Security

Nowadays, everyone is rightly concerned about security when using the Internet. This site is designed to pose no security risk and cause no security concerns.

For your own protection, you should never use a computer on the Internet without an Anti-Virus program & a Firewall. You can find recommendations for such software on my Software Recommendations page.

• HTTPS versus HTTP

"Normal" Internet pages are accessed via HTTP (HyperText Transfer Protocol), usually via port number 80. Pages that you load, and page requests that you make, are not secure. Any files uploaded or downloaded, the identity of every page that you browse, and any data that you enter into an online form (names, phone numbers, account details, addresses, passwords and other personal data) can be intercepted and read.

Secure Internet pages are accessed via HTTPS (HTTP Secure) usually via port number 443. Pages, page requests, and data (files, form data and passwords) which are uploaded and downloaded are all encrypted. Anyone monitoring your browsing activity will not be able to know which pages you loaded, and also not the contents of those pages when you received them. You should always use a secure (HTTPS) connection when doing online banking, email, and similar online activity. You can read more about HTTPS here.

I have introduced secure (HTTPS) browsing on this site because Google now rank HTTPS search results higher than HTTP results, so that sites that are on HTTPS will come higher up the list,

• Security certificates signed by a recognised certificate authority (CA)

A requirement of HTTPS is a security certificate. This site uses a security certificate signed by a CA.

A security certificate contains several pieces of information:

• The identity of the web-site or other online service (e.g. "this certificate belongs to www.fosberry.com"),
• The identity of Certification Authority (CA) which has verified the identity of the web-site or online service (one of a large number of recognised certification authorities),
• The encryption key used to send data to the web-site or online service (HTTPS uses Public Key encryption, whereby knowing the key to encrypt a message does not allow you to decrypt messages encrypted using that key).

For banks and other sites/services handling financial or sensitive data, you should insist on a certificate issued by a recognised Certification Authority such as Verisign. For less sensitive online activity, and for completely non-sensitive activity, where all you are interested in is that your online activity is encrypted sufficiently to foil casual monitoring, a self-signed certificate is perfectly adequate (certainly better than no HTTPS at all).

Your browser may give you a warning about there being a mix of secure and non-secure content. The non-secure content is the W3C icons visible in the information pop-up, on some pages, which indicate that the page has been checked for compliance with W3C standards, and which are not available online via HTTPS. You can safely ignore these warnings.

• Cookies

Cookies are small pieces of data, related to specific web-sites, which remember things (your user name, when you last visited, your settings, preferences, etc.) from one session to the next. Your browser security settings determine whether Cookies are allowed or not. A Cookie for one site cannot see the contents of Cookies for other sites (unless your browser has a security bug).

Currently this site does not use Cookies. Although this may change in the future, to improve the user experience, the site will always work with Cookies disabled/blocked. If you are not sure about Cookies, then leave them as blocked. Some browsers will also allow you to inspect the content of any Cookies, to see what data is being remembered.

• Your data

A web-site cannot see the data on your computer's file system unless the user manually chooses to upload a file. There are no file-uploads on this site, so if you are asked to choose a file to upload, you should cancel it.

• Browser data

A web-site like mine (which contains no Java or similar code) cannot see data about recently visited sites or other sites open in other browser windows (unless your browser has a security bug). My site therefore cannot see what other sites you are visiting, or have visited.

• Data stored on my server

This site records data on visitors: your IP address, which pages you load, and the time & date of each page load. This data is not used by me, except for usage statistics, nor is it available to anyone else. I record it in case there is a hacking attack (there are failed attempts every day, but so far only one successful attack), because I may then be able to identify the origin of the attack. If you are really concerned, you can browse the Internet through a proxy server; this will ensure that your IP address and domain name are hidden from all sites that you visit.