page and opt in. But many big sites don’t use SSL, with the worst offenders being Facebook and Twitter.
If some Web sites use SSL and others don’t, how can you know if you’re safe? All major browsers include some kind of icon near the address bar that tells you if a particular site is secure. In Internet Explorer, Chrome, Safari, and Opera you’ll see a picture of a padlock next to the URL on a secure site; in Firefox, the lock icon is in the bottom right corner. If you click on the lock, you’ll get more information about the security of the site you’re visiting.
If you don’t see the lock, you could try changing the URL of the site you’re visiting. If a site supports SSL but doesn’t use it by default, adding an S to the end of the HTTP in the address bar will get you the secure version of that site. If you type https://www.google.com instead of http:// www.google.com, for instance, you’ll get a secure version of the search engine. (You can get a Firefox add-on called HTTPS Everywhere that does this automatically at a wide range of sites.)
Finally, the particulars of your Wi-Fi network will also affect your security. If you have to type in a password to get on the network, that could mean that the network itself is encrypting all your Web traffic; this would make your traffic safe from snoopers even if a specific site doesn’t use SSL. But I wouldn’t rely on this, because a Wi-Fi network’s security depends on where it asked you for a password. If you had to enter the password into your operating system, then it’s probably secure. If you got on the network first, then typed a password on a Web page, it’s not secure. Unfortunately, most public hotspots—at Starbucks, on airplanes, in hotels, and other places—use this second, insecure methodology.
So, the upshot: If you’re on a public hotspot and you’re visiting a site that you wouldn’t want others snooping on—your e-mail, social networks, bank accounts, etc.—just look for the lock icon. If you don’t see the lock, flee!
I am an expat living abroad, and lots of American Web sites keep blocking me. Some sites won’t let me make purchases or sign up for subscriptions, and others won’t let me watch Web videos or listen to music. Some of the things I’m blocked from are completely innocuous: I wanted to buy a grocery gift card for my aunt, but they wouldn’t let me. And most recently (and embarrassingly) I got blocked from signing up for an eHarmony membership.
Mind you, I am an American citizen, using an American credit card with an American mailing address. The only thing un-American about me is the fact that I am living abroad.
Why are all these sites blocking me? And what can I do about it?
—Beyond the Sea
I’m sorry you’re being blocked. I assure you, though, that it’s nothing personal, and these sites aren’t questioning your patriotism. Sites tend to restrict their content to certain regions for legal or business reasons. For instance, in its deals with movie and TV studios, Hulu only acquired rights to broadcast its programming to American viewers. eHarmony, meanwhile, has been expanding its international operations; it could be that the company wants to force you to use the local version of its site instead of the American one.
The easiest way for sites to restrict content is to look up your IP address—the unique address that identifies your computer on the network. When a site sees an IP on a foreign network, it knows that computer is outside the United States and blocks it.
The only way to get around this is through a proxy server—a server based in the United States that acts as your emissary. When you set up a proxy server on your machine in Outer Mongolia, for instance, all traffic from your computer gets routed through the proxy first. This tricks American sites into thinking that you’re one of us.
You can find lots of free American proxy servers online. The trouble is that free servers aren’t reliable—they’ll work one day but will be slow or down the next. For $7 or less per month, you can sign up for a more reliable American proxy server at xroxy.com. (Xroxy also offers servers in other countries for Americans who want to access foreign content.) Paying for a proxy server will let you get into most American sites, but it might not work for all of them. For instance, Hulu blocks access by proxy servers, and some Xroxy users say the site doesn’t work for them. Good luck!
On the left-hand side of my Gmail screen, I see a list of people who are immediately available to chat with me. This list is always changing. So, how are these people chosen? Today three or four people—one of whom I’ve exchanged only three or four e-mails with ever, the rest of whom I haven’t e-mailed at all in the past few days—showed up all at once. Do you have any idea why Gmail wants me to chat with them?
—Chatting With Strangers
I, too, have often been puzzled by Gmail’s chat contact list. At the moment, there are several people in my list whom I haven’t spoken to in years, and others who seem like total strangers. So I asked a Google rep why Gmail promotes certain chatters over others. The answer: It’s complicated.
Gmail populates your chat list by determining “popular” people within your e-mail circle. Popularity, Google says, is determined in two ways. People you’ve e-mailed or chatted with often are considered popular even if you haven’t corresponded with them in a while. People you’ve e-mailed or chatted with recently are also popular. Your Google Chat contacts, then, are somewhere on the spectrum between long-lost friends and newly acquired acquaintances.
The specific order of the list is determined by each chatter’s status. Gmail puts “active” chatters at the top of the list; these are people who are currently using Gmail and are available to chat. (You’ll see a green dot next to their names.) Below the active chatters, you’ll see the people who are logged in but who’ve turned on their Do Not Disturb status. Next are the idle chatters—people who are logged in to Gmail but who aren’t actively using it—and then, finally, you’ll see the people who are offline. Within each category, names are sorted alphabetically.
All that sounds reasonable—but why are there people on the list who aren’t frequent or recent correspondents? I can’t say; what I can tell you is that others have found the list a bit glitchy, too.
But a Google rep points out that you can choose to highlight or block certain contacts. Just click on their names in the chat list and choose either “Always show” or “Never show.” And, by the way, if you choose “Never show,” they’ll never know.