Helping people with computers... one answer at a time.
Https encrypts your data without knowing what it is: that includes email, banking information, or any type of data.
I've used https formatted Microsoft's Hotmail.com for sending and receiving email for years. I have a working knowledge of https, but I want to ensure that I'm correct in my knowledge. So my question is: when I send an email via https, via a Wi-Fi network that is not password-enabled but open to the public (for example, a public library), and before the email is received by the server that I'm sending to, can the sending email address be read while the email is sent via https format using the Wi-Fi network?
Now with time and money I understand that anything is possible with computers and source code; I know that's true. I'm speaking of a general concept on this issue. You've covered the topic recently on interpreting email headers but I don't recall reading this specific question or answer.
•
In this excerpt from Answercast #29, I look at the way https views data and how that keeps you safe online.
•
Security with https
Https is a general-purpose connection encryption and validation technology.
- What that really means is: the https has no concept of what it is you're doing.
It doesn't know that there's email involved. All it's doing is sending data to a web server and receiving data from that web server.
In the case of Hotmail, those are web pages: those are nothing more than web pages. When you fill out a web page that has a "To" and a "CC" and a "Subject" and an email message, it's just a web page that is containing a bunch of information that you send up to Hotmail.
Data is encrypted
Https causes that data to be encrypted and it's actually encrypted from point to point. It's encrypted on your machine and it's only decrypted when it finally reaches the https Hotmail server at the other end.
- Nobody in-between can see the contents of that message.
Not only can they not see the contents of that message, they can't see the "To" line. Heck, they can't even tell that you are sending email because all they're seeing is data going from your machine to Hotmail and that's it.
Same thing with the response; all they're seeing is data. It's encrypted but it's just data coming back from the Hotmail server to your machine.
They can't tell what it is or why it is.
Using https
The https can be used with multiple different kinds of servers. Https with Hotmail is something we use regularly and encourage people to use regularly for exactly the kinds of reasons that you're suggesting.
-
You're protecting people from being able to see not only what you're sending and who you're sending it to.
-
You're also protecting people from being able to see your login credentials.
The same thing applies with banking. It's the same old https, but in this case, you're actually exchanging banking information.
The https doesn't care; it doesn't know what kind of data you're exchanging
with the web server. All that it's doing is encrypting this bundle of data when it
gets sent up, decrypting it when it gets there, and then decrypting the
response when it comes back.
Next from Answercast 29 – Why has opting out of ads in Hotmail not turned them off?
Article C5515 - June 25, 2012 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
June 26, 2012 8:39 AM
Excellent response by an EXPERT! Things for the excellent information (now known as "data").