There’s some good news for privacy-conscious Tumblr users.
You can now enable SSL security to encrypt your connection as you upload countless animated GIFs of a NSFW pornographic nature (and whatever else makes up the remaining 1% of Tumblr).
The bad news is that Tumblr says it isn’t yet enabling SSL by default, so it’s currently up to users to turn the feature on.
You can enable the feature by heading over to your Account Settings on your Tumblr dashboard and choosing the option.
In its usual carefree way, Tumblr is encouraging its users to enable the option:
“Any reason I shouldn’t do this?” Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.
What might have been more helpful is if Tumblr had properly explained the benefit of doing this.
Without SSL/HTTPS, everything your browser sends and receives from Tumblr is sent as unencrypted text – and could be grabbed in transit (known as “sniffing”) by malicious hackers and snoopers when you check your webmail via WiFi in the coffee shop.
Yes, the thought of sniffing Tumblr turns my stomach as well…
Readers with good memories will recall that in the middle of last year, Tumblr advised users to change their passwords after it was discovered that its iPhone and iPad apps were not properly securing users’ passwords as they logged in.
As a result, hackers could potentially have stolen users’ Tumblr passwords in transit. Not only would that have given online criminals the ability to access your Tumblr account, but also – if you were foolish enough to use the same password in multiple places – unlocked other online accounts at the same time.
Tumblr was acquired by medium-sized search engine Yahoo last year – a company which has had its own odd relationship with SSL, only finally adopting the standard by default last month.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.