Someone in DC cares about online security
I’ve been hammering popular online services like Facebook and Twitter for months for utterly weak efforts to protect consumers so I was pleased to hear that Senator Chuck Schumer has joined the fight. Some of the worst online services in my online security report card were served letters by Senator Schumer asking them to turn SSL security on by default. While these letters don’t carry any weight of law, companies tend to modify their behavior “voluntarily” when they get notice from a U.S. Senator, especially when the cost of the remedy is barely measurable.
Sites like Facebook finally added a secure SSL mode earlier this month, but the feature is off by default until a user manually turns it on which is unlikely for most people. It really wouldn’t cost Facebook anything to just turn SSL on by default for everyone because the performance penalty of SSL is barely measurable on modern hardware.