Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
What does the https lock mean to you
Old 08-14-2016, 08:36 PM   #1
Recycles dryer sheets
lemming's Avatar
 
Join Date: May 2008
Posts: 392
What does the https lock mean to you

I'm complaining about Turbotax "help" Q&A . When Turbotax is closed or you do not choose the phone connection you are routed to their answer exchange website. It is an open internet forum; anyone can read and if you register you can post answers or questions.
That format doesn't seem like the criteria for secure to me.
and it is the worst type of information that you don't want out on the net.
__________________

__________________
lemming is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-14-2016, 08:43 PM   #2
Full time employment: Posting here.
 
Join Date: Jul 2002
Posts: 903
Quote:
Originally Posted by lemming View Post
.
and it is the worst type of information that you don't want out on the net.
Curious, why do you say that? Of course, one should never post personal information on that website.

The lock just indicates that you have end-to-end encryption being utilized.
__________________

__________________
RE2Boys is online now   Reply With Quote
Old 08-14-2016, 08:49 PM   #3
Recycles dryer sheets
nphx's Avatar
 
Join Date: May 2007
Posts: 280
Yes - the data traffic from your browser to the server is encrypted for the transactions. Hackers have a tough time reading your data between point a and b.
__________________
nphx is offline   Reply With Quote
Old 08-14-2016, 08:55 PM   #4
Thinks s/he gets paid by the post
 
Join Date: Apr 2013
Posts: 4,839
Here's a link to the RFC for https, in case you are bored.

https://www.w3.org/Protocols/rfc2616/rfc2616.txt
__________________
MRG is offline   Reply With Quote
Old 08-14-2016, 08:59 PM   #5
Full time employment: Posting here.
 
Join Date: Jul 2002
Posts: 903
Isn't it defined in RFC 2660?

https://tools.ietf.org/html/rfc2660
__________________
RE2Boys is online now   Reply With Quote
Old 08-14-2016, 09:03 PM   #6
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 2,073
Use of https is puzzling. For financial and similar private info, https of course, but for public content it merely adds more overhead and reduces compatibility with various software.
__________________
GrayHare is offline   Reply With Quote
Old 08-14-2016, 09:06 PM   #7
Thinks s/he gets paid by the post
 
Join Date: Apr 2013
Posts: 4,839
Quote:
Originally Posted by RE2Boys View Post
Isn't it defined in RFC 2660?

https://tools.ietf.org/html/rfc2660
Those things replace each other. Looks like 2660 is a later version. That's the fun, digest one to find a newer version. I understand the one quicker.
__________________
MRG is offline   Reply With Quote
Old 08-14-2016, 09:25 PM   #8
Thinks s/he gets paid by the post
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Citizen of Texas
Posts: 2,126
People often say HTTPS means a secure web site. That's not correct. A web site can be very insecure (or not) and still use HTTPS.

As others have already said correctly, it just means secure (well really just encrypted) communications over a network (like the Internet) typically between a client (your PC's web browser) and a host server.

Once on a server, HTTPS has nothing to do with the security of the information on that server.
__________________
Car-Guy is offline   Reply With Quote
Old 08-14-2016, 09:40 PM   #9
Recycles dryer sheets
lemming's Avatar
 
Join Date: May 2008
Posts: 392
That's their explanation too. sigh
__________________
lemming is offline   Reply With Quote
Old 08-15-2016, 05:58 AM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,369
Can't see a reason to encrypt postings on their way to a public forum intended for anyone to see.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 08-15-2016, 06:31 AM   #11
Full time employment: Posting here.
 
Join Date: Jul 2002
Posts: 903
Quote:
Originally Posted by donheff View Post
Can't see a reason to encrypt postings on their way to a public forum intended for anyone to see.
Seems to be becoming more common, especially to site that have a log-in capability or can identify the user and pulls user specific info.

Even my news.google.com uses the https service.
__________________
RE2Boys is online now   Reply With Quote
Old 08-15-2016, 07:05 AM   #12
Thinks s/he gets paid by the post
mpeirce's Avatar
 
Join Date: Feb 2012
Location: Columbus area
Posts: 1,443
It's getting more common for a number of reasons. Two big ones are: letsencrypt.org offers free certs to allow anyone to offer an encrypted server for free; google.com is penalizing sites in their ranking if they are not encrypted.

One of the most compelling reasons to use https for even non critical sites is that it prevents ISP and "others" from inserting html into a web page. I was very annoyed the first time I encountered an ISP inserting a "message" or and ad into web pages I was viewing.

Finally, the overhead for https isn't noticeable on modern computers and servers.

Within a couple of years I expect most browsers will switch from simply showing a lock for encrypted sites to assuming that a site should be encrypted and warning users when they encounter an unencrypted site. Expect Chrome to blaze this trail.

I added https to a couple of sites I maintain using letsencrypt.org and it was simple and painless. Even for wordpress based sites.

Here's Googles page explaining their take on it:

Why you should always use HTTPS
__________________
mpeirce is offline   Reply With Quote
Old 08-15-2016, 07:08 AM   #13
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,137
Maybe it discourages man-in-the-loop prankstering.
__________________
Tadpole is offline   Reply With Quote
Old 08-15-2016, 07:25 AM   #14
Thinks s/he gets paid by the post
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Citizen of Texas
Posts: 2,126
HTTPS, as I remember it in the early days, was originally intended to address issues such as network eavesdropping and man-in the-middle attacks/threats.
__________________
Car-Guy is offline   Reply With Quote
Old 08-15-2016, 07:39 AM   #15
Thinks s/he gets paid by the post
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Citizen of Texas
Posts: 2,126
Quote:
Originally Posted by donheff View Post
Can't see a reason to encrypt postings on their way to a public forum intended for anyone to see.
Here's one for an example. Depends, if you have an account on that site. You probably don't want your logon ID, PW credentials passed in the clear. That transmission could be intercepted/read and used to log back on to that site by someone masquerading as you and adding, deleting or editing post under your name. Would you care if someone posted "stuff" on this site under your user ID? Okay, maybe it doesn't matter to much on this site but I still would rather not have someone masquerade as me here. Also, some sites have public and private areas that can be accessed with the same ID and PW that might have info in the private areas that you would not want available to just anyone.
__________________

__________________
Car-Guy is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
https site Brat Other topics 13 02-26-2016 04:10 AM
Pfau: https://www.onefpa.org/journal/Pages/OCT15-Making-Sense-Out-of-Variable-Spendin walkinwood FIRE and Money 62 10-17-2015 02:53 PM
Looking for a computer lock...but not like you think. A PHYSICAL lock for a desktop thefed Other topics 4 10-02-2012 09:31 AM
https: (+ padlock) kaneohe Other topics 3 07-21-2011 11:28 AM
Why you chose your computer i.d. & what does it mean? Orchidflower Other topics 37 12-10-2007 01:39 PM

 

 
All times are GMT -6. The time now is 04:57 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.