Become a Patron of Ask Leo! and go ad-free!
Focusing on Security and Privacy
Hi, everyone. Leo Notenboom here for askleo.com. I’m not sure if you’ve heard anything about it but we recently had an election here in the United States. Now, before you panic, I’m not going to go political on you. That’s not a topic that I feel serves an Ask Leo! audience however, there are some, I’ll just call “ramifications” from the way things have turned out that I think warrant some understanding and potentially some action on all of our parts.
The concern is that the incoming administration will take less of a positive role on things like personal privacy or net neutrality or any of a number of things related to the freedoms that we tend to take for granted here in the United States and from my perspective, freedoms that we specifically take for granted on the internet.
So, as a result one of the things that I think over the coming weeks I’m going to at least touch on a few different times in a few different ways is how to secure your privacy in a world that is becoming slightly more threatening for that very privacy. Whether you consider that to be a function of government surveillance or lax regulation or enforcement of privacy rules, that’s fine. You may also consider this to be protection from corporations or from other folks who may not have your best interests at heart.
The bottom line is that privacy, increasing your privacy is something that I think in the near term, in the coming years is going to be something that we’re all going to want to do to a greater degree for a variety of reasons. So, with that in mind, what I want to introduce you to today is a software add-on for the Chrome and Firefox browsers called HTTPS Everywhere.
Now, I want to back up just a minute and explain why HTTPS matters. HTTPS solves two specific problems. One, it confirms that the site you’re visiting, using HTTPS is in fact, the site that it claims to be. It’s not a fake site. So, for example, when you go to PayPal.com, the HTTPS implementation there confirms that the certificate, the security certificate that is present, the is part of the conversation when you make an HTTPS connection, belongs to and could only belong to the real, honest PayPal.com. So that’s one thing.
Confirmation that you’re talking to who you think you’re talking to. The other is actually slightly more relevant for our privacy discussion and that is that HTTPS connections are encrypted. What that means is that you can see the conversation, the recipient, the other end of the conversation can see what you are saying and what data you’re exchanging but in-between, at all different points in-between from your ISP to other computers on your network to anybody who happens to be able to see if your internet traffic, they can’t see what it is. All they see is encrypted data that they cannot decrypt.
They can’t see what you’re saying. When you’re talking to somebody like a PayPal or your bank or so forth, that’s important because you’re sharing personal financial information across the internet. HTTPS protects you; it keeps it private. HTTPS keeps all of its conversations private if it’s used and used properly. Last year, I think it was, I implemented HTTPS on askleo.com. In part, it was an exercise to see what it would take but in part also, it’s a way that ensures that what you look for on askleo.com, what you happen to be asking, what you happen to be viewing is private. Nobody in-between your computer and my web server can see as long as you’re using an HTTPS connection.
Now, over the past few years, we’ve seen more and more sites start to use HTTPS. It of course, started with banking and financial institutions. It’s moved on to mail services, most reputable online mail services now use HTTPS as the connection mechanism. If you go to Google’s Gmail for example, that will be an HTTPS connection. You’re conversation, your email that’s going back and forth over the internet is private; it’s between you and Google.
Like I said, more and more sites are switching to HTTPS for a variety of reasons – privacy being one of them. Now, what I learned in implementing HTTPS on askleo.com is that it is both simple and complex; it’s hard to describe it in more detail than that going down to technical rabbit hole that honestly, wouldn’t really help here, but the point is that it’s possible, it is not that hard, but it does require some of level geekiness; some level of expertise to make sure you have all the eyes dotted and the T’s crossed when you implement an HTTPS website.
More and more websites are doing that. Software is becoming easier and easier for those websites to use but it still does require some expertise on the site management side that to be honest, not all sites have. What happens, what we see from time to time are sites will respond to both HTTP and HTTPS. So depending on how you connect, your conversation may or may not be private with that site.
What’s worse is that some sites will have an HTTPS enabled so that you can visit in using HTTPS but links within the site will be HTTP so without your doing anything wrong at all, all of a sudden you’ll find that you no longer have an HTTPS connection simply because the site itself linked the wrong way.
That’s where this browser add-on, HTTPS Everywhere, comes in. It does a couple of different things. One, is if you visit a site that is known to support HTTPS, HTTPS Everywhere will make sure you use the HTTPS version of that site. That cascades because then that also solves this other problem of a site that links to itself or any link to that site that happens to be HTTP, the browser extension will automatically convert that to HTTPS if that site is among the sites that are known to support HTTPS. Hence the name: HTTPS Everywhere. If a site can support HTTPS, if it does support HTTPS, then installing this browser extension simply ensures that your connection will always be HTTPS. It will improve your privacy because now nobody looking at the conversation between you and that site will be able to decipher its contents. It will all be encrypted.
So that is right now a thing I’m going to suggest you consider. Yes, it is a browser add-on. It does require, right now I believe, only Chrome or Firefox. It is available from theElectronic Frontier Foundation. I will have a link for it in the notes with this video. Consider it; consider doing it. I’ve been running for a while. I’ve actually experienced no negative side effects from having this. It’s a very simple thing for the extension to do and it takes your privacy up a notch, right off the bat.
So, with that as our first step down a path of privacy, I’d like to understand what other issues you might be concerned about when it comes to privacy, when it comes to the coming years, when it comes to your experiences on the internet. I do have some other topics in the wings – some things that I think will help improve both your security and your privacy but I think privacy is going to be a theme for a little while. It’s going to be pretty important because in a lot of ways, I think our privacy is at risk.
So, let me know what you think. As always, here’s a link to this article posted on askleo.com. That’s where I read all the comments; that’s where the discussion happens. Please come visit. Let me know what you think about privacy, privacy issues, technology to help solve that. I’d love to hear from you. Until next week, I’m Leo Notenboom for askleo.com. Stay safe, have fun and don’t forget to back up. Take care.
- How do I change a website to be an https secure site? – Setting up an https secure website is both simple, and complex. The HTML doesn’t really change but you’ll need different hosting for the secure layer as well as a certificate to provide the security of https.
- Why Can’t We Use https for Everything? – HTTPS provides validation and encryption, two important pieces of security. Using it for everything is possible but costly, and issues would remain.
- Will adding an “s” to http make my connection secure? – If you can turn http into https and it works, that means that the site has a security certificate. So why aren’t they using it?