soomz.io

How can we help you?

HIGH FIVE!

Thank you for your purchase. You will shortly receive an order confirmation by e-mail.


Let your friends know about our smart products simply and secure!
Send e-mail to friends

DAMMIT!

Your purchase couldn't be completed. Please check your entries and try again.
Happened again? Then please get in touch with our Help Desk using the contact form.

Try again Contact form

Send us your video

https encryption



Who would send confidential information on a postcard? Exactly. HTTPS-encrypted websites ensure that information can only be viewed by the authorized recipient.

What is HTTPS encryption?

In simple terms, this type of encryption prevents information on a website from being readable until it appears on the user’s computer. If we send information such as an e-mail or login data, it is encoded on the encrypted website before being transmitted over the Internet. Only the intended recipient has the key that is needed to make this information readable again. If someone infiltrates the sender’s or the recipient’s network, he will not be able to read the information.

How can I tell whether a website is encrypted?

An encrypted website can be recognized by means of two features:

1. The Internet address (URL) begins with https:// rather than http://
2. A padlock icon appears before the address to show that it is correctly encrypted.

Addresses of unencrypted websites only start with http:// (without an “s”). In modern browsers, unencrypted websites are marked with a padlock with a line through it next to the URL.

Why is encryption important?

In principle, unencrypted information can be accessed by anyone who is on the same network. That could be the case if we are using public WiFi in a café or a hotel, for instance. This is particularly dangerous if the WiFi network can be accessed without a password. In such situations, practically anyone can view the information we send or receive via the network.

Even if it does not seem dangerous at first glance, every unencrypted access to a website reveals information about the visitor. For example, if we read up on certain diseases online, unauthorized individuals can draw conclusions about our state of health. This may not be a big issue with individual pieces of information. But as soon as a high number of our online activities have been tracked, it becomes possible to draw up a profile of our activities, our preferences and our problems, which could be used against us in certain circumstances. The danger is particularly great when sending credit card or login information which another person could directly put to ill use. If a website is HTTPS-encrypted, at least credit card and other such information is transmitted securely. Nevertheless, it goes without saying that we should always question who we are giving our data to, irrespective of any encryption.

When is particular caution advisable?

You should only pass on confidential data if the transmission takes place via a secure HTTPS connection. This is especially important when:

1. Entering login data on login pages
2. Entering credit card data
3. Entering personal information in contact forms
4. Sending e-mails
5. Sending personal messages in messenger programs (e.g. WhatsApp)

A notification like this while logging in means that your login data is not secure.

If a certain page is shown as being unsecured, you can try to add https:// to the URL in the address bar. You can see whether this has worked by checking for the padlock icon in the address bar, which indicates that the connection is secure. Alternatively, you can use the Firefox extension “HTTPS Everywhere”, which carries out this change automatically. If it proves impossible to make the connection secure, you should avoid entering any data.

How can I tell whether the encryption is reliable?

Not every website that can be accessed via HTTPS is also secure. For encryption to be reliable, the following points must be adhered to:

1. The security certificate must come from a verified provider.
2. The security certificate must have been issued specifically for the website on which it is used.
3. The security certificate must not have expired.

Detailed information on security certificates – such as who has issued the certificate, which website it was issued for and whether or not it is still valid – can be obtained by clicking on the information symbol or the padlock in the browser.

Instructions: our video shows how easy it is to check security certificates (here in Firefox).


check-https-certificate-EN from soomz.io on Vimeo.

Wanna go deeper? With pleasure...

HTTP stands for Hypertext Transfer Protocol Secure, i.e. a secure transfer protocol for hypertext. Hypertext is the basis of HTML, which is used to create the webpages we see on our computers and smartphones. If we transmit text ourselves over the Internet, such as in a contact form, it is sent as hypertext. If this hypertext is sent on the Internet via an unencrypted HTTP protocol (i.e. without an “s”), it can be read by any hackers who have access to our network.

With HTTPS, however, the hypertext is encrypted before transmission and can therefore only be read by the recipient. The data is encrypted using a technology called SSL/TLS. So to put it simply, HTTPS enables us to surf the Internet securely without unauthorized individuals being able to read the data we have sent.

Symmetric encryption

Communications between the web browser and the web server are encrypted with a symmetric session key on our computer before we send them. The client (our browser) and the server each use their own session key to encrypt the data on one computer and then decrypt it on the other.

Asymmetric encryption

In the case of asymmetric encryption, a pair of keys is generated, with one being used for encryption and the other for decryption. In the process known as public key cryptography, the key that is used for encryption is made public, while the key for decryption is kept private so that only the recipient of the communication can decrypt it. However, the public key only works if it comes from the sender defined in the communication.