From the Electronic Frontier Foundation:
However, simply protecting patron records is no longer enough. Library patrons frequently access catalogs and other services over the Internet. We have learned in the last two years that the NSA is unconstitutionally hoovering up and retaining massive amounts of Internet traffic. That means that before a patron even checks out a book, their search for that book in an online catalog may already have been recorded. And the NSA is not the only threat. Other patrons, using off-the-shelf tools, can intercept queries and login data merely by virtue of being on the same network as their target.
Fortunately, there is a solution, and it’s getting easier to deploy every day. HTTPS, the secure version of HTTP, encrypts all traffic between a web browser and a server. The conventional wisdom of the 1990s was that HTTPS was only necessary to protect credit card numbers and passwords. But that opinion has changed for two reasons: First, it’s become clear how frequently information is spied on for non-financial reasons, and second, improved algorithms and processing speeds have made HTTPS dramatically cheaper. For instance, Google reported only a 1% increase in CPU costs from deploying HTTPS. The other former cost of HTTPS, obtaining a certificate, has gone from very expensive to completely free over the last decade. It can be complicated to obtain and configure even a free certificate, but EFF, Mozilla, and several other organizations are working to eliminate the hassle with a new project called Let’s Encrypt, which will offer certificates that are both free and easy to set up.
Read the Complete Article