User Guides Protecting Your Identity Online - A Basic Guide.

puns published a new article:

We on TE consider ourselves technologically sound people, there is a lot of murky areas surrounds one's identity when it comes to being online. Who is watching or reading what...

Read more about this article...
 
Last edited by a moderator:
Great guide :D

How is using https on a non-http website more secure if you are not submitting any personal information or credit card information.
 
Great guide :D

How is using https on a non-http website more secure if you are not submitting any personal information or credit card information.

With https, its not just about sending personal or payment information. https does provide some level of security in case someone tries to monitor your activity, hack you or your accounts online through rogue certificates. Social networking sites offer https but its off by default in most cases.

For eg: you download a file from a http site . a middle man attack is when an agency or a user introduces a script or certificate for this download and monitors your further activity. so its relevant even for general surfing.
 
Well in that case I can look at implementing a SSL certificate on TE in spare time.
 
Last edited:
How is using https on a non-http website more secure if you are not submitting any personal information or credit card information.
when we open a site using https protocol, before anything happens there would be a TLS handshake where the server and client exchange crypto keys. after this handshake every thing that goes between the browser and site is encrypted using those crypto keys.

Now coming to the ssl sertificate; the sole purpose of ssl certificate is to identify the other guy. in this case the user wants to ensure that when he types https://www.techenclave.com he is getting his requests served from te and not a man in the middle. thats why the site requires ssl certificate issued by a third party who is a CA (certificate authority) like verisign. Verisign certifies that webisite at www.techenclave.com is actually te and not a man in the middle. setting up https should be very easy, just buy a server cert and then place it in the server, change a line in httpd.conf and restart httpd. thats all.

in the TLS handshake you can even configure the server to challenge the client certificate to ensure that even the user is genuine and not some man in the middle.
 
Isn't it true that when people try to protect their identity online or prefer privacy, then they are on NSA's watchlist on the assumption that people who wants to protect their privacy online are suspicious and possible terrorists? like those who download/use Tor browser or use any kind of privacy protection softwares, methods etc...
 
setting up https should be very easy, just buy a server cert and then place it in the server, change a line in httpd.conf and restart httpd. thats all.
Primarily what I want to look at is the configuration for search engines so that the transition is smooth as I vaguely remember reading somewhere that they treat http and https as different. Besides that if there are any other issues that I might run into while using the add-on features of the forum. That's why I mentioned that I need to have spare time on a weekend. :p
 
Isn't it true that when people try to protect their identity online or prefer privacy, then they are on NSA's watchlist on the assumption that people who wants to protect their privacy online are suspicious and possible terrorists? like those who download/use Tor browser or use any kind of privacy protection softwares, methods etc...
how can a person be identified if he chooses to protect his/her identity? :p
 
Isn't it true that when people try to protect their identity online or prefer privacy, then they are on NSA's watchlist on the assumption that people who wants to protect their privacy online are suspicious and possible terrorists? like those who download/use Tor browser or use any kind of privacy protection softwares, methods etc...

The advantage of being in India is we are not under direct purview of NSA or agencies unless you are doing activities which demand monitoring.
They dont have the resources or time to watch everyone.

Protecting online identity is like a precaution than cure to protect you from any harm not only online but in real world scenario.
 
I believe that the more you try to protect your identity the more you would be prone by organizations like NSA that would require a probe into your life online as to why you want to protect it in the first place.

Privacy itself is a very big grey area, you cannot be 100% certain your privacy is protected unless you are completely off-grid from internet, no amount of softwares will help you be completely off grid. Going to great lengths to secure your self will only result in others starting to get interested in why you would want to do it in the first place.

To me privacy is not a major concern, I take hackers & viruses / spyware / malware more seriously protecting my privacy as they can do more harm to you computer / data than by tracking what websites i visit to give me personalized ads.

I have been using my username every since i started on the internet & Google Chrome since forever & you can search my username on google and see most of it, my twitter / facebook page etc. but how does that put my privacy at risk is something i cannot understand.

Everyone visits porn sites, shops online for things and visit frequent websites, these details can be easily obtained from the websites if you protect your computer against it.
 
^yup that has been known for a while now. Its not for someone to track its for you to track your location. unless you have the other persons google login info you cannot track that. Google only has the data and yeah it can use it the way it wants cause you sign the terms & conditions & Privacy policy when you start using the android device.
 
Back
Top