Secure sites: Are you secure?

Post your tutorials for using applications or performing related tasks here.
Note: Not for "how do I...?" Questions!
Forum rules
Tutorials and Howtos should only relate to developed software, and not to third party applications. e.g.: Don't post a generic Howto for configuring a firewall.
If you have a question how to do something, you should use one of the support boards, not this board. It is meant for people to document and post instructions.
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Secure sites: Are you secure?

Unread post by Moonchild » 2013-02-17, 23:20

Note: this guide is outdated. please see the updated version.

Pale Moon displays secure sites slightly differently than other browsers, so here is a short explanation about the different statuses you may see, and what exactly they mean:
  1. Normal site:
    normalsite.png
    normalsite.png (2.15 KiB) Viewed 9505 times
    The connection to the site is not encrypted, and anything you post to or get from the website is transferred normally. This is the normal state for most web pages you will visit, and is normal for regular browsing.
  2. Secure site:
    https.png
    https.png (3.99 KiB) Viewed 9505 times
    The connection to the site is encrypted, and anything you post to or get from the website is securely transferred to prevent eavesdropping. This is a common state for on-line shopping, most e-mail providers who supply webmail, and a number systems for securely logging in, etc.
    Unlike Firefox, Pale Moon will display the verified domain name for these types of connections.
  3. Secure site with extended validation:
    https-ev.png
    https-ev.png (4.33 KiB) Viewed 9505 times
    The connection is encrypted like in (2), but the certificate owner has also been verified through an extended validation process. This is a common state for higher-security sites like on-line banking, eMoney providers, and secure governmental sites dealing with highly personal information. Pale Moon will display the verified organization name. Because these kinds of certificates are much more expensive, most smaller businesses will not use extended validation for their encrypted pages and you will see a "domain verified" encrypted connection instead (as in (2)).
  4. Low-grade encrypted, or mixed-content site:
    https-broken.png
    https-broken.png (4.24 KiB) Viewed 9505 times
    Although the protocol used is https, the connection is not trusted. This can be caused by a particularly low-grade encryption used (which takes very little effort or time to circumvent) or by mixed secure and non-secure content on a single page. The latter can be a common occurrence if you have pages restored after a browser shutdown (e.g. through session restore or if you use "show my windows and tabs from last time"). Pale Moon will, in this case, also not display the domain name or validated organization name, and will not show a blue or green border or identity panel background.
    Be very careful when you see this icon!
    Do not enter any login, financial or personal information when you see this icon displayed. If it was a cached page, completely refresh the page (Ctrl+F5) and check for proper encryption.
At all times, you can click the displayed website icon or domain name/organization name for basic details about the encrypted state, or you can click the padlock itself to open a more detailed window with information about your connection.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked