Good Tech Habits and Quality of life

Quiz Yourself and HTTPS Revisited

Assessing your digital health with a quiz and HTTPS revisited

Something that I thought might be interesting to try would be a quiz. But, before I give you the link to a web site that has a quick and easy approach for assessing your "digital health" I wanted to answer a question someone asked me lately that I think is important to remember. Her question was:

How would I know whether a web site is malicious or not and if it starts with "https://" does that mean it is safe?

A site beginning with "https://" (as opposed to http://) doesn't really mean that it is a safe site, although it is one step towards providing an indication it is a "safe" site. What HTTPS:// does and is good at is encrypting the transmission of data that goes back and forth between your device and a web site.

When you type https://www.somesite.ca you are actually using a digital certificate. Digital certificates are available from web sites like "Let's Encrypt" (https://letsencrypt.org/).

Let's Encrypt provides "digital certificates" in an automated way. If you can prove "ownership" by changing files and folders on a web server, Let's Encrypt assumes that you are who you say you are and based on that, a "digital certificate" is granted using an automated procedure. I'm pretty sure that Let's Encrypt is not the only one doing it this way and NO they are not evil.

But, taken by itself, there is no indication that an "https://..." site is good or bad. Anyone can set up a web site and get a "digital certificate" for it. If whoever manages the web server can prove that they can modify a web site's files and folders, that is good enough to prove to Let's Encrypt that that person own's the site and can "ask" for a digital certifiate.

Ownership is not based on any background check of a person's identity and the process of getting a digital certificate isn't really traceable when used maliciously. The reason why it helps with security is that it encrypts the conversation between your computer device and a bank so that other's who are listening to traffic flowing through the Internet can not eavesdrop to get your passwords, account numbers etc.

That is why you still have to be vigilant. https://bankofcanada.ca amd https://bankofcanda.ca are very similar but one is an example of a malicious site and one isn't. One is a malicious site that also happens to encrypt the communication between your device and the web server in question using a "digital certificate".

So if you notice something that doesn't look right you need to stop and check it out. You can copy and paste the link you aren't sure about into this web site:

  • SCANURL

    • But you still might have to check it out even more - especially when your finances are involved. The best information about a web site comes from a person you trust - so ask them for the name of the https:// link in full!

    And if someone communicates with you that you don't know, hang up and find the right person yourself, especially if they are pressuring you in any way.

    Here is the quiz you can take for fun - so you have another place to go to improve your digital health. Click on the "How safe are you? Do our tests" at this link:

  • SAFEONWEB

    • And if you have questions about topics related to this web site send me an e-mail - it's at the bottom of each web page. I'll try to include your questions in upcoming additions.