SHORT ANSWER: Yes, no, or sometimes; but that really is not important here, so don't worry about it.
(For why that question really is important elsewhere, see "ELSEWHERE" below.)
LONG ANSWER:
The short answer of "NO" applies because
TowerBells.org is not an inherently secure Website.
That is, it can be accessed via HTTP (which is insecure)
instead of HTTPS (which is secure).
With HTTP, communications between a visitor and the webserver are not encrypted,
so it is theoretically possible that a "man-in-the-middle" attack could
steal information in transit between a user and the Website,
or could present false information to the user.
For the reason why this is unimportant, see "UNIMPORTANT?" below.
The short answer of "YES" applies because this Website CAN be accessed via HTTPS, in which case all communications between a visitor and the Webserver are encrypted and thus are secure against snooping, hacking, spoofing, etc.
The short answer of "SOMETIMES" applies because even if HTTPS access is used, that security is apparently based on a certificate provided by the hosting company, which is for unknown reasons not widely accepted.
UNIMPORTANT?
Some Web browsers (or recent versions of some Web browsers) get really fussy
about security, because there are real and significant risks in the transmission
of personal information over unencrypted channels.
However, such an attack would be a wasted effort on a Website such as this one.
Not only is none of your personal information involved in visiting this Website,
but there is no way that a hacker could deduce anything personal about you
by noticing what parts of this Website you visit,
and there is no way that a hacker could benefit by showing you information
that is different from what we present here.
Some Web browsers will allow a user to accept the supposed risk of an insecure connection and continue. Others may force an HTTPS-only mode. Since the maintainer of this Website only uses two of the many Web browsers that are available, it isn't known here what options others might offer. Regardless of what Web browser you are using, it could be worthwhile for you to explore its Settings/Preferences options.
Clearly it would simplify life for some users if we configured this Website to make it accessible only via HTTPS. So why don't we that? In the first place, our hosting company is using a rather old Website maintenance software package, and getting away from that would probably require moving to a new hosting company, which would be a really big job. In the second place, the inconvenience of installing and maintaining a security certificate on this Website isn't worthwhile to the Webmaster. What makes it not worthwhile is that (as described above) there is absolutely nothing here that could solicit any personal information from a visitor such as you. Furthermore, the fact that you are visiting this Website, as well as your choice of which pages to view, does not reveal anything vitally personal about you.
ELSEWHERE:
When you visit a Website that requires you to provide personal information
(even if it's as minor as a password to enable access to read-only data),
you don't want that information to be seen by anyone else.
That's why HTTPS exists — to provide a secure channel of communication
between you and that Website.
And that's why you should always verify that you have a secure connection
when you visit such Websites.
How you do that verification depends again on which Web browser you are using.
A different problem can occur when someone tries to use a really old Web browser (which may be the only kind that will run on a really old computer) to access a Website that is protected by a very recently-issued security certificate. Such a browser may not be able to verify some recent security certificates, leaving you incapable of securely capable of communicating with such a Website. (But it will be able to communicate with this one quite nicely, using HTTP!)
FINAL WORDS:
There are no ads here!
So if you ever see any ads while visiting this Website via HTTP,
you can take that as evidence of either misbehavior by the company
that hosts this Website or a man-in-the-middle attack somewhere.
Please
notify
me immediately if that happens!
Please include a screenshot of the problem, if possible.
In the future, this Website might be migrated to an HTTPS-only platform, but it is not yet known when that might happen. Other possibilities for improving security are being actively investigated.
For the technical-minded:
HTTP = HyperText Transfer Protocol = the Internet protocol for transferring information related to Webpages (which are written in HyperText Markup Language, or HTML).
HTTPS = HTTP Secure = HTTP with all possible transfers encrypted, which prevents both snooping and spoofing.
A Web-hosting company's view of HTTPS: https://www.cloudflare.com/learning/ssl/why-use-https/
Wikipedia's explanation of HTTPS and its virtues: https://en.wikipedia.org/wiki/HTTPS
[Tower Bells Home Page] [Site Map] [The builder] [What's New]
This page was created on 2023/12/30 and last revised on 2024/01/01.
Please send comments or questions about this page to csz_stl@swbell.net.