When you sit at your computer, idly surfing the web have you ever considered how secure that information is? I mean do you imagine that everything’s completely private and no-one knows what you do online? Most people, probably expect something in between – mostly private but perhaps the feds could find something out with a search warrant. The problem is that you almost certainly have much less privacy than you imagined, in part because the primary protocol of the internet is extremely insecure.
And so how does the best part of your digital communication get moved around the web? Well the vast majority employs something described as HTTP which you have already almost unquestionably heard of. HTTP is actually the transport used by your web requests and is actually an exceptionally simple protocol used to deliver HTML web pages. It’s not exactly what you could call secure but is primarily designed for lightness and speed – you can read about it in more depth in the RFC available on the internet.
Amongst the primary issues in trying too help keep our information and identity secure using HTTP is the simple complication that it is actually predominantly an ASCII derived protocol which works in clear text. There are some methods to help this, indeed many people now use VPN services as a matter of course. These can encrypt all the data you send and receive, although many people simply use VPNs to watch UK TV online in Spain.
It is actually almost exceptionally simple and fast and only operates at a quite basic level of demand and respond. HTTP is a mechanism, a way to request a resource from a web server (GET request) and a response will be delivered and the information when possible.
Listed here’s an example of such a request
GET/ index.htm HTTP/1.0.
Certainly not precisely challenging stuff and the disturbing fact is there’s no cryptic language to understand and absolutely no need to decipher most of the information that passes to and from your world wide web browser and the web server.
Among the most revealing things you can do in order to show how insecure the HTTP protocol is for providing and obtaining data is to connect up to a wi-fi cafe, hotel access point and then fire up a free sniffer program similar to wireshark (despite the fact that I still use ethereal!) and look at the data that is actually circulating in the clear.
Same goes for wireless connections – I still just can’t quite look at some of my neighbours in the same way the moment I observed some of the websites he goes to flying passed my sniffer.
There certainly are loads of reasons why HTTP is such an insecure protocol such as it operating over the same popular TCP ports but we should also remember how staggeringly efficient and efficient it is as a delivery mechanism. It certainly done a damn fine job sharing information over the internet but potentially in some cases a little too good!
Further Reading: Residential Proxies