Do you suffer from online insecurity?
Do you know the causes and symptoms of illnesses like a heart attack, stroke, and high blood pressure? Most likely you do since these illnesses are so common. But what about lesser known illnesses? You are aware that they exist and that they could have severe consequences, but most likely you are not going to worry about them until it is too late.
It dawned on me recently that we treat online security in the same manner - we are aware that there are risks and potentially major consequences of not being secure online, but we feel that these causes and risks are too technical, complicated, or infrequent, which causes us to feel it is not worth our time to understand the issue. Well, that is until it is too late and our identity has been stolen, our social media account has been hacked, or our bank account has been emptied.
To be honest, protecting yourself could get extremely complicated and technical, but for the typical online user, there are a few easy steps you should be aware of that could make the difference between being secure and losing everything. There are two ways you can suffer from online insecurity that are easy to address: insecurely connecting to web sites and using passwords that are easy to guess. Other situations that are not fully in your control are when websites and servers do not have proper security measures in place to protect your data. For the remainder of this post, I will focus on web site connections and will use future posts to talk about the other issues.
Defining the Illness - Insecure Connections
A connection is the sending and receiving of data between your device and a website. Unfortunately, it is possible for someone to tap into your connection and see the data that is being sent and received - think of it like a phone wire-tap from the movies. When the connection is insecure, the person that is watching your data can see everything that is occurring as if they were simply sitting by your side and watching what you are doing. They can see your emails, chats, passwords, home address, phone number, bank card number, social security number, conversations with friends and lovers, and anything else that you are entering online. Basically, not an ideal situation.
Luckily, you can make sure that you do not suffer from this illness by simply getting a secure connection. This means that the data that is being sent and received is encrypted. As an example, if you are buying something online and have to submit your bank card number, the person watching your connection would see the bank card number as follows:
Insecure connection: 1234 5678 9012 3456
Secure connection: Oygf7XFjPfWtZ2MJOSJymNrIHLx4lhoTCK8uThovTYE=
This person would have a very hard time knowing that this random list of characters represents your bank card number and will have an even harder time converting these characters back into the actual bank card number. This is the ideal situation.
Signs of Insecure Connections
You can tell if you have a secure connection by looking for one of the following. First, look to see if the URL starts with https, not http. If you do not see either https or http, you can assume that the URL starts with http and is not secure. Second, all browsers have adopted a green lock icon to indicate that you have a secure connection to the site. For example, this is what browsers show when you access the JumpStart website:
Mozilla Firefox -
Google Chrome -
If you do not see this green lock icon, it is safe to assume that your connection is not secure and, therefore, you should be careful with the information that you send over this connection. Unfortunately, it is not easy for people to spot the absence of the lock icon to know that something is bad - instead it is better to show that something is bad. And as of January 2017, that is exactly what Google Chrome and Mozilla Firefox are now doing.
The latest versions of Chrome and Firefox now show a grey lock icon with a red line through it to indicate that your connection is not secure. For example, this is what the IPN site looks like in Firefox:
For now, Chrome and Firefox are only showing this warning icon if the browsers detect that the web page contains a form for the user to login or enter credit card info. However, sometime in the near future, both browsers will show this message for all URLs that does use https.
You will only see these icons if you are using the latest versions of the browser. In general, for the best security protection, you should always keep your operating system, software, and apps up to date so you are protected from the latest security vulnerabilities.
Do My Apps Use Secure Connections?
Browsers make it easy to know whether or not you have a secure connection. Unfortunately, apps are not as transparent in this matter. To know whether or not an app uses a secure connection, you have to search for the answer online by visiting the app store page, visiting their site (if they have one), or trying to find the answer in a forum or tech article. Apps are slowly moving towards using secure connections, but not all of them are using this option by default. For instance, Signal and WhatsApp are popular messaging apps that always use secure connections. However, Facebook Messenger, another popular messaging app, only uses secure connections if you tell it to be a ‘Secret’ message.
Immunizing Yourself From Insecure Connections
As previously mentioned, your connection is secure if you have https and the green lock icon. Unfortunately, the website owner is the one that decides whether or not they will offer URLs with https, not you. Luckily, there is a way for you to control whether or not you want to create a secure connection to a web page, no matter if the URL uses http or https.
When you connect to a web page, your device makes a connection directly to the server the website resides on and that connection may or may not be secure. There is a service you can use that will direct all of your connections through a secure server before going to the web page that you are requesting. Your connection to this new server will always be secure and encrypted no matter what web page you are requesting. The service is known as a VPN or a virtual private network.
There are different ways of using a VPN service. One of the easiest is to install a browser plugin that will direct all of your browser traffic through a VPN server or you can switch browsers and use the Tor Browser which automatically sends all traffic through VPN servers. Another option is to install software onto your device that will direct all traffic through a VPN server. These might sound like the same thing, but there is a small difference. The first option only controls your browser traffic while the second option controls all internet connections your device makes, whether it is through a browser or through an app. For instance, if you have Skype installed, the first option will not help secure your connection because you are not using your browser with Skype, but the second option will.
A couple quick notes about VPNs. There are VPN services that are free to use but come with a monthly bandwidth limitation. These will work well for emails and messaging, but not watching videos, so if you plan to use the VPN service everyday look for providers that have no bandwidth limits. Some VPN services keep logs of your browsing history so even though your connections are encrypted, a government could potentially still request the logs to see what pages you were accessing. Typically, there is a list of VPN servers that you get to select from and these servers can be all over the world. If you pick a server that is far away, your connection could be a bit slow due to the distance the data has to travel. Finally, when searching for a VPN service to use, compare prices and look for reviews of the service provider to see if people are happy with them.
To recap, accessing the internet insecurely could expose you to potential hackers that could steal your identity and money. To protect yourself, only send sensitive information like passwords and bank card info through secure pages. You can identify a secure page when the URL starts with https, not http, and looking for a green lock icon next to the URL. Finally, you can ensure that all of your connections are always secure by using a VPN service.
Please keep in mind that this is only covers one area in the protection against online insecurity. There are still other steps that you should take to make sure you are using the internet as securely and safely as possible. Stay tuned for future posts about passwords and, for those that own websites, how to provide sites with secure connections.
Good luck and safe browsing!