Skip to content

encrypt

Every time you visit a website, information is flowing between your device and a server out there somewhere. In the early days of the internet, most all that information was transmitted "in the clear," also known as "cleartext," meaning unencrypted. Cleartext, if intercepted, can be easily read. That means a third party could monitor the content you're accessing. That's kind of like someone knowing what books you've checked out of the library, and even what chapters you've specifically looked at. Creepy! Ain't nobody's business but your own. If that doesn't concern you, consider what happens when the data transmitted includes sensitive information like usernames and passwords.

That's why, in recent years, we've seen more and more sites serving content over a secure connection. The mechanics of these transactions are quite fascinating, but the important point is that the information flowing between you and the server is encrypted. If it's intercepted, it's going to be difficult for that mysterious third party to figure out exactly what content was being transmitted. In short, encrypted sites are much more secure.

Encryption is so easy and so valuable, in fact, that it's becoming the rule rather than the exception. Google (the most popular search engine) gives preference in its search results to sites that serve their content securely. Chrome (the most popular web browser) flags insecure sites. The web is in transition. Truly pervasive encryption is not here yet, but it looks like the way of the future.

CAT+FD got with the program last year. With some help from our friends in ITC, we started encrypting all content from cat.xula.edu. You probably never noticed, but that makes our site a little more secure than it was.

So how do you tell? How can the average user distinguish a site that's encrypted from one that isn't? ...continue reading "Just Encryption Part 1: Web Basics"

In honor of National Cyber Security Awareness Month, I'm launching a series of posts on the subject of encryption in service of social justice.

Detail from "Encryption Made Easy" (Bart Everson, 2016)

 

I've long been fascinated with encryption. As a kid, I thought codes were cool. As an adult, I see the value encryption offers for keeping my personal data secure.

But what, if anything, does encryption have to do with social justice?

Plenty.

I got my first inkling in 2016, just after the election of Donald Trump to the highest office in the land. Under the prior administration, the apparatus of the surveillance state was developed to levels previously unimaginable. Obama handed that system to Trump.

Of course, if you're not concerned about our own government spying on us, perhaps you're concerned about foreign powers. There's no denying that international cyberwarfare is real. There are also hackers and straight-up cyber criminals. Not to mention those big corporations.

Whoever's doing the snooping, the harm is felt disproportionately by marginalized communities — as is typically the case when power relations are manifestly unequal.

Rights must be understood and exercised in order to afford us any protection. That holds as true for privacy rights in the digital realm as it did in the analog era of the civil rights movement.

Furthermore, scholars have a special interest in freedom of inquiry, germaine to all those working in the field of education. Educating on these issues is aligned with Xavier's mission, and it's vitally important that our faculty and staff understand what's at stake.

As noted in a recent United Nations report, encryption is emerging as a keystone for human rights in the 21st century:

Encryption and anonymity, today's leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to freedom of opinion and expression.

Encryption is simply the practice of putting your data into a secret code so other people can't read it. It's an important tool for maintaining privacy and security online. Before the 2016 election, writing for TechCrunch, Steven Renderos and Mark Tseng Putterman observed that "for activists and people of color, strong encryption is essential."

In the days and weeks ahead, I'll be publishing a series of simple tips to help you get started using encryption more frequently. I'm far from expert myself, so I'll be learning as I go. If you have any questions or suggestions, don't hesitate to let me know.

Next up: Using Signal for secure text messaging.

1

encrypt

We have been taking steps to make the CAT+FD site more secure. Most recently, we started serving all our content over a secure connection. From this point on, anytime you're visiting our site (including this blog) you may see "https://" at the beginning of the web address in your browser's location field. You may even see a little padlock symbol.

This varies from browser to browser, but here's how it looks on Chrome:

Secure connection (Chrome)

This means that all the content that flows back and forth between your browser and our site is encrypted, encoded, making it harder for anyone else to snoop.

Of course (unless you're CAT+FD staff) you probably aren't exchanging any sensitive data with our site. Still, it's a good idea, with increasing concern in recent years over civil liberties in an age of ubiquitous surveillance.

It might also be the wave of the future. More and more sites are supporting encryption. Google already favors secure sites in its search results.

Some browsers make it easy for you to examine a site's digital certificate. Here's how that looks in Safari:

Certificate in Safari

This shows you that we are who we claim to be. DigiCert is a third party that verifies Xavier's identity.

Sounds pretty good, right? In fact, you may wonder why all your web transactions aren't secure. Well, it's the same reason why we don't all engage in good password behavior. We know it's good in theory, but in practice we defer and delay. Some sites you visit undoubtedly do support secure transactions — but only if you ask for it. You can encrypt as much as possible by using a browser extension like the Electronic Frontier Foundations's HTTPS Everywhere, available for Chrome, Firefox, Opera and Android.

Thanks to ITC for helping us to implement HTTPS.