{"id":12900,"date":"2018-10-29T12:19:42","date_gmt":"2018-10-29T17:19:42","guid":{"rendered":"http:\/\/cat.xula.edu\/food\/?p=12900"},"modified":"2018-10-29T12:22:37","modified_gmt":"2018-10-29T17:22:37","slug":"just-encryption-part-1-web-basics","status":"publish","type":"post","link":"https:\/\/cat.xula.edu\/food\/just-encryption-part-1-web-basics\/","title":{"rendered":"Just Encryption Part 1: Web Basics"},"content":{"rendered":"

\"encrypt\"<\/a><\/p>\n

Every time you visit a website, information is flowing between your device and a server out there somewhere. In the early days of the internet, most all that information was transmitted \"in the clear,\" also known as \"cleartext,\" meaning unencrypted. Cleartext, if intercepted, can be easily read. That means a third party could monitor the content you're accessing. That's kind of like someone knowing what books you've checked out of the library, and even what chapters you've specifically looked at. Creepy! Ain't nobody's business but your own. If that doesn't concern you, consider what happens when the data transmitted includes sensitive information like usernames and passwords.<\/p>\n

That's why, in recent years, we've seen more and more sites\u00a0serving content over a secure connection. The mechanics of these transactions are quite fascinating, but the important point is that the information flowing between you and the server is encrypted. If it's intercepted, it's going to be difficult for that mysterious third party to figure out exactly what content was being transmitted. In short, encrypted sites are much more secure<\/em>.<\/p>\n

Encryption is so easy and so valuable, in fact, that it's becoming the rule rather than the exception. Google (the most popular search engine) gives preference in its search results to sites that serve their content securely. Chrome (the most popular web browser) flags insecure sites. The web is in transition. Truly pervasive encryption is not here yet, but it looks like the way of the future.<\/p>\n

CAT+FD got with the program last year<\/a>. With some help from our friends in ITC, we started encrypting all content from cat.xula.edu<\/a>. You probably never noticed, but that makes our site a little more secure than it was.<\/p>\n

So how do you tell? How can the average user distinguish a site that's encrypted from one that isn't?<\/p>\n

All About That S<\/strong><\/p>\n

Some of us are old enough to remember when we used to sound out every syllable of a web address, even those first few characters: H T T P colon slash slash<\/strong>. If you doubt that, I have historical evidence. Give a listen to this radio broadcast from 1995.<\/p>\nhttp:\/\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/KSDFM.mp3<\/a><\/audio>\n

Sounds silly now, doesn't it? We gloss over the HTTP these days. It still shows up as part of a fully-formed web address, but for the most part it's simply implied these days, even taken for granted.<\/p>\n

What those letters represent, however, is still there, still functioning: HTTP stands for HyperText Transfer Protocol<\/strong>, and it's the very mechanism by which most web data is transmitted.<\/p>\n

There's another flavor of HTTP, an extension of the original protocol, adding one letter at the end: HTTPS<\/strong>, which stands for\u00a0Hypertext Transfer Protocol Secure<\/strong>. As the name implies, it's an encrypted<\/em> protocol. It's been around since the early days, though not formally specified until 2000, and it's gaining ground rapidly in recent years.<\/p>\n

At first HTTPS was considered essential mainly for commerce. You don't want to use your credit card to buy anything online unless you are assured of some basic level of security. Eventually it became obvious that you need security anytime you are transmitting a username and password. And today, it's becoming the expectation for all websites of any stature. Most of the web traffic on today's internet flows via HTTPS rather than HTTP.<\/p>\n

In other words, that little S should be telling you something: namely, that the data flowing to (and from) your browser is encrypted, relatively safe from prying eyes. It's become mighty important, that little S.<\/span><\/p>\n

Ironically, it's gotten harder to even see the S.<\/p>\n

That's because, in this day and age, a lot of web browsers don't show you the protocol information anymore, for reasons mentioned above. Here is how a web address using HTTP is displayed in three popular browsers:<\/p>\n

\"\"<\/p>\n

And here's how that\u00a0same web address looks when using HTTPS:<\/p>\n

\"\"<\/p>\n

The browsers used in this example are, from top to bottom: Firefox, Safari, and Chrome (all on Mac OS).<\/span><\/p>\n

Note the differences. Note especially that little padlock icon. That seems to be the only reliable visual indicator that you're in secure mode. In these examples, only Chrome draws attention to an insecure connection.<\/p>\n

