Firesheep, a Firefox add-on released on Sunday is attempting to create awareness about current internet privacy issues by allowing the average internet user to abuse insecure networks. According to TechCrunch, Firesheep allows users to use any open Wi-Fi network to capture other users cookies to masquerade as the user when they access unsecured sites. Social networking has become the obvious target, with Facebook and Twitter being the top two. Among others are the popular Gowalla and Foursquare, Amazon.com, bit.ly, CNET, Evernote, Flickr, Github, Google, Windows Live, NY Times, tumblr, WordPress, and Yahoo.
Creator Eric Butler argues he created the plug-in as a way to promote awareness, according to his blog:
Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.
Unusually, the coverage and uproar about this development has been remarkably understated. The argument has been limited to those who already understand security controls, or the lack thereof, and are therefore unaffected. Social media coverage has been demur, though it has been rumored that Facebook blocked any links referencing Firesheep.
The lack of public interest, even fear about this add-on seems to establish we are either so desensitized that people are unenthusiastic, or that we’ve reached a point that we accept the current lack of privacy on the sites we visit. Neither are production options. Thanks to open accessibility to the code, anyone can modify the extension for other, possibly more sensitive sites such as student accounts or other email accounts. It’s not any more effective for people to be petrified to ever open up a laptop at a Starbucks again, but we still need to be cognizant of the dangers when we do. Awareness is not about having to boycott social media or completely ignore the privacy issues, it’s about what you perceive to be the value of your information. A comment in response to Eric Butler regarding Firesheep put it simply:
Whether you should lock something and how secure you make it isn’t a binary decision – it depends on the value of the thing you’re protecting and the likelihood of an attack.
For those who want to safeguard their information on unsecured networks for the time being, try the Force TLS 2.0 add-on for Firefox to prevent from unknowingly (or knowingly) stumbling upon unsecured sites, and adding additional security protocols on those unsecured sites.