Helping people with computers... one answer at a time.
Https encrypts your data without knowing what it is: that includes email, banking information, or any type of data.
I've used https formatted Microsoft's Hotmail.com for sending and receiving email for years. I have a working knowledge of https, but I want to ensure that I'm correct in my knowledge. So my question is: when I send an email via https, via a Wi-Fi network that is not password-enabled but open to the public (for example, a public library), and before the email is received by the server that I'm sending to, can the sending email address be read while the email is sent via https format using the Wi-Fi network?
Now with time and money I understand that anything is possible with computers and source code; I know that's true. I'm speaking of a general concept on this issue. You've covered the topic recently on interpreting email headers but I don't recall reading this specific question or answer.
In this excerpt from Answercast #29, I look at the way https views data and how that keeps you safe online.
Https is a general-purpose connection encryption and validation technology.
It doesn't know that there's email involved. All it's doing is sending data to a web server and receiving data from that web server.
In the case of Hotmail, those are web pages: those are nothing more than web pages. When you fill out a web page that has a "To" and a "CC" and a "Subject" and an email message, it's just a web page that is containing a bunch of information that you send up to Hotmail.
Https causes that data to be encrypted and it's actually encrypted from point to point. It's encrypted on your machine and it's only decrypted when it finally reaches the https Hotmail server at the other end.
Not only can they not see the contents of that message, they can't see the "To" line. Heck, they can't even tell that you are sending email because all they're seeing is data going from your machine to Hotmail and that's it.
Same thing with the response; all they're seeing is data. It's encrypted but it's just data coming back from the Hotmail server to your machine.
They can't tell what it is or why it is.
The https can be used with multiple different kinds of servers. Https with Hotmail is something we use regularly and encourage people to use regularly for exactly the kinds of reasons that you're suggesting.
You're protecting people from being able to see not only what you're sending and who you're sending it to.
You're also protecting people from being able to see your login credentials.
The same thing applies with banking. It's the same old https, but in this case, you're actually exchanging banking information.
The https doesn't care; it doesn't know what kind of data you're exchanging
with the web server. All that it's doing is encrypting this bundle of data when it
gets sent up, decrypting it when it gets there, and then decrypting the
response when it comes back.
Next from Answercast 29 – Why has opting out of ads in Hotmail not turned them off?