Despite what I said earlier, maybe it's not really all about that S. Maybe it's all about that padlock. Keep your eye out for it. Notice when it's there \u2014 and when it's not.<\/p>\n

Lock It Down<\/strong><\/p>\n

You may wonder why all<\/em> your web transactions aren't secure. That comes down to the host, the entity behind the web content you're accessing. The nature of the internet is such that almost anyone can set up a website, from national governments and mega-corporations to grassroots organizations and lone individuals. If your uncle's personal website isn't set up for secure transactions, maybe that's because Uncle Fred doesn't have the technical wherewithal to make it happen.<\/p>\n

However, it's safe to say that any institution with even modest resources will be supporting HTTPS now or in the immediate future, if they care at all about their reputation.<\/p>\n

Some\u00a0sites you visit probably support both HTTP and HTTPS.\u00a0You may not get the latter unless you ask for it. You can encrypt as much as possible by using a\u00a0browser extension like the Electronic Frontier Foundation's HTTPS Everywhere<\/a>, available for Chrome, Firefox, Opera and Android.<\/p>\n

I've been using HTTPS Everywhere for the last year or so. I'm using it right now. It's a lightweight extension that runs seamlessly in the background, performing a basic function. When you follow a link that specifies an insecure (HTTP) connection, it just checks quickly to see if the site supports secure (HTTPS) connections. If so, it routes you to the encrypted connection accordingly, no muss, no fuss.<\/p>\n

Final Caveats<\/strong><\/p>\n

Just because you have an encrypted connection doesn't mean everything is safe and secure. You could be using HTTPS to access a site run by bad guys. You could still be subject to phishing schemes, exposed to malware, or generally degraded by prurient content. However, those same dangers exist (even more flagrantly) with plain old unencrypted HTTP. Simply put, encryption doesn't fix everything, but it's an improvement that we should all expect and demand.<\/p>\n

It's also important to understand that the encrypted transaction is between your browser and the server you're accessing. To route you to that server in the first place, you generally request a domain name through your internet service provider.\u00a0The content you're accessing from the site may be encrypted, but the specific domains you're visiting are likely still visible to your internet provider (and thus potentially other third parties, including bad actors). This is a significant security hole, as the domains one visits can be quite revealing. Recent studies have shown a surprising amount of information can be inferred about a person's behavior, even when all web traffic is encrypted.<\/p>\n

There are ways to patch this gap, but that's a subject for another installment of \"Just Encryption.\"<\/p>\n","protected":false},"excerpt":{"rendered":"

