<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@vertical+block@fddb9b8b2fba493cb065e2170777d0c8" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@37ade67dbb784bd5b83b691ddd0b7910">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@37ade67dbb784bd5b83b691ddd0b7910" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Congratulations, you've made it through the Module 1! Welcome to <strong>Module 2: How can you increase your privacy and security on the internet?</strong></p>
<p>In Module 1 you explored the physical infrastructure of the internet - what elements it is made up of, and who owns these elements. The internet is not under your control; however, being aware of who owns or has access to your data will help you make informed choices.<br /> <br />This course recommends taking four steps to increase your overall privacy and security online:</p>
<blockquote><ol>
<li>Use encryption (HTTPS Everywhere)</li>
<li>Make informed choices about which online services you use</li>
<li>Use strong passwords</li>
<li>Obfuscate your IP address</li>
</ol></blockquote>
<p><br />In this module, we’ll go through the first two steps. The second two are individual courses of their own - find these on the Totem platform: <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_SP_001+course/about" target="_blank">Secure Passwords</a> (3.) and <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_AA_001+course/about" target="_blank">Access & Anonymity</a> (4.).</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@vertical+block@c46550e3025a480180ae9fab3d3b916b" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@b573d126c0d14bcf8c1a5702a042fab7">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@b573d126c0d14bcf8c1a5702a042fab7" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>In Module 1, we briefly introduced protocols - the languages that allow all the cables, servers and routers of the internet to communicate with each other. The internet uses many protocols, but right now we’ll focus on just one: the <strong>Hypertext Transfer Protocol (HTTP)</strong>. This is the protocol that allows you to surf the internet.</p>
<p>It looks like this in your browser bar:</p>
<p style="text-align: center;"><img src="/assets/courseware/v1/7c59b53e51da79c0c38cc69af356bceb/asset-v1:Totem+TP_IP_001+2018+type@asset+block/HTTP_Totem.png" alt="Screenshot Totem Project website" type="saveimage" target="[object Object]" p="" width="371" height="34" /></p>
<p>But while HTTP allows for the transfer of data over the internet, it does this in the clear, i.e. it <strong>does not encrypt the data in transit</strong>.</p>
<section style="border: 2px; border-style: solid; border-color: #000000; padding: 1em;">
<p>Encryption, in simple words, means that you take a plain text message and a key to generate a scrambled text. By doing so you generate a text that is only readable to the person located at the final destination of your message, as only this person has the key to decrypt it.</p>
<p>Something like this:</p>
<p style="text-align: center;"><img src="/assets/courseware/v1/d425924ae1fa3aed0555508a5da780f1/asset-v1:Totem+TP_IP_001+2018+type@asset+block/Totem-text-encrypted.gif" alt="Totem Encryption" type="saveimage" target="[object Object]" width="50%" /></p>
</section>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@vertical+block@a9929482fb294476a332e2487fd417ec" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@39af066492fa469cbb0db4347da6ccdd">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@39af066492fa469cbb0db4347da6ccdd" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>To address this, at some point in the history of the internet a new protocol was introduced that would encrypt information while it traveled: HTTPS. Today, many websites apply <strong>HTTPS encryption</strong> (also known as TLS: Transport Layer Security), to protect your information while it is traveling across the pipes of the internet. But not all websites do.<br /><br />So now let’s look at the difference between using the internet (say, doing online banking or checking Gmail) using HTTP vs using HTTPS.<br /><br />Below is another representation of the internet. <strong>Click on the "HTTP" button</strong> to see what changes when you use HTTPS rather than HTTP.</p>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:Totem+TP_IP_001+2018+type@grapheditorxblock+block@2fc90de2b5b04af3b0f74d013219aa0c">
<div class="xblock xblock-public_view xblock-public_view-grapheditorxblock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-block-type="grapheditorxblock" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@grapheditorxblock+block@2fc90de2b5b04af3b0f74d013219aa0c" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">This content is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
