Encryption: Not a panacea
Encryptionââ,¬"scrambling data so unauthorised parties have a hard time listening inââ,¬"is a useful process. Virtually every browser has encryption capabilities. (Most e-mail programs don't have built-in encryption, but we strongly recommend that you obtain it as an inexpensive add-on.) But it's not a panacea; you must understand when to trust encryption to protect your privacy.
First, you should get the most secure version of your browser.
Netscape Navigator, for instance, comes in two versionsââ,¬"one that uses 40-bit encryption keys and one that uses 128-bit keys. Low-security, 40-bit keys are good enough for mildly sensitive information, but anyone who has a serious desire to break the encryption can do so easily. (These weak keys are used in the default version of the browser due to u.s. government export restrictions; the government considers the export of effective encryption programs to be a threat to national security.) For real security, take the time to download a browser with 128-bit keys.
Second, make sure that encryption is really active when you need it. When you place an order on an e-commerce site, you'll almost always see a claim that entering your credit card number and other personal information is safe because the site is "secure"ââ,¬"that is, the information will be encrypted as it travels from your keyboard to the merchant's site. But is it really as secure as the merchant claims it is? When you get to the page that requests sensitive information, look carefully at the tiny lock icon at the bottom of your browser window and make sure it's really in the locked position. (In Netscape Navigator and Internet Explorer, the icon turns to a gold color when it's locked.) If the page claims that your information is secure but the icon is not in the locked position, leave the site immediately and shop elsewhere.
Third, remember that the presence of encryption doesn't mean that your data can't be monitored before it's encrypted or after it's decoded again. Let's say, for example, that you read your Yahoo! mail at the local cybercafe or public library. You see the little lock icon at the bottom of the screen. Think that the encryption in the browser will protect you? Think again. Computers in public places are easily subverted by clever hackers, who can install programs that monitor your keystrokes before they're encrypted. These keystrokes are then sent surreptitiously across the Net to a computer that logs everythingââ,¬"including your account names and passwordsââ,¬"for later use. For this reason, reading e-mail on a machine that does not belong to you or to someone you trust is not a good idea.
Your personal data can also be stolen once it reaches its destination. Many e-commerce sites use custom-built programs, or scripts, which are not carefully audited for security problems. Some use software ââ,¬"such as Windows NT, SQL Server, or Internet Information Serverââ,¬"that have hundreds of well-publicised security holes that the vendor may not have closed. Encryption does little good if the decoded data is filched from a merchant's site.
Finally, remember to remove your browsing history when you finish browsing at a public terminal. (In ie, select Tools | Internet Options, then press the Clear History button on the General tab. In Netscape, choose Edit | Preferences and press the Clear History button in the Preferences dialog. The URLs left behind in a browser's history file can let a subsequent user get back into your electronic mailboxââ,¬"especially if they're used fairly soon after you've departed.
And depending on the browser's settings, subsequent users may be able to see what you were doing online for days or weeks afterward.
excelant article
one addtional point:
one way to prevent the reading of email in outlook and outlook express from triggering the html bugs, etc is to
1) download your email
2) disable your internet connection
3) read all your email
4) enable your internet connection