I am Mrs. GNU. I am simply refusing to use any software that doesn't come with a GPL (click) or comparable license. I have used and supported Linux since 0.94 and I do know what a 'Yggdrasil' is.

There are just two exceptions to the rule: I need Windows to play games (currently: Empire: Total War) and I use Skype.

Bam! There you have it. I am a Skyper. I know - it is bad and I shouldn't do it, but, well, what can I say? However - before you judge me, please grant me a few last words.

I do run VOIP servers and (hardware) clients. My Asterisk is serving me well but as soon as it comes to VOIP clients (soft phones), there's just nothing compared to, well, Skype. No need to configure a variety of firewall ports, no need to play around with NAT, STUN, no need to get complicated sip user-ids, no need to use different programs for different reasons (like status, chat, video, file-xchange). Skype does it all. All messages are delivered to all clients on all computers (without the need to invent 'Resources') and, should I not be online, I get the messages as soon as I sign on again.

XMPP (Jabber) could be a nice alternative to Skype. It's an open protocol and though some of its 'philosophies' (like i.e. Resources) are plain weird, it's a good start. However, the 'jingle' multi-media extension is still a draft (since years) and there are no cross-platform clients supporting voice/video chat.

In order for me to kiss Skype good-bye, xmpp (or any other protocol) would have grow into something 'usable' - not only for me, but for my dad, my sister and other computer-illiterate friends of mine. As long as it doesn't go:

- Install
- Register
- Run

it won't be acceptable. We are able to squeeze text, video, audio through port 80 on any web-site. But the SIP protocol uses a variety of tcp/udp ports for simple phone calls. That's nice for technicians and big phone networks, however it's overblown, way too complicated to be implemented into end user applications.

Well - I guess that's the reason for a few 100 million people to use Skype. And that's the reason I use Skype. It simply works. Without headache, without having to explain a lot. On any platform and without the need to configure anything.

On January 15th, AP carried a story about a woman who was connected with an unknown Facebook account (Read Article). She didn't hack into the account, she simply went online, connected to Facebook and was greeted with a a smiling face - unfortunately, it wasn't her own. She called her friends and at least one of them experienced the same problem - though this person was granted access to a completely different Facebook account. Both were using the AT&T wireless network.

AT&T spokesman Michael Coe is quoted saying that "its wireless customers have landed in the wrong Facebook pages in "a limited number of instances" and that a network problem behind those episodes is being fixed".

So everything is fine? Case closed? Not so fast. First let's look into the details of this problem.

Most websites (not only Facebook) use "Cookies" for authorization and other purposes. Cookies are small pieces of data that are created by a website, transmitted to you and automatically stored on your computer. Whenever you return to that website, your computer will re-send the Cookie to it and you are authenticated. For security reasons, your computer will make sure that all Cookies are only sent to the originating website. So, if, say, Facebook sends you a Cookie, your computer will send it only back to Facebook. This is very important because whoever has your "Cookie" can use it to login to your account - even without password. Cookies are only exchanged directly between a website and your browser - the Cookie is a 'key' and your browser knows which 'key' to use for what 'lock' (website). Though it is not perfect, it's a pretty save method.

Unless there's a man in the middle.

In cryptography, the man-in-the-middle attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. (Source: Wikipedia)

Should the "man in the middle" lose track of which data to send where, Cookies are fumbled and people are able to view (and modify) other peoples profiles. Is that what AT&T calls a "network problem"?

But this "network problem" uncovered a shocking and almost unbelievable truth: There is a "man in the middle" in AT&Ts wireless network. In other words: Somebody (most likely an organization or company with three letters in it's name) may have all Cookies and, by definition, access to all accounts. Not only on Facebook, but on each and every website that is using Cookies for authorization. All the data stored in social or business websites, on your email-accounts, maybe even your banks website - in plain view to, well, whoever it is.

What can you do?

Well, you may want to finally surrender your privacy once and for all. Take a piece of paper, write down all your usernames and passwords and mail them to AT&T. That saves a lot of data storage. And you will never again be tempted to expect any 'online' privacy again. Or you can make sure to use HTTPS (Hypertext Transfer Protocol Secure). Never connect to a website by typing 'website.com'. Type 'https://website.com' - like https://www.facebook.com. Your data will now be encrypted and the "man-in-the middle" can't use your data (including your Cookies).

If a warning pops-up - don't use the website. If you can't connect to a 'https' website - don't use it. But it must be HTTPS (notice that 's' at the end - that's for 'Secure'). Make sure the website doesn't re-route you to a different address without the 'https' in front of it.

All of your current accounts are already compromised. Will it help to change your password? That depends on the website - but is surely doesn't hurt. Keep an eye on the "visit tracker". Most websites tell you how many times you have visited. Write it down and check if it increases without you logging in.

Support the Electronic Frontier Foundation (Go There) and let them help to defend your digital rights. Unless of course, you have no problem with 'you know who' sharing your data with 'you know who' ...