Tumblr users – turn on SSL now!

Graham Cluley

Tumblr SSLThere’s some good news for privacy-conscious Tumblr users.

You can now enable SSL security to encrypt your connection as you upload countless animated GIFs of a NSFW pornographic nature (and whatever else makes up the remaining 1% of Tumblr).

The bad news is that Tumblr says it isn’t yet enabling SSL by default, so it’s currently up to users to turn the feature on.

You can enable the feature by heading over to your Account Settings on your Tumblr dashboard and choosing the option.

In its usual carefree way, Tumblr is encouraging its users to enable the option:

“Any reason I shouldn’t do this?” Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.

What might have been more helpful is if Tumblr had properly explained the benefit of doing this.

Without SSL/HTTPS, everything your browser sends and receives from Tumblr is sent as unencrypted text – and could be grabbed in transit (known as “sniffing”) by malicious hackers and snoopers when you check your webmail via WiFi in the coffee shop.

Yes, the thought of sniffing Tumblr turns my stomach as well…

Readers with good memories will recall that in the middle of last year, Tumblr advised users to change their passwords after it was discovered that its iPhone and iPad apps were not properly securing users’ passwords as they logged in.

As a result, hackers could potentially have stolen users’ Tumblr passwords in transit. Not only would that have given online criminals the ability to access your Tumblr account, but also – if you were foolish enough to use the same password in multiple places – unlocked other online accounts at the same time.

Tumblr was acquired by medium-sized search engine Yahoo last year – a company which has had its own odd relationship with SSL, only finally adopting the standard by default last month.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES