极客时间和极客学院_极客需要告诉我们的父母有关安全可靠地在线购物的信息-CSDN博客

本文讲述了互联网的安全问题，强调了理解网址、DNS工作原理以及识别安全网站的重要性。作者建议，当在网上购物或提供个人信息时，应注意网址是否正确，是否存在安全锁标志，并使用如OpenDNS等工具增强安全性。此外，他还推荐安装信任网络插件来避免访问恶意网站，以保护父母在网上的安全。

摘要由CSDN通过智能技术生成

极客时间和极客学院

Mom and Dad, it's a dangerous Internet. You like it and you use it but you don't understand it. I totally get that. I don't understand plumbing. I know that the sink drain goes into the bendy thing and then into the wall. After the pipe hits the wall, as far as I know, it's turtles all the way down. I assume the Internet feels about the same to you.

爸爸妈妈，这是一个危险的互联网。您喜欢它并使用它，但您不了解它。我完全明白。我不懂管道。我知道水槽排水口进入弯曲的物体，然后进入墙壁。据我所知，管道撞到墙后，一直都是乌龟。我认为互联网对您的感觉差不多。

I don't want to condescend or imply that the web is a series of tubes. You're not interested in knowing all the details and I'm not a plumber, but there's a minimum amount of stuff you should know to be safe. You don't need to memorize this stuff, but it's nice to know generally where the pipes go and when to call a plumber. Or me.

我不想屈服或暗示网络是一连串的管子。您对了解所有细节都不感兴趣，而且我不是水管工，但是为了安全起见，您应该知道的东西最少。您无需记住这些内容，但是很高兴能大致了解管道的去向以及何时呼叫管道工。或者我。

查找网址 (Looking up web addresses )

When you type in an address www.amazon.com in your browser, your computer queries the Internet's Yellow Pages and tries to find out exactly where amazon.com is. These yellow pages are called DNS (Domain Name Services). This is just like me taking your home address and getting a latitude and longitude location on a map, then going there.

在浏览器中输入地址www.amazon.com时，计算机将查询Internet的黄页，并尝试找出amazon.com的确切位置。这些黄页称为DNS(域名服务)。就像我带着您的家庭住址并在地图上获得经纬度位置，然后去那里。

Just like it's easier to remember an address like "6 Main Street" than some numbers like latitude and longitude. It's easier to remember "amazon.com" than it is to remember a number like 194.105.56.3. An address is a convenience.

就像记住“ 6 Main Street”之类的地址比像纬度和经度这样的数字要容易得多。记住“ amazon.com”要比记住194.105.56.3这样的数字容易。地址是一种方便。

However, do you trust the Yellow Pages? One day a book showed up on your doorstep, you reference it and it tells you where stuff is. What if an evil-doer dropped pretend Yellow Page books on everyone's doorstep and folks who wanted to go to the store were sent somewhere evil? Hopefully at some point you'd "feel wrong" about the directions you were given and you'd question yourself.

但是，您相信黄页吗？有一天，一本书出现在您的家门口，您可以参考它，它告诉您东西在哪里。如果一个邪恶的人假装在每个人家门口的黄页书上，而那些想去商店的人被送到邪恶的地方怎么办？希望在某个时候，您会对给出的指示感到“错误”，并会对自己提出疑问。

For the most part, you're usually OK, but if you ever type an address and go somewhere that feels wrong, ask someone. There are toolbars and weird little evil bits of software (called malware or adware or spyware) that can "hijack" your browser. They deliberately give your browser incorrect directions in order to get you to go to their site.

在大多数情况下，您通常都可以，但如果您键入地址并进入感觉不对的地方，请咨询某人。工具栏和一些奇怪的恶意软件(称为恶意软件，广告软件或间谍软件)可以“劫持”您的浏览器。他们故意为您的浏览器提供错误的指导，以使您进入他们的网站。

It'd be like calling the operator and asking for directions to the Safeway Market and having the operator give you directions straight to Thriftway. You didn't know you couldn't trust the operator!

这就像打电话给运营商并询问前往Safeway市场的路线，然后让运营商直接向您发送Thriftway路线一样。您不知道您无法相信接线员！

开发您的Internet Street Smarts (Develop your Internet Street Smarts)

If I tell you to go to www.amazon.com you should usually feel OK about that. If someone tells you to go to www.payments-secure-amazon.com you should think that smells fishy. Keep your head up and protect your neck.

如果我告诉您访问www.amazon.com，您通常应该对此感到满意。如果有人告诉您去www.payments-secure-amazon.com，您应该认为它闻起来很腥。抬起头，保护脖子。

See the picture below? It looks like a link to amazon.com and I'm about to click on it, but see the down at the bottom there's a little window that shows a different website. The blue link is under evil guy's control and can say anything, but the one at the bottom is a hint from your browser that something is fishy.

看到下面的图片吗？它看起来像是指向amazon.com的链接，我将要单击它，但在底部的底部看到一个小窗口，显示了另一个网站。蓝色链接受邪恶分子控制，可以说任何话，但底部的那个链接是您的浏览器提示某些内容可疑。

The browser you use might show this in a different way, but the idea is the same. If someone gives you a link that smells fishy, use your judgment. Develop a healthy - but not paralyzing - suspicion. Everyone in the world isn't out to get you, but pickpockets do exist.

您使用的浏览器可能以不同的方式显示此内容，但是想法是相同的。如果有人给您一个闻到鱼腥味的链接，请运用您的判断。产生健康的但不麻痹的怀疑。世界上的每个人都不会想骗你，但扒手确实存在。

Here's some hints on what to look for. Try to think about not as a scary computer thing but rather use the common sense you've developed in the real world. When you go to Macy's to shop, does it look and smell and feel like Macy's? How do you know it's not a fake Macy's façade that someone put up with cardboard?

以下是有关寻找内容的一些提示。尽量不要将其视为可怕的计算机，而应使用您在现实世界中开发的常识。当您去梅西百货购物时，它的外观，气味和感觉是否像梅西百货？您怎么知道有人用硬纸板装上假冒的梅西百货立面？

地址是否与徽标匹配？ (Does the address match the logo?)

Take a look at this screenshot. Is this a real Abercrombie & Fitch store? The logo says it is, but that address is kind of smelly, don't you think?

看一下这个屏幕截图。这是一家真正的Abercrombie＆Fitch商店吗？徽标上写着是，但是那个地址有点臭，你不觉得吗？

Fake - Shop Abercrombie & Fitch UK Online - Discount Abercrombie and Fitch Clothing Sale

Lets say I start shopping at this fishy site anyway. When I start putting things into my shopping cart and giving a store money OR my personal information, a reputable site should change our conversation to a secure line.

可以说我还是开始在这个可疑的地方购物。当我开始将东西放入购物车并给商店存钱或提供我的个人信息时，信誉良好的网站应将我们的对话更改为安全的线路。

Just like in spy movies we hear the lead say "Is this phone encrypted? Don't call me from an insecure line, do you want to get us all killed!?!" you want to think in the same terms.

就像在间谍电影中一样，我们听到主角说：“这部手机是否已加密？请不要从不安全的线路打给我，您想让我们所有人都被杀！！！” 您想以同样的方式思考。

私人对话 (A Private Conversation)

Is your conversation with a website private? Here's the fake site on the left and the real one on the right. See how a little lock appeared? That means the conversation we're having with that site is private.

您与网站的对话是否私密？这是左边的假网站，右边是真实的网站。看到一点锁出现了吗？这意味着我们与该站点的对话是私人的。

Now, please, read this part carefully, Mom and Dad. The lock says the conversation is private, but the lock doesn't say I should trust them. You can have a private conversation with a bad guy. There are bad sites with this little lock.

现在，请爸爸妈妈仔细阅读这一部分。锁表示对话是私人的，但是锁没有说我应该信任他们。您可以和一个坏人私下聊天。有这个小锁的坏站点。

HTTPS (SSL) doesn't mean "I can trust this site," it means "this conversation is private." You still might be having a private conversation with Satan. - Scott Hanselman

HTTPS(SSL)并不表示“我可以信任此站点”，而是表示“此对话是私人的”。 您可能仍在与撒旦进行私人对话。 -斯科特·汉瑟曼(Scott Hanselman)

Trust and Privacy are different things. "Do I trust this person" and "Is our conversation private?" are different questions. You want to answer yes to both questions before you give a company your credit card number.

信任和隐私是不同的东西。 “我信任这个人”和“我们的谈话是否私密？” 是不同的问题。 在向公司提供信用卡号之前，您想对两个问题都回答“是”。

A fake site and a real site, side by side

I can click on the lock at the https://www.abercrombie.com website to see a bunch of techie stuff. That techie stuff is not as interesting as is the other locks and information. There's two green locks assuring me of the privacy of our interaction, but more importantly I can see I've never visited this site before.

我可以在https://www.abercrombie.com网站上单击锁，以查看大量技术人员的东西。这些技术人员的东西没有其他锁和信息那么有趣。有两个绿色的锁可以确保我与我们互动的隐私，但是更重要的是，我可以看到我从未访问过此站点。

But what if I know I have visited the site? What if I visit this site every day and now here it is saying I don't? This is a good time to look around and make sure I am where I think I am. Check the address again, just like you would in real life before you ring the doorbell.

但是，如果我知道我已经访问过该网站怎么办？如果我每天都访问此站点，现在却说我不访问该怎么办？这是环顾四周并确保我在我想的位置的好时机。 再次检查地址，就像在现实生活中敲门铃一样。

Clicking on the SSL Lock gives more information

Compare this to Amazon, a site I do visit all the time.

将此与我一直访问的站点亚马逊进行比较。

值得信赖的对话 (A Trusted Conversation)

If you're going to do some online banking, you should expect to see that lock as soon as you get to the bank's site.

如果您打算进行一些网上银行业务，则应该期望在进入银行站点后立即看到该锁。

Large, reputable banks should use a special lock on their sites. See this https://www.bankofamerica.com site in three different browsers below? The address bar has turned green. This means that not only is our conversation private but that a company has checked to make sure it's really Bank of America. This means I can trust them AND our conversation is private. These are called "high assurance" or "extended validation" certificates if you want to tell your local credit union or community bank to get one.

大型信誉良好的银行应在其站点上使用特殊的锁。在以下三种不同的浏览器中看到此https://www.bankofamerica.com网站吗？ 地址栏变为绿色。 这意味着我们的对话不仅是私人的，而且公司已经检查以确保它确实是美国银行。这意味着我可以信任他们，并且我们的对话是私人的。如果您想告诉当地的信用合作社或社区银行获得证书，则称为“高保证”或“扩展验证”证书。

Just like Scully and Mulder check other agent's IDs before talking to them, you should be checking the identification of websites you talk to.

就像Scully和Mulder在与其他代理商进行对话之前先检查它们的ID一样，您应该检查与之交谈的网站的标识。

要问的问题 (Questions to Ask)

Ask yourself these questions when you start giving away your name, address or credit card online.

当您开始在线提供您的姓名，地址或信用卡时，请问问自己这些问题。

Does the address for this website look correct?
该网站的地址看起来正确吗？
Does the site look real? Have I been here before?
该网站看起来真实吗？我以前来过这里吗？
How did I get to this site? Did I use a bookmark or did I click on an email from a stranger?
我如何到达这个网站？我使用书签还是单击陌生人的电子邮件？
Is there a lock in the address bar?
地址栏中是否有锁？
For banks or finance sites, is the address bar green? What does it say when I click on it the lock?
对于银行或金融网站，地址栏是否为绿色？当我单击锁时，它说什么？

技术人员可以做什么来帮助我们的父母？ (What can Techies do to help our parents?)

Consider setting Mom and Dad up with OpenDNS. It's not only a trusted DNS Service (That's Yellow Pages, Mom, if you're still here) but OpenDNS can block inappropriate sites for the whole family no matter what browser you use.

考虑使用OpenDNS设置爸爸妈妈。它不仅是受信任的DNS服务(如果您还在这里，那就是黄页，妈妈，)，无论您使用哪种浏览器， OpenDNS都可以阻止整个家庭使用不适当的网站。

If you (or Mom) had the Web of Trust installed, this is what you would have seen when visiting an evil site like this. I'm installing this free tool on Mom's machine today. It's a browser plugin that uses other people's experience to augment yours!

如果您(或妈妈)安装了信任网络，这是您在访问此类邪恶站点时所看到的。我今天要在妈妈的机器上安装这个免费工具。这是一个浏览器插件，可以利用他人的经验来增强您的经验！