You probably have heard or read about SSL (Secure Socket Layer) utilization on the web. This is a way to send sensitive information across the Internet in an encrypted form so bad guys can’t steel your info. A really good idea anytime usernames, passwords, or personal information are sent. Online banking for instance wouldn’t be safe without SSL. The use of SSL is identified by the prefix https: instead of the usual http: in the address bar of your web browser. Here is the Wikipedia entry if you want all the gory details.
Recently Mozilla Firefox and Google Chrome, two very popular browsers, started alerting users if they were accessing a website that does not use SSL. The ominous sounding “Connection is not secure” message might freak out some viewers. If you are visiting your online bank and get the message then you should be freaked out. But not if you are visiting a blog like the LK&O Railroad. Here is why…
First, you are not sending any information over the Internet to the site, personal or otherwise. Viewing a LK&O blog post is no different than reading a magazine page. It is a one way transfer of information. The LK&O server happily sends static pages to any browser that requests them. No security needed. If you subscribe to the site or you make a comment then you are sending your email address. That’s personal information, right? Yes, but just barely. Your email address is already floating around on the Internet. A bad guy doesn’t need go to all the trouble of intercepting LK&O web site traffic to get your email address if he wants it. And in a lot of ways your email address is no different than your home address – readily available to anyone with a phone book! For my under 30 readers, a phone book was a paper catalog of names, addresses, and phone numbers we used in ancient times. 🙂
Second, as with everything in life, there is a price. SSL is no different. Both a dedicated IP address and a digital certificate must be purchased and continually renewed. Some hosts offer free shared SSL certificates. Bluehost, the hosting service used by the LK&O, offers free certificate use however there are restrictions. One showstopper restriction for me is a file size limit of 100kb. The enlarged images you see when you click on an image in a post are larger than 100kb meaning if I want to use Bluehost’s free certificate I can’t offer enlarged image viewing. Not good.
I don’t want to sound cheap. Frugal yes, but not cheap. However… while I enjoy posting my railroading exploits on the LK&O website, it does have a monetary cost. I pay a monthly hosting fee to Bluehost and I also pay a yearly Sucuri service fee to make sure you never get malware or a computer virus from the LK&O website. I’m fine with that. But adding significant additional cost in the form of a digital certificate and dedicated IP address to a site that does not involve sensitive information? Can’t justify that one.
So, fret not if your browser alerts you the connection to this site is not secure. It isn’t. Because it doesn’t need to be.