Serious Internet Security Question

Discussion in 'Mac Basics and Help' started by hutrebug, Aug 17, 2015.

  1. hutrebug macrumors regular

    Jun 24, 2015
    Hello all, I'm hoping someone here with real knowledge can help me understand once and for all if this is truly safe.

    If I'm on McDonalds wifi using my gmail account, which always begins with:

    https:// I 100% safe, reasonably safe, or not safe at all when I'm sending and receiving emails?

    If I'm not safe, what should I be doing/using to make sure I am 100% safe?

  2. Mikael H macrumors 6502

    Sep 3, 2014
    An encrypted connection to the web service ("https://") with valid certificates makes your traffic with the specific service reasonably safe. There is no "100% safe", but unless someone is out to get you, the work required to pull any meaning from your traffic with the server probably means no-one will bother.
    But of course the mail from your gmail account to the recipient, and from the sender to your gmail account probably is sent as plaintext over the web anyway (unless you encrypt your mail contents). Again: Sniffing up (and analyzing) the correct mail traffic en route between the sending and the receiving mail servers probably requires that you are targeted by someone who really wants to know what you're doing, but that's probably the weakest link.
    And of course: The nature of mail traffic means that even if you do encrypt your mail, someone who really wants to (and has the resources to attack you) can at least know with whom you've been having correspondence, even if they wouldn't be able to tell what has been said.

    Most governments today sniff and save Internet traffic that passes their countries. Most medium to large companies have the ability (whether used or not) to sniff and save Internet traffic directed to and from their own networks. Most ISPs cooperate with their respective governments in "tapping" at least selected parts of their traffic for at least metadata, but possibly even contents. We know that the US government forces or wants to force many US hardware and software companies to "help" them. We know that some security protocols have been intentionally or unintentionally weakened. In the case of open-source protocols, these faults may be found - at least after a while - but in the case of proprietary security solutions there simply is no way of knowing whether they do what they claim to do, and whether they're as good as they say they are.

    So no, you're not 100% safe ever. Unless you do things to attract the attention of law enforcement, governments, and/or large crime syndicates, though, you're unimportant enough that your particular web traffic probably gets lost in the noise caused by several billion other web-connected unimportant people.
  3. Mikael H macrumors 6502

    Sep 3, 2014
    You asked what you can do to be safe.
    Email is a bit like sending a postcard. Anyone who touches the mail en route from the sender to the recipient can read it. The cheapest and easiest way to prevent this from happening, is to make sure that you and the people with whom you regularly have mail conversations encrypt your data.

    For the Mac, you have the GPG Suite ( which simplifies matters a lot, as long as you know where you have your private key. GPG enabled software is also available for Windows and Linux, so all your friends can join your fun. Most people don't see the point, though.

    I'm actually not very updated when it comes to webmail like gmail, but I guess that the method there would be a bit more cumbersome than when using plugins for your favorite mail software: You would need to write what you want to say to your friend, then manually encrypt the message with your friend's public key, and add the resulting output as inline text or as an attachment to an otherwise empty mail that you'd send to the recipient. This is pretty much what the GPG Suite automates for you.
  4. ocabj macrumors 6502a


    Jul 2, 2009
    Public wifi should be treated as a hostile network.

    Using encryption for connections (e.g. https for web, ssh for remote shell) will mitigate traffic sniffing/snooping, but you need to be vigilant about certificate warnings and weary of possible man-in-the-middle attacks.

    Of course, you should have a local firewall to make sure you can't be attacked on the LAN (or via the Internet), assuming you have open ports.

    That being said, I always use a VPN client tunnel out when I'm using an untrusted network to get the Internet (e.g. hotel wifi, Starbucks wifi, etc).

Share This Page