Threat Level: YELLOW

Updating your Facebook status from a Wi-Fi café? A stranger can log in to your account and pretend to be you. Blame Firesheep, a free Firefox plug-in that captures login cookies as they fly by unencrypted. Programmer Eric Butler wrote the program to without realizing it. Using Firesheep, a hijacker can access your account on Facebook, Twitter, and two dozen other sites. Any information you thought was private now isn't. Feeling naked yet?

The failure of sites such as Facebook and Twitter to require secure logins is "an enormous privacy problem," says the EFF's Eckersley. "Google demonstrated this could be done on a colossal scale at minimal cost with Gmail. Now we need to get the rest of them to do that."

The solution: Use EFF and the Tor Project's plug-in for Firefox to force sites to use SSL encryption if available. And don't log in to sites containing sensitive info from a public network.