Next time you spend time on the Global Legal Empowerment Network website, you will notice that the web address always starts with
https:// in your browser address bar. By using only HTTPS, we can provide you with the following three important security guarantees as you participate in community activities.
This is what it looks like:
And here are our security guarantees to you:
- Server Authentication. You can have some confidence that you are talking to our website, controlled and operated by the Global Legal Empowerment Network team at Namati.
- Data Confidentiality. Eavesdroppers can’t understand the content of the communications between our website and your web browser, because the data is encrypted.
- Data Integrity. Network attackers can’t damage or alter the content of the communications between your browser and our website, because tgey are validated with a cryptographic message authentication code.
HTTP on the other hand provides no such security guarantees. When using any web application or website hosted via HTTP, you have no way of knowing whether you are talking to the true application server, nor can you be sure attackers have not read or modified communications between your computer and the server.
It is worthwhile keeping an eye on the address bar when using any website, especially via public wifi. For more details on how this works, take a look at the following article and video.
If you have any questions or concerns at all about your online safety, don’t hesitate to let me know here. You can also send me a private message.
Want to learn more about online security? Security in a box by Tactical Tech Collective is an amazing, in depth resource tailored specifically for security conscious civil society organizations, and can be downloaded in a handful of languages.
The SURVIVAL IN THE DIGITAL AGE: ONO ROBOT animations, also by Tactical Tech, are accessible, short and charming, and available in a number of languages. Here’s a sampling:
The Electronic Frontier Foundation has published a succinct post on How to Deploy HTTPS Correctly that is useful reading for organizations seeking to secure their websites using HTTPS.
I also especially valued the following YouTube video by Google which goes into some detail explaining why the company advocates that all websites should use only HTTPS, illustrated by concrete examples.