Today’s tip is an easy one. When you’re browsing the Web, if the address of the page you’re viewing starts with “http://”, you’re viewing a non-encrypted Web page, which means that it’s possible someone can intercept what you’re doing (a neighbor listening in on your WiFi, the NSA, etc.). On the other hand, if the address starts with “https://”, it is encrypted using “SSL” and likely safe. The “s” means secure!
Chances are, you’re viewing this blog with the unsecure URL (since we’re not really trasmitting anything secret here, that’s ok!), but you can easily go up to the address bar of your Web browser, add in the “s”, and press Enter to see this page over a secure connection. Not every Web site supports SSL, but many do, so before you enter a password or other personal information, try adding the “s” and seeing if you can change your unsecure connection into a secure one.
[Update: Commenter featherwinglove reminds that there is a plug-in for Firefox & Chrome users to do the above automatically for you. See: https://www.eff.org/https-everywhere]
This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.
I’m a very strong proponent of “SSL Everywhere”. Modern servers can easily handle the additional workload, so there’s no performance issue. And when everything is encrypted, it makes it harder for interlopers to triage the content they “voyeuristically scan”.
Incidentally, the link in your email delivery of today’s item was missing a period (https://tsaoutofourpantswordpress.com).
It seems odd to me that you’d write this entry with no mention of the HTTPS Everywhere plugin that automatically tries all websites you visit for HTTPS:
There are also a Google account configuration option to access your Gmail account over encryption all the time. Highly recommended.
Good idea — will update. 🙂
This’ll keep you busy for another three days 😉
It seems that if you use the Tor bundle, their browsed (moded Firefox) already comes with https-everywhere.
Good stuff. Thanks.