14 DAY TRIAL // Sen. Chuck Schumer is urging websites like Facebook, Twitter, Yahoo! or Amazon to implement HTTPS by default in order to protect the sensitive information of their users.
Schumer (D-N.Y.) expressed concern that people are exposing themselves to hackers and identity thieves when using public WiFi networks like those provided by coffee shops.
"What many people do not know is ... hackers can use wireless hot spots as a gateway to your most private information," the senator told reporters at Birch Coffee in Manhattan this Sunday, according to NY Daily News.
Two members of his staff even performed a demonstration of how widely available hacking tools can be used to hijack people's online accounts.
This type of man-in-the-middle session sidejacking attacks that rely on sniffing network traffic have been known for over a decade.
They were brought back into the spotlight last year with the launch of Firesheep, a Firefox extension that makes it trivial for even non-technical users to execute them.
Since the most straight forward method of mitigating this threat is for websites to encrypt the connections using SSL, the senator is sending letters to the executives of large Internet companies to ask for default HTTPS support.
"The bottom line is, if we let this proliferate, everyone is going to pay the price. It could become the leading cause of identity theft," Schumer concluded.
At the moment, HTTPS support is either lacking or limited for many services. In other cases, where a good implementation exists, it is not enabled by default.
Google is currently the biggest HTTPS adopter. It offers default implementations for many of its Google Apps services, such as Gmail, Docs or Calendar, but others as well, like Picasa Web Albums.
Hotmail also has HTTPS support, but it is offered as an option. Facebook outlined plans for default HTTPS, though at the moment its implementation doesn't cover all of the platform's functionality and is optional.