HTTPS Certificate Fingerprinting

I’ve talked a lot about HTTPS (and we talked about it in podcast Episode 054), but no one really explains how to make sure your connection is really valid. In some situations I have wanted to look beyond the green padlock icon. This concern has grow with reports of various public Wi-Fi services intentionally breaking HTTPS connections. Hardware manufacturers have shipped devices with what amounts to pre-installed malware for the same purpose. I’ve written about this before but I thought it was worth doing a video on HTTPS certificate fingerprinting.

HTTPS – What it is and Isn’t

Before we go into that, let’s talk briefly about why HTTPS is important. Most people know that it’s important, but not many people know why. An HTTPS (Hypertext Transfer Protocol [Secure]) connection is one that is encrypted from your device to the website you are visiting. The encryption is ridiculously strong AES-128. These connections, if established properly, are (currently) impossible to break…assuming the correct “handshake” has been made and and you haven’t been served a bogus certificate. Making sure you haven’t been served a phony cert requires HTTPS certificate fingerprinting as described in the video.

The encryption a proper HTTPS connection offers is excellent. I always recommend using HTTPS versions of sites and running HTTPS Everywhere in your browser. It is not a substitute for a VPN, however. HTTPS does not protect your packet headers. The URLs to which your browse to are completely exposed in these headers, as is your true IP address. I consider this a strong layer of security, but only a layer in a much bigger picture.

Without further ado, check out the video!

HTTPS Certificate Fingerprinting

The website I talked about in the video:

Wire Private Messenger

Wire Private Messenger is my new favorite encrypted messaging service. It is rapidly replacing Signal in my day-to-day use, though it will be a long time before it replaces Signal entirely. There are a lot of things to recommend this relative newcomer. Continue reading “Wire Private Messenger”

ProtonMail Two-Factor and Single Password Mode

Two days ago, ProtonMail released version 3.6. A number of new features were added in this release. The biggest one is long-awaited: two-factor authentication. Another new feature that interested me is ProtonMail’s new single password mode. Continue reading “ProtonMail Two-Factor and Single Password Mode”

Complete Privacy & Security Podcast E007

Complete Privacy & Security Podcast Episode 007: Email Strategies

Our seventh episode of The Complete Privacy & Security Podcast is now available. In this episode, we discuss our recommended Email strategies for Privacy & Security. Continue reading “Complete Privacy & Security Podcast E007”

Private Internet Access for iOS

Today I am going to discuss Private Internet Access for iOS. This is going to be in two parts: the PIA app (available in the App Store) and the option to use OpenVPN, which requires a separate app. Both of these methods have some advantages, and both have their disadvantages. In this installment I am going to discuss the App. Continue reading “Private Internet Access for iOS”

Private Internet Access for Windows

Last week I covered setting up Private Internet Access for Mac. This week’s post on the topic will cover the Windows operating system. Even though the Private Internet Access interface is very similar from Mac to Windows, there are a couple subtle differences. The next couple of posts will cover iOS and Android. If sufficient interest exists, I will also do one for Linux (if you’d like to see Linux, message or comment). Without further ado, Private Internet Access for Windows: Continue reading “Private Internet Access for Windows”

Private Internet Access for Mac

In the posts regarding smartphone interfaces (Wi-Fi, Cellular) I have recommended that you use a virtual private network (VPN). Immediately following the post on Wi-Fi security and privacy a comment was posted with questions about settings in Private Internet Access (PIA). Because I have not covered this topic in detail, and because many of your have chose PIA based on my recommendation, I will cover PIA for various operating systems intermittently over the next couple of weeks. Today we will go over Private Internet Access for Mac. Continue reading “Private Internet Access for Mac”

Smartphone Wi-Fi Security

Recently reader asked me to write a post about the implications of Cellular, Wi-Fi, Bluetooth, and Near Field Communication (NFC) radios in smartphones, and the privacy and security implications of each. I will, and it will be in several parts. Today I am going to cover smartphone Wi-Fi security and privacy. I’m sure you’re heard that you should leave your smartphone Wi-Fi turned off when it’s not in use – but why? Continue reading “Smartphone Wi-Fi Security”

ProtonMail Premium Review

Email is a service that we all rely on. Finding an email provider that promises a good balance of privacy, security, and convenience is a fraught proposition, however. As readers here doubtlessly know, I have huge privacy concerns around email. I hate giving out my real email address if possible, because it equates to attack surface (more on this later). I also hate using the same email for multiple services, but this creates major convenience problems. And I can’t store email with providers that either a.) dont’ store my data securely or b.) store it securely but scrape it for marketing purposes. Readers here also know I am a big fan of ProtonMail. This is why I decided to give ProtonMail Premium a try. Continue reading “ProtonMail Premium Review”

PrivNote Self-Destructing Messages

I recently found a service that I enjoy using.  It is called PrivNote and it allows you to transmit small bits of encrypted text via a URL.  Here is how it works.  First navigate to  The very simple interface offers you a compose pane and prompts you to “Write your note here…”  You enter your message and click “Create Note”.  Your note is encrypted and you are given a URL that you can share with the intended recipient.  Privnote does not transmit the link for you – it is your responsibility to copy it and paste it into an email, text message, etc.  Once you have sent the note the real fun begins. Continue reading “PrivNote Self-Destructing Messages”