The perils of plaintext
The Internet is made up of magic; lots and lots of little bits of magic – fit together like a massive jigsaw puzzle – invisible to most of us.
We take this magic for granted, trusting that it works correctly and in our favor.
The Internet as we know it today started as the little-known project ARPANET, developed by the United States Department of Defense.
ARPANET was first used to connect corporate and academic computers for the purpose of informatoin sharing in direct support of Government business.
ARPANET spread rapidly and was eventually decomissioned, with its technical foundation being used as the foundation of the modern Internet.
One big game of Jenga
At the base of the modern Internet lies the TCP/IP protocol, which facilitates the relay of information across computer networks.
Your computer says hello to another computer, which says hello back.
After this ‘handshake’ takes place, your computers can start talking to each other, confirming that a message was received every time one is sent.
HTTP – what makes websites work
Making use of TCP/IP to talk to other computers, HTTP facilitates how websites are communicated over the Internet.
This is a special protocol called the HyperText Transfer Protocol, with the ‘hypertext’ being the code that constructs websites.
HTTP itself does not have much security built-in, with no encryption being used to secure communications.
What little security that does exist is built by the websites themselves in the form of login pages and other such functions.
HTTPS – what secures your data
HTTPS is HTTP-Secure, which has encryption built-in as a foundation for its use.
Without HTTPS, anything you send over the Internet can be read and inspected by anyone able to see it.
With HTTPS, only the receiving server can read your communications; anyone else just sees a garbled mess of encrypted data.
HTTPS works by making use of encryption schemes known as SSL/TLS, which facilitate this secure communication.
Your unencrypted data is wrapped up in a nice little encrypted package and sent to the server, which then decrypts it to use the data.
At its core, though, it is dependent on HTTPS; remove HTTP and HTTPS no longer works.
How to know when your data is being sent securely
Fortunately, modern browsers warn you when your data is being sent in an insecure or unsafe manner, though this still leaves the sending of it up to you.
Web browsers indicate whether or not your data is being sent to a website securely – next to the URL bar – where you type www.facebook.com, for example- you will see a green bar or padlock icon if your data is transmitted securely.
If the green icon is not there, you should re-think whether or not you want to send any data to the website, since it will not be secure.
Generally, though, if you are not logging in or sending any sensitive information to a website, it’s fine to visit and you haven’t got much to worry about.
When to worry
If you ever need to send sensitive information to a website, make sure that it’s being sent securely before doing so.
Sensitive information includes your usernames, passwords, and personal information like your name, id number, or social security number.
If you ever catch yourself feeling uncomfortable about sending such information to a website, double-check that it is being sent securely and that the website is trustworthy.
Data that is not sent securely will be readable by anyone between yourself and the server, which often includes over 10 different companies or servers.
What you can do about it
Use a Virtual Private Network (VPN)
VPNs add an extra layer of encryption between yourself and the Internet, securing your communications and giving you privacy.
They work by establishing an encrypted connection with a trusted server and then sending your data through that encrypted connection.
This means that any baddies listening to your communications will be greatly thwarted, since they will not be able to decrypt your data.
An additional benefit of a VPN is that it encrypts all of your data sent to the Internet, which includes data that is not sent to websites, such as Skype calls or online games.
There are fortunately steps you can take to greatly mitigate any of your data being sent insecurely.
Use a browser extension
The HTTPS Everywhere browser extension makes sure that your data is sent securely to most major websites by forcing secure communications with websites that support it.
The Smart HTTPS browser extension tries to use a secure version of a website if it exists, otherwise it will present you with the unsecure version of the website.
Without such an extension, your data may sometimes be sent in an insecure manner even though it is able to be se]nt securely.
Use The Onion Router (TOR)
TOR wraps your data like an onion, encrypting it with multiple layers of encryption before it is sent to the Internet via the TOR network.
Your data is sent through a ‘chain’ of servers in the TOR network, which is a predefined pathway to the Internet through the TOR network.
Each server your data is sent through within the chain is able to remove one layer of encryption, before it finally reaches the last server and is sent to the Internet.
Your data comes back to you in the same way, with your computer removing the last layer of encryption before you can view it.
Toward a more-secure future
Techniques of securing your data are ever-changing, and constantly being developed and improved.
As we move forward with the Internet, security is usually a core requirement of any new solutions created, which it was not before.
Your data’s security is important – and becoming even more important – which benefits both users and companies in forming a trusted and open Internet.