Every time you visit a website, information is flowing between your device and a server out there somewhere. In the early days of the internet, most all that information was transmitted \"in the clear,\" also known as \"cleartext,\" meaning unencrypted. Cleartext, if intercepted, can be easily read. That means a third party could monitor the ...continue reading \"Just Encryption Part 1: Web Basics\"<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[399],"class_list":{"0":"post-12900","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"tag-encryption","8":"h-entry","9":"hentry","10":"h-as-article"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p82MQk-3m4","jetpack-related-posts":[{"id":12744,"url":"https:\/\/cat.xula.edu\/food\/just-encryption\/","url_meta":{"origin":12900,"position":0},"title":"Just Encryption: Introduction","author":"Bart Everson","date":"October 8, 2018","format":false,"excerpt":"In honor of National Cyber Security Awareness Month, I'm launching a series of posts on the subject of encryption in service of social justice. \u00a0 I've long been fascinated with encryption. As a kid, I thought codes were cool. As an adult, I see the value encryption offers for keeping\u2026","rel":"","context":"In "Security & Encryption"","block_context":{"text":"Security & Encryption","link":"https:\/\/cat.xula.edu\/food\/topic\/tech-tips-a-la-carte\/security-encryption\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":12867,"url":"https:\/\/cat.xula.edu\/food\/encrypt-sms\/","url_meta":{"origin":12900,"position":1},"title":"Just Encryption Part 2: Text Messages","author":"Bart Everson","date":"January 17, 2019","format":false,"excerpt":"Are you encrypting your texts? You should be \u2014 now more than ever. Before the 2016 election, writing for TechCrunch, Steven Renderos and Mark Tseng Putterman observed that \"for activists and people of color, strong encryption is essential.\" Here in New Orleans, in the interim between the election and the\u2026","rel":"","context":"In "Security & Encryption"","block_context":{"text":"Security & Encryption","link":"https:\/\/cat.xula.edu\/food\/topic\/tech-tips-a-la-carte\/security-encryption\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2018\/10\/cyber-security-3400657.jpg?fit=1200%2C408&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":17669,"url":"https:\/\/cat.xula.edu\/food\/lets-go-crypto\/","url_meta":{"origin":12900,"position":2},"title":"Let’s Go Crypto?","author":"Bart Everson","date":"October 29, 2021","format":false,"excerpt":"Photo by Thought Catalog on Pexels.com The XULA Entrepreneurship Institute is interested in gauging the Xavier communities' attitude and general knowledge regarding cryptocurrencies and blockchain technology. Please take a moment to fill out their survey and they will be sending you some crypto of your own! Three easy steps to\u2026","rel":"","context":"In "Security & Encryption"","block_context":{"text":"Security & Encryption","link":"https:\/\/cat.xula.edu\/food\/topic\/tech-tips-a-la-carte\/security-encryption\/"},"img":{"alt_text":"woman holding two coins","src":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2021\/10\/pexels-photo-2228570.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2021\/10\/pexels-photo-2228570.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2021\/10\/pexels-photo-2228570.jpeg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2021\/10\/pexels-photo-2228570.jpeg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2021\/10\/pexels-photo-2228570.jpeg?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2021\/10\/pexels-photo-2228570.jpeg?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":10668,"url":"https:\/\/cat.xula.edu\/food\/encrypted\/","url_meta":{"origin":12900,"position":3},"title":"We’re Encrypted","author":"Bart Everson","date":"March 27, 2017","format":false,"excerpt":"We have been taking steps to make the CAT+FD site more secure. Most recently, we started\u00a0serving all our content over a secure connection. From this point on, anytime you're visiting our site (including this blog) you may see \"https:\/\/\" at the beginning of the web address in your browser's location\u2026","rel":"","context":"In "General Housekeeping"","block_context":{"text":"General Housekeeping","link":"https:\/\/cat.xula.edu\/food\/topic\/housekeeping\/"},"img":{"alt_text":"encrypt","src":"https:\/\/i0.wp.com\/c1.staticflickr.com\/4\/3890\/14392669095_066b2c9f96.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":8092,"url":"https:\/\/cat.xula.edu\/food\/why-hello-firefox-hello\/","url_meta":{"origin":12900,"position":4},"title":"Why Hello, Firefox Hello!","author":"Karen Nichols","date":"September 3, 2015","format":false,"excerpt":"by Karen Nichols A few interested instructors and I are experimenting with various video conferencing apps and software now like Google + Hangouts, Microsoft Skype, Apple Facetime and the fairly new Firefox Hello.\u00a0 Firefox Hello has a very useful feature right off the bat.\u00a0 It doesn't require you to install\u2026","rel":"","context":"In \"Distance Education\"","block_context":{"text":"Distance Education","link":"https:\/\/cat.xula.edu\/food\/tag\/distance-education\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10619,"url":"https:\/\/cat.xula.edu\/food\/make-teaching-online-less-stressful\/","url_meta":{"origin":12900,"position":5},"title":"Make Teaching Online Less Stressful","author":"Janice Florent","date":"February 22, 2017","format":false,"excerpt":"The demands of teaching an online course doesn\u2019t have to leave you feeling overwhelmed. In an eLearning Industry article, Dr. Liz Hardy suggested a few easy steps to help replace the feeling of constant pressure with a calmer, zen-like mindset that will make teaching online easier and more enjoyable. Dr.\u2026","rel":"","context":"In "CAT & Mouse: E-Learning"","block_context":{"text":"CAT & Mouse: E-Learning","link":"https:\/\/cat.xula.edu\/food\/topic\/online\/"},"img":{"alt_text":"zen stones","src":"https:\/\/i0.wp.com\/cat.xula.edu\/food\/wp-content\/uploads\/2017\/02\/stones-2043714_640.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/posts\/12900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/comments?post=12900"}],"version-history":[{"count":5,"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/posts\/12900\/revisions"}],"predecessor-version":[{"id":12951,"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/posts\/12900\/revisions\/12951"}],"wp:attachment":[{"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/media?parent=12900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/categories?post=12900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cat.xula.edu\/food\/wp-json\/wp\/v2\/tags?post=12900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}