Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?
Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.
However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.
Become a Patron of Ask Leo! and go ad-free!
An unencrypted connection that in an open Wi-Fi hotspot, for example, that suspicious character in the corner could be watching what you’re viewing on eBay, what you’re bidding on, and basically your entire activity on the non-https portions of that site.
While it’s not the end of the world, it’s not necessarily a good thing. And of course for sites other than eBay it could be a very, very bad thing, or it could be a complete non-issue.
Many sites are moving to using https for everything, or are already there. Email sites, for example, needed to do this early on since email can often contain very sensitive content. Other sites simply don’t offer https as a connection mechanism.
I don’t know where eBay is going to fall into this category. I don’t know if https is even an option for their other pages. A good resource, if you’re curious, is eff.org/encrypt-the-web. That includes links to a list of major players, and breaks down exactly which sites do what with respect to https.
So, if you can’t use https, and you’re in a potentially insecure location like an open Wi-Fi hotspot or a wired connection at a hotel or a library, what do you do?
The easy solution is to use a VPN service. VPN stands for Virtual Private Network. A VPN will set up an encrypted connection between your computer and itself. All of your internet traffic then travels over that connection – encrypted. Http or https, it doesn’t matter – it’s all encrypted and nobody in that cafe, library, or hotel will be able to see, sniff or understand exactly what it is you’re doing.