In a previous article in this series, Defensive Browsing: Pardi's Three 'A's of Internet Safety, I briefly laid out three 'A's of online safety. In this article we'll look at the first of these, awareness, and talk about how being more aware can help you be more secure.
I must be honest. I'm a bit worried about the time when I have to train my kids how to drive. I'm not worried because I doubt my kids can learn to drive or because I think my kids are reckless and irresponsible. My biggest worry is centered on the fact that I've learned that good driving involves a lot of subtleties that are learned from doing. In other words, I know good driving involves a lot of habituated or intuitive behavior that comes from doing a lot of driving.
Have you ever thought about the fact that you actually get a "feel" for how big your car is? You may not know the actual length or even care. But you do know how big it is. That feel helps you know how wide or narrow to take your turns or how big of a parking space you can fit into. You also get a "feel" for the weight of your vehicle. You depend on this to help you know how long you'll need to make a stop at a variety of distances and in a variety of different weather conditions. You acquire a feel for your brakes and your power steering and the visual span of your mirrors. Driving really is just as much of an art as it is a science.
So how does one get from novice (or noobie in online parlance) to expert or, better for my purposes, virtuoso? How will my kids go from being wide-eyed, white-knuckled new drivers, to burger-chomping, finger-steering road warriors? How will online safety become second nature to you? Part of the answer to these questions is to learn to be aware. Awareness is the conscious portion of this road to virtuosity. Awareness is passing from ignorance or unconscious knowledge to conscious knowledge to habit and intuition. You need to know then what to be aware of before being aware can become second nature. Here are some example of things you should be aware of when using the internet. In future articles, we'll explore these examples a bit more closely and look at how the tools you use for browsing or reading email as well as anti-virus and anti-spyware tools can assist you.
Be Aware of Where You Are
When on the internet, you shouldn't always take what you see at face value. Hackers are getting very good at spoofing web sites in order to make you think you're one place when you're really at another (sometimes referred to as "phishing"). While most modern browsers have tools that will detect and warn you of phishing sites, being aware of your surroundings can keep you safe when the tools don't work.
All web sites are built off a domain name that forms the root of the address or URL (uniform resource locator). For example, "mywebsite.com" would be the domain that then typically, would be prefixed with a "www" (dub, dub, dub to insiders) which gets us the URL: www.mywebsite.com. The domain name is very important to the owner of the site and is protected by secure web systems such that it is very difficult if not impossible to spoof the domain. This means that if you're at Amazon's site, all the pages of the site will be under the domain name "amazon.com." Once on Amazon, you may be directed to a series of pages that may not be under that domain but as long as Amazon has not been compromised, the home page will always have the domain name at the root of the URL.
One way to protect yourself is to make sure the name you're reading in the content of the web site matches the domain name. For example, if you're on a page that appears to be Amazon.com--it has Amazon's logo and layout and everything on the page looks as if it is the Amazon site you're used to visiting--but the domain name is something like, "amazonsite.com," you're being fooled. You know this is not Amazon because Amazon's home page will always be (www.)amazon.com perhaps with some other pages or parameters after that.
Be Aware of Site Security
This awareness relates primarily to ecommerce or online purchasing. When buying things online, you can increase your safety by ensuring the site transmits your credit card data securely. Typically, when information is transmitted to and from a web server, it is transmitted unencrypted. This means that some hacker wishing to read the transmission (which itself is not appropriate without the express permission of both the sender and receiver) can grab the data stream and read the data fairly easily. A secure site encrypts the data transmission making it much more difficult for a hacker to read the data being sent or received.
You can tell whether a site is secure in two ways. First, many secure sites will use the "https" prefix in the URL of the page or site. Normally, data is transmitted by way of the normal hypertext transmission protocol (http) so a URL will look like this: http://www.brighthub.com. When the "s" is added to the end, this means that a special transmission protocol, a secure protocol, is being used and will generally increase the security of the data being transmitted. Another method sites use to secure transmissions is to use certificates. The details behind certificates is complex and beyond the scope of this article. But typically many of the larger sites will use certificates that are signed by a trusted certificate authority like Verisign and you can view the certificate through your browser. I typically look for a security certificate on sites I'm not sure about. In lieu of looking at the certificate itself, modern browsers help you determine whether a site is secure by placing a little key or lock icon in the toolbar or next to the URL. Look for this lock before you send any credit card data to an online vendor.
These are just two ways you can be aware of your online surroundings. While neither are foolproof, if you learn to look for clues like these, you dramatically reduce your changes of getting fooled or having data stolen. In coming articles, we'll look at these and other examples more deeply and talk about how you can increase your awareness and thus increase your safety. Next we need to look at the second A of online safety and that's 'Ability.'