Saturday, April 09, 2011

Your tax dollars at work-at least through Thursday

Just came across this nice little consumer alert from your friends and mine at the Federal Trade Commission trying to scare the bejeezus out of you when it comes to open Wi-Fi. Well, no it doesn't-in actuality it's well thought out and informative, for the most part. Unfortunately, it still shows a few symptoms of Clark Howard Disease-sorry, ath64-as evidenced by this pair of half-truths:

"An encrypted website protects
only the information you send to and from that site. A secure wireless network encrypts all of the information you send while online."

Half-Truth No. 1 ignores the reason that the Secure Sockets Layer protocol was developed in the first place-and why it was adopted years before anything like Wi-Fi was even contemplated. Of course it's true that it encrypts only traffic between you and the remote host to which you're connected-what other traffic is there to protect? What the FTC neglects to stress is the fact that the encryption is end-to-end, protecting you not only between the client device and the router, but beyond.

And that brings Half-Truth No. 2 into play. As ath64 has stressed in responding to each of Clark Howard's missteps, connecting to a secured router provides protection ONLY BETWEEN YOU AND THE ROUTER. UNLESS THERE IS THIRD-PARTY ENCRYPTION BEYOND THAT, YOUR TRAFFIC IS STILL SUBJECT TO INTERCEPTION BETWEEN THE ROUTER AND THE REMOTE HOST. So saying that "a secure wireless network encrypts all of the information you send while online" is misleading, because it only provides such protection for that data on its first hop-from your device to the router.

Those criticisms aside, the FTC deserves praise for recommending Wi-Fi users make sure they only log into fully encrypted websites and extolling the virtures of virtual private networks, both of which serve to obviate the need for hassling with access-point encryption away from home. Maybe it's not such a bad thing that it will now be open for business as usual on Monday.

No comments: