double stamp
Double Stamp is an easy-to-understand guide to useful computer and internet technology. It's written to be readable by everyday computer users.

Keep Private Data Safe From Web Snoops

The internet is vast web of connections which link personal computers, corporate networks, government servers and foreign organizations. When you connect to a particular website, the data that you enter and receive passes through a number of computers outside of your control. So, what prevents a user on one of those computers from intercepting your data and reading it? Nothing usually, but private data CAN be protected if you use something called "Secure Socket Layers" (SSL). This article isn't intended to explain the details of SSL. It is intended to make sure that you, a user of the internet, know how to determine if your data is safe. You don't have to know how a watch works to read the time.

First, you should never consider your information secure when using a computer that isn't your own. When you load your email, visit a banking site, or load any information that is considered sensitive, that information gets stored into the memory of the computer that you are using. If you're not the owner of that computer, you can't be sure that no one will obtain your sensitive info. It doesn't matter how secure your connection to the web is, your data is still stored locally. If you do not trust the owners of the computer you are using, don't load or enter any sensitive material. Buying something online with your credit card while using a foreign internet cafe computer is a bad idea, as the owners may be recording every keystroke you make.

Now, on to SSL. The concept is really simple: SSL protects your data from potential snoopers by encrypting it before sending. Your browser encodes your sensitive information using encryption, the coded data is sent, and the computer that you are connecting to decodes it. If someone in the middle intercepts your data, they will just see a bunch of gibberish codes. When you connect to a website using the "https://" instead of "http://" prefix, you are telling the browser to protect your data using SSL. The pictures here show a secure connection being made to gmail, so no one can read my email even if they intercept it! If you have a gmail account, just go to https://www.gmail.com instead of http://www.gmail.com if you want to try it yourself. Many other online mail systems carry this feature as well.

If a proper secure connection has been made, you should see a little picture of a lock in the lower right hand corner of your page. Hovering your mouse over the lock will show you the third party organization that has verified the website in question. Companies like IdenTrust and Verisign are common examples of companies that make this verification.

Bottom line... if you don't see https:// in your address bar, and there is no lock in the bottom right hand corner of your screen, don't enter or try to retrieve any sensitive information! Don't pay your bills online, don't do any bank transactions, and don't read sensitive material. However, if you do see the https://, the lock, and you're using a computer you trust, your data is secure.

Now, go practice. Check your bank's account and the sites you use to pay your bills online to make sure they are doing things right. If there's no https and lock, send a complaint. There is no reason that any website dealing with sensitive information should not be using this technology.

4 comments:

Joe A said...

Thanks Joey, I really think you have done a tremendous job with this site.
I found each post very useful and will for sure use the online secure info stuff. I noticed blogger is an https:// but the lock is in the upper right hand corner just next to the address bar, not the lower right.
Also we put firefow on our computer.
You even write well.

tysqui said...

Why would gmail and the other e-mail applications not use SSL automatically? I find it strange that you can use one or the other.

Doughy said...

Joe a,

In firefox, there is a lock in both the top and the bottom corner. Good observation.

Tysqui,
I guess the only drawback to using SSL for non-sensitve data is that it is slightly slower. Other than that, I can't think of a reason not to use it in gmail.

Holly said...

Hey Joey, I agree with other posters. This is important stuff. You will help a lot of us who are ignorant about online technology and basic things that can help/hurt us.

Good job!