Go to Mil Incorporated home page. Articles theme image
mil
incorporated

Online shopping safety

The Internet privacy problem

When you are shopping, banking or accessing other sensitive or confidential information online, how can you be sure that no one can monitor or intercept this personal information? Moreover, how can you be sure that someone can’t get this information from your computer later?

The answer of the first question is simpler that the second one. Mil Shield is a powerful privacy protection tool that can automatically clean all online and offline traces from your computer, which is very important to your Internet privacy, as you will see below.

Click here to download the free trial version of Mil Shield 8.0
4.16 MB - 25 sec with broadband or 12 minutes with dial-up link
Go to the top of the page

Secure pages and secure connections

Everything that you enter in the online forms when you are shopping, travels through many (tens or even hundreds) switching devices and computers. In order to be sure that no one can intercept this information, a special way of communication is used, called Secure Socket Layer (SSL). SSL ciphers (encrypts) the information on your computer and deciphers (decrypts) the information on the Web server that you are accessing. But how can you be sure that SSL is used when you are shopping online?

First, you have to look at the address bar of your browser and see what the address of the page where you enter your personal and credit card information looks like. If the address begins with https: (s for secure) instead of http:, then this page is using SSL. Note that only the page(s) where you actually enter your personal and credit card information need to be protected with SSL. All other pages on the Web site in most cases don’t use SSL because they don’t need to.

If you are using Internet Explorer you can use more comfortable indicators for the level of security of the site.

  • When you are about to open security protected page, you may get the message window shown below. If you don’t see the message, it may have been turned off (click here to learn how to switch this message on). A similar message pops up when you leave the security protected page and enter ordinary Web page.

    To turn off this warning, click to check In the future, do not show this warning before you click OK.

Security alert message shown when you are entering a secure page

  • If the Security Alert is not showing up, you can turn it back on. On the Internet Explorer Tools menu, choose Options. On the Advanced Tab, scroll to the very bottom of the list. Under Security options category, click to check Warn if changing between secure and not secure mode, and then click OK. From then on, you will see an alert message every time you enter (or leave) a secure page.
  • Once you get to the site, the Web address begins with https: ("s" for secure), and the locked padlock at the bottom of the window confirms the site has increased security. You can rest your mouse pointer on the lock to see the level of encryption.

A secure page open with Internet Explorer. Note the locked padlock icon on the bottom of the window, which indicates that this is indeed a secure page.
Go to the top of the page

Digital certificates, cipher strength and Internet privacy

With SSL (the secure protocol described above) you can be sure that no one can intercept and decode the private information sent to the online store or whatever web page you are accessing via secure connection. However, there is another danger – how can you be sure that the online shop itself is not a cheat or impostor?

To address this concern, when you visit the online store order page and you submit your personal data, the online store server automatically sends its digital certificate. This is essentially an electronic ID card that proves the online store identity to your browser, and verifies that it was issued by a certificate authority that your browser trusts. This certificate is issued to the online store by a trusted third party called a certificate authority. In addition to proving the online store identity, the certificate provides a cryptographic "key" (cipher) that is used to encode and decode your communication with the online store. Once your browser approves the certificate, the secure server encrypts any information before it travels across the Internet.

The information you send via secure connection is protected using encryption, a method of scrambling data that helps to prevent unauthorized users from reading or tampering with it. When your computer and the site—say, your bank—are about to exchange encrypted data, a connection called a handshake is established between the two. The bank's server transmits the bank's key to your computer. Your computer then encrypts a unique key for that session, and for the rest of the transaction, your personal information is encrypted and authenticated using keys derived from this exchange. So if someone captures your information, it will appear as garbled text without the secret key. Once your data has been transmitted, it is decoded back into its original form, using a similar key.

This may seem complicated but everything is handled by your browser in a matter of seconds so you don’t have to worry about the details of the process.

Each digital certificate has validity period. It this period is over or certificate is not valid for some other reason then the browser will notify you. With Internet Explorer the little padlock in the bottom of the browser window will not be locked and you can double-click on the padlock icon in order to see what is wrong. Some secure Web pages place an image on the bottom of the page that leads to their digital certificate. You can click on this image to see the details of the security certificate directly from the certificate authority Web site.

The cipher strength is measured in the number of bits supported by your browser. It translates to how long and complicated (and thus hard-to-crack) the key code used to encrypt your data is. The current standard for secure connections is 128-bit. (A bit is the smallest unit of data in a computer.) It is supported by most popular browsers.

NOTE: Do not confuse 128-bit encryption with a 32-bit or 64-bit processor, which refers to the number of bits that a computer can process at a time and does not affect the cipher strength, which is determined only by the capabilities of your browser.

TIP: If you are using Internet Explorer, you can find out the cipher strength of current secure connection if you rest your mouse over the padlock icon in the bottom of the browser window. If you want to find out which is the maximum cipher strength, supported by Internet Explorer, click on Help menu and then select About Internet Explorer. The cipher strength is listed in the dialog window just below the version of Internet Explorer.

Go to the top of the page

Traces left on your computer

The discussion above covers the protection of your Internet privacy from Internet cheats or impostors. However the encryption can not help if someone gets to control your PC or has access to your computer through one of the numerous security holes in the operating system and application software. The thing is that Internet Explorer leaves many traces of your Web surfing. These include Internet history, cookies, Temporary Internet files (a.k.a. Internet cache) and AutoComplete forms and passwords. If an intruder gets access to these traces, he can have a full record of all Web surfing and even some of your computer activities that are not related to Internet.

You can delete some of these traces through Internet Explorer options but not all of them are really deleted (see the article Delete Index.dat files for the most obscure and hard to erase traces). Furthermore, it is real pain to have to clean even these traces because there is no centralized place to control this and there is no way to automate the process. Finally, some of the traces are actually good for your browsing experience – Internet cache speeds up the browsing, cookies protect you from entering your user information over and over again and history makes it easy to type the addresses of your favorite Web sites.

Mil Shield is a powerful privacy protection program that was designed specifically to clean and shred all online and offline traces. Using this tool you can clean all traces with one click of the mouse or even better – you can set automatic cleaning of the traces each time when you turn on or turn off your computer or when you close all your Internet Explorer windows. Another benefit is the ability to preserve the tracks from some chosen by you sites (selective cleaning), which makes your browsing faster, more comfortable and safe.

Mil Shield also cleans all other tracks as cookies, history, cache, AutoComplete records, UserData records, history of recently used folders and documents and many other tracks as well as tracks of many popular applications.

Go to the top of the page

Conclusion

As we saw the online shopping experience can be safe and joyful only if we take some precautions. Here is a summary of the steps that you need to follow in order to protect your Internet privacy:

  • Check if the order page(s) are SSL protected. The address of the page must begin with https: and (if you are using Internet Explorer) the little padlock icon on the bottom of the browser window must be locked.
  • If the security alerts of Internet Explorer don’t bother you, leave them turned on (or turn them on if they are turned off).
  • Use a browser that supports 128-bit cipher strength and (if you are really paranoid) check the digital certificates of the secure pages.
  • Use a privacy protection program like Mil Shield in order to avoid the possibility of someone that can steal your personal information after the online transaction.

Well, happy shopping!

Go to the top of the page
Send your comments and suggestions to site@milincorporated.com
Copyright © 2003-2014 Mil Incorporated. All rights reserved.