Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What does "leaving a secure internet connection" mean?

Question:

My computer occasionally tells me that you are about to leave a secure
internet connection. It would be possible for others to view information you
send. What does this mean.

Most of the time it's an informational message that you can safely ignore.
However there are times that it's critically important to know what it means,
and whether or not you should be doing something differently.

The issue?

Someone could be eavesdropping.

Become a Patron of Ask Leo! and go ad-free!

Depending on your network and how you're connected to the internet, all
computers "close to" each other can actually "see" the network traffic of all
the others. For example you could be doing some on-line banking using one
computer in your home, but all the data traveling between your computer and
your bank could be viewed by another computer in your home. Other
computers typically don't listen in, because it's clear that the data
is destined for your computer and not another, but software exists that can
ignore that.

"Sniffing" software can monitor the data going to and from other computers
on the network. This kind of sniffing is particularly easy in WiFi hotspots.
When network traffic is wireless, any computer within range of the signal can
listen in.

It's kind of like being in a restaurant and listening to the conversation at
the table next to you. It's not meant for you, but it's very easy to eavesdrop
and listen in.

"It's kind of like being in a restaurant and listening
to the conversation at the table next to you."

A "secure" internet connection is one where the data being sent back and
forth is encrypted. Only the machine it's destined for knows how to decrypt and
read the information.

This is kind of like being back in that same restaurant and listening in,
only this time you can't understand a word of what's being said because they're
speaking a completely different language. You can listen all you want, it just
won't do you any good. Only the two people speaking to each other understand
their own language.

"https" connections are encrypted, secure internet connections. "http"
connections are not. "http" connections can be sniffed and understood; "https"
connections can also be sniffed but the data visible is unintelligible.

In some cases when you're on a page that you visited using an "https"
connection, and you click a link that is going to go to a "http" connection,
your browser will warn you, and that's the message you're seeing. The issue is
that you're leaving a secure connection (https) for an insecure one (http). If
the browser didn't warn you it might be easy to miss the fact that this had
happened and think that you were browsing securely when you weren't.

It's not at all uncommon to transition from websites accessed by "https" to
those accessed with plain "http". "https" is actually a tad slower, and not all
information needs to be transmitted securely. There's no reason, for example,
to encrypt the contents of this page, and so there's no
"https://ask-leo.com". However sites that require security,
such as banking or other sensitive services, may be available only via
"https".

Linking from one to another is common. The warning is simply that, a
warning, so that you know just how secure you are.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

4 comments on “What does "leaving a secure internet connection" mean?”

  1. Okay, so I understand that networked traffic can be listened to by others on the network if it isn’t encrypted. I presume you’re talking about a LAN. But what about the WAN (if I understand the term correctly). I have just subscribed to a wireless ISP – not a WiFi – but the kind where the ISP gave me a wireless modem that connects to the nearby cell tower. Is this kind of connection safe? The person in the next office uses a ISP/wireless modem with an internet phone. Are his conversations secure? When we talk about “out there” (on the internet) versus “in here” (on the LAN), is the trsnsition at my modem or at the cell tower? Or where?

    The question of using an internet phone with a wireless modem is a big deal, because it is the means that some phone companies are using to provide local phone service which bypasses the land lines yet acts like a landline service. So if there are any doubts about its security this will be a major concern.

    Reply
  2. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    GREAT question.

    The short answer is that for now I believe you’re safe on cellular and WiMax
    type of networks. I *believe* that the data is encrypted, but even if not
    sniffing equipment is not nearly as prevelant as it is with WiFi. Any laptop
    can sniff Wifi. I know I happily use my cellular connection without the same
    encrypting safeguards that I do when I use WiFi. (Though I keep my firewall up,
    since it is a direct internet connection.)

    I honestly don’t know about internet phones. I know that *some* are encrypted,
    but which I do not know. I’d check with the providers.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHAYbuCMEe9B/8oqERAioRAJ4/3YRgMYeYaMEbScZSFRGlQvcHOwCfQa01
    E94/P/uKryVhZZptHTnnIvc=
    =etkk
    —–END PGP SIGNATURE—–

    Reply
  3. I had an interesting, suspicious incident I’d like to ask your Comment on: I found a Free Sportsbook, advertised out of Cyprus. Signing up, without divulging personal info, I was assigned a personal Username and Password, via e-mail. However, when I proceeded to Login, a Popup informed me that Login is only possible through a “Nonsecure connection”. Am I correct to be suspicious? Thank you.

    Not really. Many sites don’t use https even when they should, but it doesn’t imply anything nefarious.

    Leo
    24-Oct-2010

    Reply
  4. Hi Leo,

    I have a question that might be silly but say I use my cellphone as a hotspot for my PC and access my email or bank account. Can the sniffers/hackers get direct access to the page I’m viewing or my account or is it like they’re just watching me navigate??

    Thank you in advance,
    Kev

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.