The Truth About Secure Sites… and Sites Labeled “Not Secure”
As we continue the work involved in changing our sites to secure servers, it occurred to us that Google’s push to force sites to move to secure servers – and labeling sites “Secure” and “Not secure” is very confusing to most people who use Chrome to browse the web.
It seems logical to assume that Secure means safe and Not secure means unsafe. But that’s just not true.
An Example: A Tale of Two Download Sites
One of the largest bundlers of PUPs on the Internet is Softonic. If you visit them you’ll see that Google shows the green lock and the word “Secure” next to the URL (web address). However, if you download anything from them, you’ll most likely be dealing with sneaky installers trying to get you to install things you don’t want along with things you want. Softonic is famous for bundling PUPs and malware with legitimate software.
On the other hand, one of our favorite download sites – and also one of the safest – www.snapfiles.com is labeled “Not Secure” by Google. If you assume that “Not Secure” means not safe, then you’re doing yourself a disservice, because SnapFiles is one of the best and safest sites on the Web to get freeware. In fact, SnapFiles warns you if the developer has bundled something with the installer so you will know ahead of time how to avoid it. SnapFiles started off as WebAttack – they grew up with us on the web.
When does “Secure” really matter?
The term secure means that traffic to and from your computer to the site is encrypted and therefore can’t be intercepted by a “man in the middle”. If you’re entering personal information – such as credit card numbers, driver’s license numbers, home addresses, phone numbers, Social Security numbers, Government ID numbers, etc. then you best make sure you see “Secure” in the browser address bar. In short – anything that could be used to steal your identity or cause you financial harm, is considered “personal information” and sites that request this kind of information must be secure. If they’re not, don’t enter the personal information.
If a site asks for a name and an email address to join a mail list or in order to communicate with you that is not personal information, therefore the site does not need to be “Secure” and you can enter an email address and a name (doesn’t even have to be a real name) without worry.
What about spam?
Entering your email address in a form on a site that says “Not secure” is not how spammers collect email addresses. It would take so much time to collect email addressees this way, they could make more per hour working at Walmart. Spammers but by email addresses by the millions from spam houses who specialize in tricking people to give up their email addresses – or by being in cahoots with sites that collect email address and then sell them. Secure or not secure, if you don’t trust the site, don’t even give them an email address.
What about when I buy something from Cloudeight?
From the time you click the “buy now” button from any sales page on our site, until the time the sales process is completed, all the information collected is done on a secure server. We don’t ever see your credit card number or your home address or your phone number. All we ever see is a notification that you paid for one of our services or products. When we get the notification, all we see is your name and your email address, so we can fill the order. And even the emails we receive confirming your order are stored on secure servers (Gmail).
This is the important thing for you to know: All sales on our site and all our Cloudeight Direct Computer Care services are done on secure servers,
We don’t collect any personal information, ever. But we’re slowly moving to secure servers not because we need to, but because they way it looks to those who don’t know us and have no idea what exactly Secure and Not Secure mean when visiting a web site. And it’s not their fault. The terms Not Secure and Secure can easily be misinterpreted to mean “Unsafe” and “Safe” – but as we’ve shown that is not true.
If you know us, then you trust us. We hope we’ve earned your trust over the last 20 years. We never have and we never would intentionally misinform you or lead you in the wrong direction.
David vs. Goliath
There are a lot of small sites like ours that Google is pressuring to make the move to secure servers that don’t need to be on secure servers – but with the triangles and “Not secure” and worse, the red triangles and red “Not Secure” message displaying next to the site’s address in Chrome’s address bar, do sites like our really have any options. It’s David vs. Goliath but, alas, in this case, David’s not going to win.
Why we will eventually move to secure servers
We are slowly trying to make the move to secure servers, not because we need to, but because we’re being forced to. We are sure other sites like ours feel the same pressure. We have tens of thousands of pages, and hundreds of thousands of images and links, and all need to be transitioned to a secure server. All not because we want to, or because you’ll be safer, it’s all because Google is forcing us and sites like us to make this move.
This is not sour grapes or just griping for the sake of griping… or us being lazy. Heaven knows we both work hard. If Google really wanted to keep you safe, they’d be more careful with the advertisements they allow – the scams and fake driver sites and malware ads that display. Why don’t they crack down on those or some of the questionable things they allow in the Chrome web store.
The scarlet letters NS “Not Secure”
Your safety was never an issue with our site. There is not one valid reason for sites that do not ask for any personal information to be punished by being forced to wear the scarlet letters NS. This, no doubt, makes people who don’t know us, feel uneasy about our site and tips and help and other things we offer. What is going on with Google is wrong. But we have no choice. We are being forced to spend time and money we don’t have to get the scarlet letters removed from our site’s address.
Why is Google doing this? We don’t know, but we’re pretty sure it’s not for your safety. Many sites displaying “Secure” are not safe… and many pages that say “Not secure” are totally safe.
What we want you to take away from this “rant” is this:
You can’t trust sites just because they show “Secure” or a green lock icon in the address bar. And you should never assume that sites that show “Not secure” are not safe. Remember “Secure” does not equal safe and “Not secure” does not equal unsafe.