<div class="vert vert-2" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@137459c7be1a4453a9f353e0219e5027">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@137459c7be1a4453a9f353e0219e5027" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p style="text-align: center;"><em>Credit: <a href="https://www.eff.org/pages/tor-and-https" target="_blank">How HTTPS and Tor Work Together to Protect Your Anonymity and Privacy</a> from <a href="https://www.eff.org/" target="_blank">Electronic Frontier Foundation</a> (EFF)</em></p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@vertical+block@0d5eda2d1bf34c9bb009227e2b7b4099" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@6f1de61deeeb44e7a6e2674fd254d93e">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@6f1de61deeeb44e7a6e2674fd254d93e" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Great, so why can’t you use HTTPS all the time? <br /><br /><strong>Because HTTPS needs to be installed by the website</strong> - you can’t force an HTTPS connection when it is not there.</p>
<p><img src="/assets/courseware/v1/dab3c3547f19a242de4102379444657b/asset-v1:Totem+TP_IP_001+2018+type@asset+block/image5.png" alt="HTTPS Everywhere logo" type="saveimage" target="[object Object]" width="40%" hspace="20" align="right" />But there are cases where a website offers both an HTTP and HTTPS connection but doesn’t use HTTPS <em>by default</em> (or might use HTTPS on one page, but then routes you from here, a secure page, to another, non-secure page). In these cases, you can actually force the HTTPS connection.</p>
<p></p>
<p>This can be done <strong>using a browser add-on</strong> called <strong>HTTPS Everywhere</strong>, developed by the <a href="https://www.eff.org/https-everywhere" target="_blank">Electronic Frontier Foundation</a>. It’s a simple solution to increase your privacy and security, by forcing HTTPS connections when possible. You only need to install the add-on once!</p>
<p></p>
<p></p>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@357b79cab9d14e62bb5eccb2c6209128">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@357b79cab9d14e62bb5eccb2c6209128" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<p>Take a minute to do this now:</p>
<blockquote>
<ul>
<li>Open Firefox > <img src="/assets/courseware/v1/9a0eedff1f2a4c18426f28cd60deebfe/asset-v1:Totem+TP_IP_001+2018+type@asset+block/Hamburger_Firefox.png" alt="" type="saveimage" target="[object Object]" width="27" height="25" /> > Add-ons > Extensions > search for “HTTPS Everywhere” > + add to Firefox</li>
<li>Open Chrome > <img src="/assets/courseware/v1/338594f9a85310cc4e247cbd3f6ec926/asset-v1:Totem+TP_IP_001+2018+type@asset+block/Hamburger_Chrome.png" alt="" type="saveimage" target="[object Object]" width="20" height="25" /> > Settings > Extensions > search for “HTTPS Everywhere” > Add to Chrome</li>
<li>Open Firefox on Android > <img src="/assets/courseware/v1/338594f9a85310cc4e247cbd3f6ec926/asset-v1:Totem+TP_IP_001+2018+type@asset+block/Hamburger_Chrome.png" alt="" type="saveimage" target="[object Object]" width="20" height="25" /> >Add-ons > Browse all Firefox Add-ons> > search for “HTTPS Everywhere” > Add to Firefox</li>
</ul>
</blockquote>
</section>
<p><em>Note: </em><span><em>This is a browser plug-in or extension for Firefox, Chrome, and Opera only.</em> </span></p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@vertical+block@113c0205ffe7437abcee1bcadae217ee" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_IP_001+2018+type@html+block@87fc2bc1b4484b39ae6fef50ae6e9d46">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_IP_001+2018" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_IP_001+2018+type@html+block@87fc2bc1b4484b39ae6fef50ae6e9d46" data-request-token="adc9fc80a05511ebb5bc0242ac120009" data-graded="False" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p><strong>Does your organisation’s website offer an HTTPS connection?</strong></p>
<section style="border: 2px; border-style: solid; border-color: #66cc99; padding: 1em;">
<blockquote><ol>
<li>Open a new tab and go to your website.</li>
<li>What do you see? Does the browser bar start with?</li>
</ol></blockquote>
<blockquote>
<blockquote>
<ul>
<li><strong>HTTPS</strong> - Great! Your organisation is helping to protect the individual privacy and security of your visitors, as well as helping to create a more secure and privacy-respecting internet!</li>
<li><strong>HTTP</strong> - Time to take action! Talk to the person responsible for the website and point them to <a href="https://letsencrypt.org/" target="_blank">Let’s Encrypt</a>. This is a public-interest organisation that provides the digital certificates needed to enable HTTPS on a website, for free</li>
</ul>
</blockquote>
</blockquote>
</section>
<p></p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>