Focusing on Security and Privacy

August 13, 2019 posted by


Focusing on Security and Privacy Hi, everyone. Leo Notenboom here for askleo.com. I’m not sure if you’ve heard anything
about it but we recently had an election here in the United States. Now, before you panic, I’m not going to
go political on you. That’s not a topic that I feel serves an
Ask Leo! audience however, there are some, I’ll just call “ramifications” from
the way things have turned out that I think warrant some understanding and potentially
some action on all of our parts. The concern is that the incoming administration
will take less of a positive role on things like personal privacy or net neutrality or
any of a number of things related to the freedoms that we tend to take for granted here in the
United States and from my perspective, freedoms that we specifically take for granted on the
internet. So, as a result one of the things that I think
over the coming weeks I’m going to at least touch on a few different times in a few different
ways is how to secure your privacy in a world that is becoming slightly more threatening
for that very privacy. Whether you consider that to be a function
of government surveillance or lax regulation or enforcement of privacy rules, that’s
fine. You may also consider this to be protection
from corporations or from other folks who may not have your best interests at heart. The bottom line is that privacy, increasing
your privacy is something that I think in the near term, in the coming years is going
to be something that we’re all going to want to do to a greater degree for a variety
of reasons. So, with that in mind, what I want to introduce
you to today is a software add-on for the Chrome and Firefox browsers called HTTPS Everywhere. Now, I want to back up just a minute and explain
why HTTPS matters. HTTPS solves two specific problems. One, it confirms that the site you’re visiting,
using HTTPS is in fact, the site that it claims to be. It’s not a fake site. So, for example, when you go to PayPal.com,
the HTTPS implementation there confirms that the certificate, the security certificate
that is present, the is part of the conversation when you make an HTTPS connection, belongs
to and could only belong to the real, honest PayPal.com. So that’s one thing. Confirmation that you’re talking to who
you think you’re talking to. The other is actually slightly more relevant
for our privacy discussion and that is that HTTPS connections are encrypted. What that means is that you can see the conversation,
the recipient, the other end of the conversation can see what you are saying and what data
you’re exchanging but in-between, at all different points in-between from your ISP
to other computers on your network to anybody who happens to be able to see if your internet
traffic, they can’t see what it is. All they see is encrypted data that they cannot
decrypt. They can’t see what you’re saying. When you’re talking to somebody like a PayPal
or your bank or so forth, that’s important because you’re sharing personal financial
information across the internet. HTTPS protects you; it keeps it private. HTTPS keeps all of its conversations private
if it’s used and used properly. Last year, I think it was, I implemented HTTPS
on askleo.com. In part, it was an exercise to see what it
would take but in part also, it’s a way that ensures that what you look for on askleo.com,
what you happen to be asking, what you happen to be viewing is private. Nobody in-between your computer and my web
server can see as long as you’re using an HTTPS connection. Now, over the past few years, we’ve seen
more and more sites start to use HTTPS. It of course, started with banking and financial
institutions. It’s moved on to mail services, most reputable
online mail services now use HTTPS as the connection mechanism. If you go to Google’s Gmail for example,
that will be an HTTPS connection. You’re conversation, your email that’s
going back and forth over the internet is private; it’s between you and Google. Like I said, more and more sites are switching
to HTTPS for a variety of reasons – privacy being one of them. Now, what I learned in implementing HTTPS
on askleo.com is that it is both simple and complex; it’s hard to describe it in more
detail than that going down to technical rabbit hole that honestly, wouldn’t really help
here, but the point is that it’s possible, it is not that hard, but it does require some
of level geekiness; some level of expertise to make sure you have all the eyes dotted
and the T’s crossed when you implement an HTTPS website. More and more websites are doing that. Software is becoming easier and easier for
those websites to use but it still does require some expertise on the site management side
that to be honest, not all sites have. What happens, what we see from time to time
are sites will respond to both HTTP and HTTPS. So depending on how you connect, your conversation
may or may not be private with that site. What’s worse is that some sites will have
an HTTPS enabled so that you can visit in using HTTPS but links within the site will
be HTTP so without your doing anything wrong at all, all of a sudden you’ll find that
you no longer have an HTTPS connection simply because the site itself linked the wrong way. That’s where this browser add-on, HTTPS
Everywhere, comes in. It does a couple of different things. One, is if you visit a site that is known
to support HTTPS, HTTPS Everywhere will make sure you use the HTTPS version of that site. That cascades because then that also solves
this other problem of a site that links to itself or any link to that site that happens
to be HTTP, the browser extension will automatically convert that to HTTPS if that site is among
the sites that are known to support HTTPS. Hence the name: HTTPS Everywhere. If a site can support HTTPS, if it does support
HTTPS, then installing this browser extension simply ensures that your connection will always
be HTTPS. It will improve your privacy because now nobody
looking at the conversation between you and that site will be able to decipher its contents. It will all be encrypted. So that is right now I thing I’m going to
suggest you consider. Yes, it is a browser add-on. It does require, right now I believe, only
Chrome or Firefox. It is available from the electronic frontier
foundation. I will have a link for it in the notes with
this video. Consider it; consider doing it. I’ve been running for a while. I’ve actually experienced no negative side
effects from having this. It’s a very simple thing for the extension
to do and it takes your privacy up a notch, right off the bat. So, with that as our first step down a path
of privacy, I’d like to understand what other issues you might be concerned about
when it comes to privacy, when it comes to the coming years, when it comes to your experiences
on the internet. I do have some other topics in the wings – some
things that I think will help improve both your security and your privacy but I think
privacy is going to be a theme for a little while. It’s going to be pretty important because
in a lot of ways, I think our privacy is at risk. So, let me know what you think. As always, here’s a link to this article
posted on askleo.com. That’s where I read all the comments; that’s
where the discussion happens. Please come visit. Let me know what you think about privacy,
privacy issues, technology to help solve that. I’d love to hear from you. Until next week, I’m Leo Notenboom for askleo.com. Stay safe, have fun and don’t forget to
back up. Take care. Was that video interesting? Helpful even? Well, then I could use your help. I’ve got a Patreon project under way. You’ve got an opportunity to contribute
and help support askleo.com. To help me do what I do: help more people,
answer more questions, produce more information about technology that hopefully can help you
and others use it more effectively and with more competence. Visit Patreon.com to learn more. Among other things, you get rewards depending
on the level of your patronage. So, check out patreon.com/askleo to learn
more and help contribute to askleo.com. Thanks.

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *