Mac article on internet business model and a security question


Userlevel 5
The article:
Apple does right by users and advertisers are displeased
https://www.eff.org/deeplinks/2017/09/apple-does-right-users-wrong-advertisers
 
In my world displeased advertisers often means pleased consumers!
 
The question: Why does this community board not show a green lock for the https where you type the URL above? That would seem like better security.
 
In my former corporate experience with multiple platforms and multiple tiers, there is no free lunch.
 
 

16 replies

Userlevel 7

@Enigma wrote:
 
The question: Why does this community board not show a green lock for the https where you type the URL above? That would seem like better security.
 
 

You mean like this???
 


On some pages the lock won't show if there are links/images on that page that may be insecure.


 
HTH,
BD
Userlevel 5
 
Thanks.
 
Curious -since I use the webroot installation button to launch it directly into Safari 11 (you are in firefox) and there is no green box in mine. But my bank URL has a green box in the same window. So it is not my browser I presume.
 
To narrow it down - do you get a green box using my URL directly?
 
https://community.webroot.com/t5/forums/
 
Please clip your URL (less the key tracking parts) in for me to try. Is mine a man in the middle access to the community board?
 
Userlevel 7
Hi Enigma,
Your link takes me to a "Page not found" page here in the Community.
 


But I am using a PC. Perhaps that is why. I will ping some of our Mac users,  like @Ssherjj and @ProTruckDriver and see if they can check this for you on their Macs. ;)
 
For me, on a PC, I usually see the green lock unless there are certain links or images posted in that thread.
 
Here is a link to the Webroot Community Home page. It shows the green lock in my browser (FF) on this page...
https://community.webroot.com/t5/Home/ct-p/consumer
 
BD
Userlevel 7
Hello Enigma, Welcome to the Webroot Community Forum.:D
 
That's an interesting question Enigma about the lock in Safari. I'm running Safari now and I don't see any type of lock like shown on a PC. Hmm, I don't believe there ever was a lock showing in Safari, unless I over looked it. Maybe @Ssherjj or @JP_ could chime in on this. 
Userlevel 5
Thanks PTD. Glad to be in such nice company.
 
BD: the behavior is consistent. It is my understanding that the green box is related to https and not the particular link. I stripped some information off the URL to test with so the page you got is the one I get. Your link for me is the same thing as my URL. I was just testing to locate the source of the problem. (and also to ensure it wasn't OE - operator error!)
 
To summarize:
It seems:
 
Win 10 thinks the site is green box secure and Mac doesn't on both my URL and BD's URL.
 
Browser type is eliminated since all machines do the same thing.
 
If https is related to backend handshakes that eliminates the wire up to the boxes unless their is some kind of machine check in the process. (How could it know what machine type is used server side?)
 
https can not be secure and not secure at the same time (only schrodinger's cat can do that)
 
Leaving a software difference and a pretty significant one IMO. 
 
Server is at 208.74.205.209. I have not looked up precisely who owns that box. I will presume its correct.
 
Any thoughts?
 
 
Userlevel 7
Badge +55
Hello Enigma,
 
Welcome to the Webroot Community,
 
I show the same as @ProTruckDriver on my Mac using Safari is that I do not show any lock in this browser. I mainly use Firefox for by default browser and I do see a lock in this browser.


 
I believe I can ping @coscooper who knows Webroot on a Mac. He should be able to answer your questions.
Or @JP_ as mentioned by ProTruck Driver should be able to help further.
 
Sorry I wasn't much help.
Userlevel 5
Sherry: Being a good security person means never having to say your sorry! I know you are a good person as most on this board.
 
I could never keep firefox working securely enough for me and though I know the risks in safari, I go with system integration over open source for my security. Time will tell if that was a wise decision.
Userlevel 7
Badge +55
Thank you for your words of wisdom. I'll keep that in mind. 😉
Userlevel 7
Thanks for chiming in, @Ssherjj. Don't apologize, you're always helpful! :catwink:
 
Sadly I really only used Macs whenever I worked in Support and had to work with a Customer that had one :catembarrassed:
 
Your best bet is to submit a ticket to our Team per usual. Apologies for not being an Apple guy :catlol:
Userlevel 5
Badge +20
The lock/no lock is not related to or subject to differences between browsers on the Mac. How each browser interprits the URL will dispay differnces.
 
While I personally only use Chrome and Safari, the lock is derived by the specific site and the subURL. In our case, this community, it's been answered by, @BurnDaddy it's related to images and links in various forum posts that may not be secure. The core forum solution is fully secure and the majority of forum posts will show a lock, if the browser supports showing a lock.
 
Chrome and FF tend to be very security conscience and will display locks, warnings and such, whereas, my experience is that Safari does not put it in your face. It will show a lock, but nothing much else.
 
Here's a screen shot of both Chrome and Safari, locked and unlocked dependinng on the forum area you're within. It's simply a "beware" when you don't see the lock. If users post images from photo sites or links to sites, I belive the forum software simply changes the secureness. (Is that a word?)
 
Nice and locked at root level. Chrome in back, Safari on top. (I actually do not like Safari becuase it doesn't display the entire URL, vs Chrome that's more informative. (JMHO)


 
Unlocked. Chrome shows the "round i" icon for visual response, Safari, nothing. Again, anothe reason I'm presonally more of a Chrome user.


 
HTH
Userlevel 7
Badge +55
Thank you @coscooper for your quick response. Very much appreciated as always!
Userlevel 5
A tip for those Mac users who want to see the full URL - like me. 
 
Safari /preferences/advanced/
 
Checkbox: Smart search field and show full website address.
 
BTW, I like the new Safari - websites tab which shows some interesting stuff.
 
Thanks for the help. I need to do more research and reading.
Userlevel 7
Thank you @coscooper  Bookmarked. ;)
Userlevel 5
Badge +20
... and, I love learning something new every day! Thanks @Enigma
 

@Enigma wrote:
A tip for those Mac users who want to see the full URL - like me. 
 
Safari /preferences/advanced/
 
Checkbox: Smart search field and show full website address.
 
 

Userlevel 7
Badge +55
Thank you for that added information @Enigma!

 

@Enigma wrote:
A tip for those Mac users who want to see the full URL - like me. 
 
Safari /preferences/advanced/
 
Checkbox: Smart search field and show full website address.
 
 

 
Userlevel 5
I have done more research on SSL and green certificates. Here are some links to share for future researchers.
 
Summary: https://en.wikipedia.org/wiki/Extended_Validation_Certificate
 
(shows a grey lock in Safari 11)
 
https://www.digicert.com/ev-ssl-certification/
and
https://www.thawte.com/resources/getting-started/extended-validation-ssl-faq/
 
(both show a green lock in Safari 11)
 
Thawte has a link to How SSL works.
 
A rule of thumb (my expert said) is don't put money into a grey lock form unless you are certain you know who is on the other side. Non critical information exchange is fine on a grey lock.
 
 
 
 
 

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings