Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

Half of all Phishing Sites Now Have the Padlock

We used to believe that a padlock shown in a web browser’s address bar meant that we were connected to a safe and secure web site. That’s no longer true. In fact, it never was completely true.

The padlock is shown when a web site has a security certificate installed and the connection is made using an encrypted “https” connection.

HTTPS protocol. (The letter “S” after “http” indicates a “secure” connection.) In fact, an https connection has some arguable drawbacks. Mainly, there’s virtually no barrier to anyone obtaining HTTPS certification, which has made it attractive for criminal groups hoping to add an air of authenticity to bogus sites. That little green padlock guarantees that you’re sending data encrypted, but not that the person on the receiving end has scruples.

When hackers create web sites to trap you, they almost always obtain a security certificate that will work on HTTPS and will display a little green padlock in your web browser. If so, your connection will be secure but you probably will still be ripped off by the hackers that run the site.

You can also read an article by internationally-known security expert Brian Krebs’ article about all the hacker sites that are now displaying https padlocks at

Sadly, many web browsers will claim you have an insecure connection if https isn’t used. In fact, that warning is meaningless. The web site may still be insecure whether https is used or not.

In short, a padlock and an https connection are meaningless these days.

Categories: Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.