The other day a friend of mine asked me whether or not his connection to the internet was safe. In his particular scenario, he was at a hotel with his laptop which was connected via an encrypted WiFi link to his Airport Express which in turn was connected to the hotel's internet service via a wired ethernet connection. Now clearly, anyone who travels with an Airport Express is pretty security conscious and this particular guy has probably forgotten more stuff about network security than I will ever know. However, in this particular instance he stumbled across a topic which I've come to know fairly well lately. Mainly because I've be planning to secure my internet connection when I'm out blogging at Starbucks using their public WiFi. No! I'm not paranoid! Bad guys seriously try to steal your credentials (accounts, passwords, etc) for real. If programs like FireSheep don't keep you up at night then...something is wrong with you! Ok, back to his question. "If I'm using an Airport Express to create a secure wireless connection to the hotel's internet service and then I browse to a secure website (e.g., any site using "https:") are my communications secured?" The simple answer is yes. In fact he is doubly secure and here's why. Whenever you browse to a site the using the "https:" protocol (typically your browser will show the 'lock' symbol when this protocol is being used) all communications between the browser on your computer and the computer at the other end of the connection are encrypted. So, in his case, the encrypted WIFI connection via the Airport Express was unnecessary since the communication was already being encrypted by the browser's "https:" protocol. Plus when he's browsing to sites that aren't using "https:" his Airport Express is protecting his communications from the FireSheep-ish WiFi bandits.
So what about us regular folks who share the public WiFi at Starbucks - using an Airport Express solution is not a viable option in this scenario. We are out there in the wild, wide open with all our information flowing over an unsecured public WiFi link. Well there is *some* good news especially when it comes to the big social sites like Facebook, GooglePlus (including gmail) and Twitter; these sites switch you over to the https protocol automagically when you browse to them. Good stuff, try it! Type in http://facebook.com (twitter.com or plus.google.com) in your browser's URL you will get redirected through the https protocol...check the link/url. Very nice. Of course, banks have been doing this for years but it's nice to see that it's becoming pervasive. What about all the other sites you browse...well unfortunately, its really a grab bag ...some do and some don't. In many cases, it doesn't really matter because you're just browsing around. However, if you ever have to login at a particular site, to be safe you should definitely make sure it URL begins with "https:".