THE SUPER “S”. Another way to protect your privacy online
When I was in 2nd grade, our teacher explained how to conjugate verbs in the present tense. For this, she created a character, The “Super S” Snake, who would add the letter “s” to the verbs of the 3rd person singular. We are used to conjugating verbs automatically, so I thought of two easy examples to illustrate the “Super S”: He likes SABF, or She goes to school everyday.
The “Super S” Snake looked something like this:
This anecdote would have remained unremembered by me if it hadn’t been for a new way of thinking about another “Super S”.
We made a little meeting with SABFers selected for the World Business Dialogue this past March 2012 in a shopping mall in Buenos Aires. As we were talking, we saw two guys sitting in the table next to us, using a program I had never seen before. Two of my friends are IT engineering students and they recognized the program they were using. They explained it’s called Wireshark and that the guys were using it for seeing the bits running through the web at that time, at that particular place. I was amazed, this was all completely new for me, but the most concerning part was how to refrain people like those guys from looking through my data in case I wanted, for example, to log in to Facebook.
“You need to add an S to the URL after the http, that way they can’t see what you’re writing” one of my friends added. “So that’s it, you just write “https” instead of “http” and your session is protected?”. As my friends nodded, I thought…There was the “Super S” again, rescuing us… from hackers.
HTTP – Hypertext Transfer Protocol -, in plain English, is a protocol that enables computers to talk to each other, in this case, about web pages. For those of you who are asking yourselves exactly what a protocol is in this context, the answer could be resumed in a set of rules that regulates the data transmission between computers. HTTP is not the only protocol used in the Internet, there is also for example SMTP for e-mails, and many more. Now, HTTPS (“S” standing for Secure) on another hand, is a mix between the HTTP protocol, plus another one called TLS. This protocol ensures and indicates that you enter a “secure session” whenever you use it.
Let’s say you enter you web browser from your PC and write http://www.facebook.com. Your browser is acting as a “user agent” , because its role is to be an intermediary between you and Facebook and asking the server to send him the information to enter Facebook. Now, when you write https://www.facebook.com what happens is that your browser initiates a secure session through the TLS protocol, and then follows the HTTP protocol normally.
I should note that probably the Facebook example is not the best one to quote here, because HTTP runs automatically anyway in many pages where you have to log in via writing your password. For example if you enter PayPal.com and you log in, or you upload your credit card numbers, you will note that the URL changes automatically from HTTP to HTTPS. But in those pages where you are entering data you would not want anybody else to see, you should always check that it is running on HTTPS, and if it is not, you should add that “Super S” that will make your session “secure”.
Last but not least, here are a couple more tips to surf “safely”:
- Using the* stealth mode* on your browser. This way, the data entered will not be saved. This is very useful whenever you use somebody else’s computer. Find out how to set it with the browser you use more frequently (for doing it with Chrome for example, you need to press Ctrl+Caps Lock+N and a new window will open with the stealth mode already activated.)
- Avoid connecting through public wi-fi networks, that don’t demand a password. They are less secure because the information that circulates through them is not encrypted, and therefore it is way easier for hackers to access your information. Connecting to public wi-fi networks versus the ones with passwords is like the difference between sending a secret letter to a friend in English, or in a special code that only you and the receiver know how to translate back to English.
- There are webpages like www.lastpass.com where you can save all the different passwords you use in the Internet, and then you can choose one that gives you access to the rest. That way you don’t need to remember all of them. If you want to read more about password apps, you can read this article.
You can’t say nobody ever told you! Add an “S” to the HTTP protocol in the URL of a page when you don’t want others to have an easy access to it- specially when entering important data such as your credit card number, your password for login in to accounts you have, etc. To delve more in this topic, you can also watch the following video
Special thanks to Esteban Ordano for guiding me through many of the concepts I included for this post, and Augusto Castellano for illustrating my anecdote.