In the earlier days of computing and the Internet (I’m not that old, I swear) information wasn’t as easy to acquire as it is now. People couldn’t simply “Google” something and find it, you had to do a bit more digging. The backbone of the Internet was not created with security in mind. Protocols that transport the Internet’s data has had encryption and security ‘tacked on’ as an afterthought. HTTPS (Hypertext Transfer Protocol (Secure)) is still relatively new in comparison to the age of the Internet as a whole. This is especially true, and still true for many mobile applications - but that’s another topic entirely. So why is this important? Well, for those not well-versed in the topic, encryption (basically scrambling data to render it unreadable) is very important for security, privacy and secrecy. It allows us to conduct business online, engage in confidential communications as well as a myriad of other things. It prevents sensitive data from being read (e.g. financial information). Of course it allows nefarious people to do the same, but in my opinion we should not degrade the liberties of everyone because of the few that use these same means for evil. They will still find ways. But I digress.
As the Internet has become more complex and slowly more secure, the vulnerabilities, tricks, as well as social engineering techniques employed by malicious actors have followed suit. So here are a few tips to aid you in keeping yourself secure when browsing. One of the easiest things you can be on the lookout for (and probably already do) is the padlock icon on the web address bar. If you see an image like the one below,
It means that HTTPS is not enabled on that website. In other words you should not input any sensitive information into the site such as login information (username, password), and especially not banking-related information.
However, the below image is a little trickier.
The website itself may indeed be using HTTPS, meaning that the data that you send to the website should be secure. However, there is a caveat - it potentially means that the network you are connected to is being monitored (traffic could be decrypted en route, intercepted and read by a third party). I use potentially deliberately, because the issue isn’t black and white and honestly, you are unlikely to come across this scenario in most normal use cases. The example image above image is a deliberate HTTPS decryption that I have set up on my own local network. It requires that a special certificate be installed into the web browser that gives the router permission to decrypt the data to and from certain websites. Browser certificates work much the same as certificates you may receive for completing say a degree or a course. There is a trust associated with a degree diploma that is backed by the reputation of the institution it is from. The companies that manage certificates go through procedures to be recognised as trustworthy. By installing a self-signed certificate, I am shifting the trust. The same applies when you use a Virtual Private Network (VPN) - trust is being shifted to the VPN provider to ensure that the encrypted tunnel you create through their service is shielded from prying eyes. Now that we’ve gotten all the bad stuff out of the way, the below image is what it should look like the majority of the time,
This image indicates that the connection to whatever website you’re connected to is secure, and you should be safe to assume that the data you send to the website is not stolen by a third party. It may not always be the case, but let’s not don our tinfoil hat just yet.
As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)
We’ve done the research, so you don’t have to!
Thanks for reading!