{"id":10559,"date":"2022-03-12T11:00:36","date_gmt":"2022-03-12T11:00:36","guid":{"rendered":"http:\/\/TheNextWeb=1382368"},"modified":"2022-03-12T11:00:36","modified_gmt":"2022-03-12T11:00:36","slug":"what-does-the-connection-not-private-warning-really-mean","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=10559","title":{"rendered":"What does the \u2018Connection Not Private\u2019 warning really mean?"},"content":{"rendered":"\n

By: Eve Zelickson<\/p>\n

\"Originally

Chances are at some point in your internet travels you\u2019ve stumbled on a warning that reads something like \u201cYour connection is not private. Attackers might be trying to steal your information.\u201d The page usually gives you an option to proceed to the website anyway. But should you?<\/p>\n

Why did I get rerouted to this page?<\/h2>\n

Today, we conduct more activities online than ever before: paying bills, buying groceries, and interfacing with doctors, to name a few. With more of these websites requesting personal information, we rely on our web browser\u2019s security practices to ensure that our data stays safe.<\/p>\n

Each time you visit a website, your web browser (e.g., Chrome, Safari, or Firefox) first checks for the existence of one of two digital certificates: a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificate. These indicate two important things. First, they confirm the identity of the website, affirming that the website is who it says it is. Second, they verify that the information on the website\u2014and any data you share with it\u2014will be secure and encrypted. Encryption ensures that the information you share, whether it\u2019s a credit card number or home address, will not be intelligible if intercepted.<\/p>\n

You can tell if a website has a valid certificate by clicking on the small padlock to the left of the URL or by looking for \u201cHTTPS\u201d\u2014not \u201cHTTP\u201d\u2014at the front of the website link. The use of HTTPS indicates that the website uses a secure certificate to move information across the web.<\/p>\n

In 2014, Google announced<\/a> it would use the existence of a certificate as a quality factor in its search results, placing safer sites higher in those results. Then, in 2018, the company announced<\/a> that its Chrome browser would flag all websites without a properly configured certificate (either TLS or SSL) and display the \u201cConnection Not Private\u201d window to warn users. Other browsers have adopted similar measures<\/a>.<\/p>\n

As a result, when you browse the web, you may receive variations of this message when you try to visit some websites.<\/p>\n

Will my information really be stolen if I proceed to the website anyway?<\/h2>\n

Possibly. The Connection Not Private window could be triggered by a poorly configured certificate, one that\u2019s only recently expired, or one that\u2019s missing entirely.<\/p>\n

Visiting websites that don\u2019t have proper encryption can put you at risk for a number of cyberthreats.<\/p>\n

Your information could be intercepted as it travels across the internet in what security experts call a \u201cman-in-the-middle\u201d attack<\/a>. Bill Budington, a senior staff technologist at the Electronic Frontier Foundation (EFF), said this most often occurs when someone hijacks your Wi-Fi connection, tricking your device into thinking that the hacking software is the access point your device should be connecting with. This process gives the attacker access to your internet traffic and any data you provide to a website.<\/p>\n

\u201cWhether this means a nation-state tricking its citizens into thinking it is google.com or a hacker tricking a coffee-shop patron into divulging the domains the patron browses, the result is the same,\u201d said Budington. \u201cIt means a compromise of sensitive data that was never entrusted to that untrusted party, and the possibility of impersonating the target or retrieving a history of communications in the sites they\u2019ve visited.\u201d<\/p>\n

This is especially dangerous when visiting e-commerce websites, where customers routinely enter sensitive information like their address and credit card number. Once intercepted, this information can facilitate identity theft, which hit a record high in 2021<\/a>. One white hat hacker performed his own experiment<\/a> to see how easy it is to intercept unencrypted information online. While his software did not collect actual user information, it connected with 49 devices in a single afternoon at the mall.<\/p>\n

Visiting websites without encryption also leaves you vulnerable to ransomware attacks, which can occur when a user visits an infected website and malware is secretly downloaded to the person\u2019s device. The malware enables attackers to hold users\u2019 files hostage until they pay a ransom.<\/p>\n

Lastly, ignoring the warning and continuing to the site leaves you open to phishing attacks<\/a>, where attackers pose as a trusted website to lure users into sharing financial or other sensitive information. In this case, the Connection Not Private message is triggered because the certificate of the website isn\u2019t authentic. If a user types in their bank\u2019s URL and sees this message, something has gone awry because the bank\u2019s website would certainly have a working certificate.<\/p>\n

What should I do when I encounter a warning like this?<\/h2>\n

As a first step, security expert and Harvard faculty associate Bruce Schneier recommends making sure you are trying to connect to the correct URL. After that, Schneier says it usually comes down to a judgment call.<\/p>\n

For example, if you click on a link in an email from a sender you don\u2019t know and you get the alert, you shouldn\u2019t proceed. But if you correctly type in a well-known URL, you are likely fine to continue, he said, because it\u2019s probably \u201cjust an error.\u201d According to Schneier, there are many benign reasons that would trigger the alert, such as the recent expiration of a certificate or a mismatch between the typed URL and the name associated with the certificate.<\/p>\n

There are ways to figure out what triggered the warning. The message is often accompanied by an error code, which you can look up. For example, the error NET::ERR_CERT_COMMON_NAME_INVALID usually means that the name on the certificate does not match the URL entered.<\/p>\n

Another common reason the window will appear is if you are browsing by public internet in places like the library or an airport. Public Wi-Fi is more susceptible to man-in-the-middle attacks from people on your local network. It is therefore more important to use HTTPS when on public Wi-Fi, as this will help protect against attacks from people in your vicinity.<\/p>\n

If you want to make sure the error wasn\u2019t a fluke, you can try restarting your computer, clearing your cache, or moving to a private Wi-Fi connection to see if the error persists.<\/p>\n

Perhaps it does, but you\u2019re determined to visit the site anyway. If you\u2019re browsing on Chrome or Firefox, you can usually select \u201cAdvanced\u201d in the error window and then click the link to proceed to the website. Again, be careful about entering personal information\u2014from passwords to addresses\u2014as it won\u2019t be protected on these websites.<\/p>\n

And Schneier cautions that while a verified certificate confirms that a website is encrypted, it can still be malicious in other ways if the website owners have ill intentions.<\/p>\n

This article was originally published on The Markup<\/a> and was republished under the Creative Commons Attribution-NonCommercial-NoDerivatives<\/a> license.<\/a><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

By: Eve Zelickson Chances are at some point in your internet travels you\u2019ve stumbled on a warning that reads something like \u201cYour connection is not private. Attackers might be trying to steal…<\/p>\n","protected":false},"author":1,"featured_media":10560,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/10559"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10559"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/10559\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/10560"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10559"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10559"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}