Tumblr users – turn on SSL now!

Graham Cluley
Graham Cluley
@[email protected]

Tumblr SSLThere’s some good news for privacy-conscious Tumblr users.

You can now enable SSL security to encrypt your connection as you upload countless animated GIFs of a NSFW pornographic nature (and whatever else makes up the remaining 1% of Tumblr).

The bad news is that Tumblr says it isn’t yet enabling SSL by default, so it’s currently up to users to turn the feature on.

You can enable the feature by heading over to your Account Settings on your Tumblr dashboard and choosing the option.

Sign up to our free newsletter.
Security news, advice, and tips.

In its usual carefree way, Tumblr is encouraging its users to enable the option:

“Any reason I shouldn’t do this?” Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.

What might have been more helpful is if Tumblr had properly explained the benefit of doing this.

Without SSL/HTTPS, everything your browser sends and receives from Tumblr is sent as unencrypted text – and could be grabbed in transit (known as “sniffing”) by malicious hackers and snoopers when you check your webmail via WiFi in the coffee shop.

Yes, the thought of sniffing Tumblr turns my stomach as well…

Readers with good memories will recall that in the middle of last year, Tumblr advised users to change their passwords after it was discovered that its iPhone and iPad apps were not properly securing users’ passwords as they logged in.

As a result, hackers could potentially have stolen users’ Tumblr passwords in transit. Not only would that have given online criminals the ability to access your Tumblr account, but also – if you were foolish enough to use the same password in multiple places – unlocked other online accounts at the same time.

Tumblr was acquired by medium-sized search engine Yahoo last year – a company which has had its own odd relationship with SSL, only finally adopting the standard by default last month.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.