Synthesis: HTTPS and SSL

Credits DJ Last Updated 2015-04

A final wrap-up and closing session for participants, for the Safer Browsing - HTTPS and SSL module.

ADIDS Element

Synthesis

Parent Topic(s)

HTTPS and SSL

Duration

10-15 minutes

Have feedback on this content? Does something need updating?

Leave a note anywhere on this page - look for the Hypothes.is toolbar in the upper right-hand corner.

Have content you'd like to share with other trainers?

Email us at levelup@riseup.net (GPG public key here) or read our guide on Contributing to LevelUp.

 

Synthesis

Ask participants if they have questions before completing the session. If time allows, refer to the essential questions listed in the Input section to see if the information has been understood. Some questions might include: - Which is secure: HTTP or HTTPS? - Why is HTTPS important? - If I am instant messaging my friend and the connection isn’t protected, what could someone in the middle – like an employee at my service provider – see? - If I use a secure connection, does it make me anonymous? (Answer: No, only the content of what send to or receive from a website is protected.) - If I use a secure connection, can a website see what I’m doing on their site? (Answer: Yes. HTTPS protects our connections to websites, but – as was shown in Activity and Discussion #1, the website has access to what we’re sending once it arrives.) - How can I tell if I am connected to a site over an HTTPS connection? (Answer: The address should start with “HTTPS” and – if the browser has a lock icon, that icon should show the lock closed.) - How can I tell if my mobile phone is using HTTPS? (Answer: EFF.org now supports a version of HTTPS Everywhere for the Firefox browser on Android. Also, mobile browsers let you type the address you wish to visit just as on a PC, so it’s possible to explicitly request the HTTPS version of a site, if that protected connection is not automatic.) - Is it ever okay to just use HTTP? Even just quickly? (Answer: It depends. J Often, you won’t have a choice – not all websites support SLL connections. In those cases, you can decide for yourself whether you are comfortable sending information – such as posting on a blog, sending an instant message – without protection.)