Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?
Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.
However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.
Today, reading a blog, I clicked on a link that took me to an answer on Quora.com, which is a site that I can’t recall ever visiting although it’s possible that I may have hit it using Stumble Upon or something similar in the past. My CyberGhost VPN was active. I scrolled down to the bottom of the page and there was my name and an invitation to submit further details. How could this be? I’m most concerned. I did not submit any information to this site during this session. How could it have identified me if I was using a VPN?
The fact the you’re using a VPN has almost nothing to do with this. A VPN protects your connection from the prying eyes of people between you and the VPN service, but that’s about it.
I recently signed up with a personal VPN service for several reasons. I’d like an unbiased opinion of their value in terms of real security, privacy, etc., and also the potential unintended consequences of using them. I like the idea of having my email completely secured. No tracking (by Google or Bing) of my searches and portability to public hotspots. But I’ve also read that because VPN tunnels through my router’s NAT firewall, I might be giving up a valuable layer of security when I use it at home.
I use a robust anti-virus firewall of course, but I know you recommend a NAT firewall as a strong first line of defense against internet attacks. Are there other potential downsides to casual use? I’m not recommending one “pay for” service over another, but I happened to sign up with Witopia and I’m quite satisfied so far. Thanks for any thoughts on the subject.
I’m a little concerned that there may be some fundamental misunderstandings of exactly what a VPN does and what it does not get you.
To be clear, a VPN does nothing more than encrypt and route all of your internet traffic through the VPN provider’s server. That’s it. What happens after that server actually doesn’t change.
Is your email completely secured? That depends on what you mean.
I’m using Asus laptop running Vista 32-bit version. When I attempt to access any number of different themed websites, I get a message on the resulting page telling me that “Juniper web blocking has made this page unavailable.” I don’t remember ever seeing this software much less installing it, so I’m going to assume that this one slipped by me. It’s becoming a royal pain. When checking it out, I found that it’s commercial software aimed at the corporate sector. What I’m trying to find out is if you can help me delete it without formatting my computer?
I don’t think I can tell you how to get Juniper Networks web blocking software off your computer… simply because I don’t believe it’s on your computer.
When I travel and use a site like Hotspot Shield or another service, how does my information get encrypted? Does the site send an encryption key that encrypts my data before it leaves my computer and then decrypts it with a key only it and my computer knows?
I have the same question regarding my “secure” online banking transaction when I’m at home on my secured wireless network. Does the bank send my computer a key to encrypt my data before it leaves my computer to go through my secured wireless LAN? I plan to travel overseas shortly and I’m very concerned about using my computer for sensitive transactions while overseas.
You’re mostly right, but you’re also overlooking an important step in that process. How do you exchange that encryption key securely before the encryption has been set up?
In other words, how do you send someone a password securely if the only thing that they would have to make it secure is knowing that password before they got it?
The problem is that you need to encrypt to exchange data securely, but you can’t encrypt until you’ve exchanged the encryption key. It’s a classic chicken and egg problem.
Let me explain what happens here at a very high level.