Index Ask! Random

Question: Encrypted and Unencrypted information

Dear Doug,

Few days ago I got started to show up this message,

You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.

Why is that?

Regards,
Tom

Answer

Hi Tom,

I think I've talked about this as part of a larger question on another page, but the question is worthy of having its own page, so thanks for asking.

When you are doing something on the internet that you want kept secure (like entering credit card information, or other personal data), you need to make sure that the site you are entering information on is an encrypted site. It's easy to tell if the site uses encryption; just look for the HTTPS at the beginning of the address.

But why, if you're visiting a site that has HTTPS in the address, would you get a message saying that some information is UNencrypted?

The reason is that the page is pulling data from multiple servers, or from locations on the web server that are NOT secure.

For example, suppose I was charging you money to answer your question. I would need to collect your credit card information, so I would need my site to be secure. So I would purchase a SSL Certificate and install it on my server. Now, instead of visiting http://www.virtu-software.com/ask-doug/, you could visit https://www.virtu-software.com/ask-doug/, and the connection would be encrypted. BUT...suppose that the images displayed on this page came from a location other than https://www.virtu-software.com/ask-doug/. Well then, those images might not be encrypted. So your web browser would warn you, "Oh oh! Not everything on this page is secure!"

Does it matter that not everything is secure? Eh, probably not...

But here's the thing...

Unless you're a web guru who knows how to find and interpret the page source for the offending page, you have no way of knowing what part of your communication with the web server is not secure.

It's probably just an image file. Probably.

But are you going to risk it, when your credit card information, or your medical records, or some other personal data is on the line?

I would lean toward caution. Maybe you could contact the company that owns the website, and suggest that they fix their site so you no longer get that message. If they value your business, hopefully they'll look into the problem.

Hope that helps!

Bookmark and Share