Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

If we login to a site securely will our other activities be secure?

Question:

Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?

Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.

However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.

Become a Patron of Ask Leo! and go ad-free!

Unencrypted connections

An unencrypted connection that in an open Wi-Fi hotspot, for example, that suspicious character in the corner could be watching what you’re viewing on eBay, what you’re bidding on, and basically your entire activity on the non-https portions of that site.

While it’s not the end of the world, it’s not necessarily a good thing. And of course for sites other than eBay it could be a very, very bad thing, or it could be a complete non-issue.

Many sites are moving to using https for everything, or are already there. Email sites, for example, needed to do this early on since email can often contain very sensitive content. Other sites simply don’t offer https as a connection mechanism.

HTTPSI don’t know where eBay is going to fall into this category. I don't know if https is even an option for their other pages. A good resource, if you’re curious, is eff.org/encrypt-the-web. That includes links to a list of major players, and breaks down exactly which sites do what with respect to https.

So, if you can’t use https, and you’re in a potentially insecure location like an open Wi-Fi hotspot or a wired connection at a hotel or a library, what do you do?

The easy solution is to use a VPN service. VPN stands for Virtual Private Network. A VPN will set up an encrypted connection between your computer and itself. All of your internet traffic then travels over that connection – encrypted. Http or https, it doesn’t matter – it’s all encrypted and nobody in that cafe, library, or hotel will be able to see, sniff or understand exactly what it is you’re doing.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “If we login to a site securely will our other activities be secure?”

  1. [[An unencrypted connection that in an open Wi-Fi hotspot, for example, that suspicious character in the corner]]

    Right out of the movie ‘The Net’ and its Gatekeeper bogus security software.
    http://en.wikipedia.org/wiki/The_Net_(1995_film)
    Personally, we use a VPN service when we are on open wi-fi networks. There
    are modes for handheld (tablets and phones) as well as laptops and netbooks.

    Reply
  2. Does anyone have a VPN which does NOT slow to a crawl at a Wi-Fi café? Or one you can recommend which you consider highly rated? I’ve read the reviews on many, and it seems the VPN’s, unless corporate, leave much to be desired. Safety at a price, I guess.

    Reply
    • I have no direct experience with any, I’m afraid. (Having my own servers I roll my own solution.) I would expect the reviews to be the best source of hands-on experience.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.