Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?
Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.
However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.
Become a Patron of Ask Leo! and go ad-free!
Unencrypted connections
An unencrypted connection that in an open Wi-Fi hotspot, for example, that suspicious character in the corner could be watching what you’re viewing on eBay, what you’re bidding on, and basically your entire activity on the non-https portions of that site.
While it’s not the end of the world, it’s not necessarily a good thing. And of course for sites other than eBay it could be a very, very bad thing, or it could be a complete non-issue.
Many sites are moving to using https for everything, or are already there. Email sites, for example, needed to do this early on since email can often contain very sensitive content. Other sites simply don’t offer https as a connection mechanism.
I don’t know where eBay is going to fall into this category. I don't know if https is even an option for their other pages. A good resource, if you’re curious, is eff.org/encrypt-the-web. That includes links to a list of major players, and breaks down exactly which sites do what with respect to https.
So, if you can’t use https, and you’re in a potentially insecure location like an open Wi-Fi hotspot or a wired connection at a hotel or a library, what do you do?
The easy solution is to use a VPN service. VPN stands for Virtual Private Network. A VPN will set up an encrypted connection between your computer and itself. All of your internet traffic then travels over that connection – encrypted. Http or https, it doesn’t matter – it’s all encrypted and nobody in that cafe, library, or hotel will be able to see, sniff or understand exactly what it is you’re doing.
[[An unencrypted connection that in an open Wi-Fi hotspot, for example, that suspicious character in the corner]]
Right out of the movie ‘The Net’ and its Gatekeeper bogus security software.
http://en.wikipedia.org/wiki/The_Net_(1995_film)
Personally, we use a VPN service when we are on open wi-fi networks. There
are modes for handheld (tablets and phones) as well as laptops and netbooks.
Does anyone have a VPN which does NOT slow to a crawl at a Wi-Fi café? Or one you can recommend which you consider highly rated? I’ve read the reviews on many, and it seems the VPN’s, unless corporate, leave much to be desired. Safety at a price, I guess.
I have no direct experience with any, I’m afraid. (Having my own servers I roll my own solution.) I would expect the reviews to be the best source of hands-on experience.