1 minute read

I’m often asked about secure websites. For example, should you trust the connection with your computer and your bank’s website? The article is going to get a little technical, but hopefully will give you the tools to know which websites are secure, and which aren’t, from now on.

There has been a secure encryption using protocol around for a long time called secure sockets layer (SSL), which has been modified and labelled Transport Layer Security (TLS) which can be used in most client/server relationships. By adding the HTTP protocol over TLS, this makes the web based session encrypted. The S in HTTPS stands for secure.

This is the difference between HTTP and HTTPS, which should be easy to see in the URL bar at the top of most browsers. Does the URL start with http:// or https://? If it doesn’t start with either, it’s likely not encrypted, meaning many people can see everything you do on that website!

So we know that if we don’t want people digitally eavesdropping or doing what is called a the man-in-the-middle (MITM) attack, we need to make sure the website we’re going to is using https:// at the beginning. Several modern browsers will also add a padlock icon or a different colour if you’re using an HTTPS connection successfully. If the padlock is broken, the connection shouldn’t be trusted as there is likely an issue with the server’s TLS certificate.

Are you with me so far? You should not put any personal information into any website that does not use HTTPS properly, and you should remember that everything you do on a plain HTTP website can be monitored, logged, and used against you forever.

The Electronic Frontier Foundation (EFF) partnered with the Tor project to release HTTPS Everywhere which is a plugin that works with both Chrome and Firefox that automatically tries to redirect your browser to the secure version of any website you visit.

The next article in this series is going to explain how simply using HTTPS is no longer good enough on its own, but is the first step in understanding how we need to start ensuring our HTTPS sessions are using Perfect Forward Secrecy.

Tags: ,

Categories:

Updated:

You may also enjoy

Password Managers For 2024

1 minute read

The top two questions we’ve received for the last 15 years are which browser should I use for privacy?, but more common is “Which password manager should I u...

Web Browsing With Privacy

1 minute read

I’ve been updating this blog for well over a decade on privacy centric browser options, so I thought I’d start with my recommendations as we dive into 2024. ...

Sharing Links

less than 1 minute read

When sharing links, there are a handful of issues that may occur. The original news site or blog may have taken the article the down, or they may in the futu...

You May Have 5 Minutes To Patch Your Systems

4 minute read

We’ve all been working on something on our device when we get a pop-up that a new patch or update is available, and we probably dismiss it as we want to stay...