Does SSL Mean Safe Browsing?

Published on 8 Apr 2019 - Design & development - 10 minute read

What is SSL?

 

So a lot of people are confused by SSL certificates, and rightly so because they sure are confusing when you first hear of them.

SSL stands for Secure Sockets Layer and essentially it is a piece of technology that keeps an internet connection secure and safeguards any sensitive data that is being sent between two systems. This means that by using an SSL certificate, the website host cannot read or modify any information that they are receiving.

This is great news for you, the user, but how do you know if the website you are using has one installed and what happens if you go on a website that doesn’t have one?

 

How do I know the site I’m Using has SSL?

 

You are able to tell if the website you are using has an SSL certificate installed because if you look at the URL in google, you should be able to see if there is a ‘padlock’ icon that is locked or unlocked. If it is locked and has ‘https://’, it means that the website that you are using does have a valid SSL certificate. You can see more about the certificate and the cookies that the page is running by clicking on the padlock.

 

 

What if it Doesn’t Have SSL?

 

So what about if the site that you are using doesn’t have one? Don’t worry. A lot of the time if you are just visiting* (*meaning no personal details are being entered) a website that doesn’t have a secure connection, you will be perfectly fine. On the other hand, if the site is asking for personal details and even worse, credit card information, take this as a red flag and don’t use it… just in case. I mean, it’s better to be safe than sorry, right?

 

So I can Trust a Site That has SSL?

 

NO… the most important thing is that you can never still fully trust a website because it is using SSL. I generally see a lot of people (on FaceBook especially) who comment ‘Am I safe to use [generic website brand]?’ and people will reply with ‘Yes because it has the padlock at the top!’. 🤦 Please don’t follow this advice. Technically YES, you can be sure that you’re connecting to the genuine site, that no one is reading any communications and that no one is tampering with them but that’s it. Whilst that might sound like enough, I can assure you it is not.

First of all, anyone can get a certificate. In short, you can apply to get a certificate, your application is sent to the CA and then the CA will prove your ownership of the domain and then that’s all there is to it. I found a good example on Scott Helme’s website of why this doesn’t necessarily mean your safe even if you are using an SSL protected website:

‘let’s say I purchased the domain nastyhackers.com and set up a website. The sole purpose of this site is to trick people into signing up so I can steal their details. I approach the CA, who verifies my ownership of the domain and then issues my certificate. Now, nastyhackers.com is up and running with https, so this site is secure, right? Wrong! All we can say is that our communications with the site are secure. This website is most definitely not a secure site because they’re stealing all of our personal data behind the scenes.’

And Scott’s example doesn’t even go into the fact that you could order something from said website and not even receive your items, therefore losing your money as the website could be shut down afterwards.

So there you have it. SSL doesn’t always mean trustworthy.

BACK