Web浏览器提示：为Facebook，Twitter，Wikipedia和Google使用安全连接

To a large degree the steps outlined in this article have been superseded by the availability of the HTTPS Everywhere extension, which automatically makes your browser use secure communication on every website that offers it. This article has been kept as a useful background piece; more information can be found in the Harden Your Browser article.

HTTPS Everywhere扩展的可用性在很大程度上取代了本文概述的步骤，该扩展自动使您的浏览器在提供该功能的每个网站上使用安全通信。 本文已保留为有用的背景文章。 有关更多信息，请参见“ 强化浏览器”一文 。

By default, information transmitted over the Internet is sent “in the clear”, i.e. as plain text. A password field in a form may display your keystrokes as dots, but that only prevents someone from literally standing over your shoulder and reading it. When you fill out a form and press submit, or when you use an instant messaging service, all information is sent as plain text by default. In theory, anyone sitting between you and the web server could read that data.

默认情况下，通过Internet传输的信息是以明文形式(即以纯文本形式)发送的。 表单中的密码字段可能会将您的击键显示为点，但这只能防止某人直面您的肩膀站立并阅读它。 当您填写表单并按提交，或使用即时消息服务时，默认情况下，所有信息均以纯文本格式发送。 从理论上讲，坐在您和Web服务器之间的任何人都可以读取该数据。

https is the secure transmission of data between the client and the server, meaning that, in theory, no-one – not an employer, not a library, not an internet café, and not a government agency – can read the information during transmission. It is not foolproof, and it is not a guarantee of absolute confidentiality (nothing ever is), but it's a very good start, and reduces opportunities for identity theft.

https是客户端与服务器之间数据的安全传输，这意味着从理论上讲，没有人-雇主，图书馆，网吧和政府机构-不能在传输期间读取信息。 它不是万无一失的，也不是绝对保密的保证(从来没有)，但这是一个很好的开始，并减少了身份盗用的机会。

Some websites insist on using the secure protocol when you visit (financial institutions, gMail, logging in to Amazon) and some offer it as an option (Twitter, Facebook). Generally speaking you should use a secure connection to a site when it is offered; the only downside is that the data, being encrypted, may take slightly longer to be sent back and forth.

有些网站在您访问时坚持使用安全协议(金融机构，gMail，登录到Amazon)，而另一些网站则将其作为选项提供(Twitter，Facebook)。 一般来说，提供站点时，您应该使用安全连接； 唯一的缺点是，被加密的数据可能需要稍长的时间来回发送。

如何判断我是否有安全连接？ (How Can I Tell If I Have a Secure Connection?)

An encrypted connection is shown in slightly different ways in different browsers (and within different versions of the same browser):

在不同的浏览器中(和同一浏览器的不同版本中)，加密连接的显示方式略有不同：

In Chrome: a secure connection is shown in the URL bar; this is also one of the few times that you will see anything before the domain name or the www in Chrome. The

https:// protocol is in green, as is a little green padlock to its immediate left. Left-clicking on that icon will provide more information about the security level of the connection.

https：//协议为绿色，其左侧的绿色挂锁也是如此。 左键单击该图标将提供有关连接安全级别的更多信息。

In Firefox and Safari, the fact that you are using

https is shown in the URL bar. In Firefox, clicking on the favicon for the site to the immediate left will show more information about the level of security in place over the connection.

https的事实。 在Firefox中，单击最左侧网站的图标将显示有关连接上的安全级别的更多信息。

加密并不意味着“安全” (Encrypted Does Not Imply “Safe”)

People sometimes assume that encryption means that the site is somehow “safe” or vetted by the browser. The only implication that encryption has is that your data is resistant to a so-called “man-in-the-middle” attempt to steal it. Encryption does not imply that the site is trustworthy, or that it has good service, or even that you are connected to the server you think you are.

人们有时会认为加密意味着该网站以某种方式“安全”或被浏览器审查。 加密的唯一含义是您的数据可以抵抗所谓的“中间人”窃取数据的企图。 加密并不表示该站点是可信任的，也不表示它具有良好的服务，甚至不表示您已连接到您认为的服务器。

如何在Facebook，Twitter，Wikipedia和Google上使用https？ (How Do I Use https on Facebook, Twitter, Wikipedia and Google?)

At the simplest level, typing in https:// before the URL will use a secure connection if it is available. If you wish this to be a permanent choice, so that https is used by default on the site every time you visit, do the following:

在最简单的级别上，如果URL可用，则在URL之前使用https：//进行键入。 如果您希望这是一个永久选择，那么每次访问该网站时，默认情况下都会使用https ，请执行以下操作：

脸书： (Facebook:)

Go to https://facebook.com/editaccount.php

转到https://facebook.com/editaccount.php

Under “Account Security” turn on the “Browse Facebook on a secure connection (https) whenever possible” option and click on “Save”

在“ 帐户安全 ”下，打开“ 尽可能通过安全连接(https)浏览Facebook ”选项，然后单击“ 保存 ”

对于Twitter： (For Twitter:)

Go to https://twitter.com/settings/account

转到https://twitter.com/settings/account

At the bottom of the page, turn on “Always use HTTPS” and click on “Save”

在页面底部，打开“ 始终使用HTTPS ”，然后单击“ 保存 ”

Now both services will use https by default from any machine you use to visit them from.

现在，默认情况下，这两种服务都将在您用来访问它们的任何计算机上使用https 。

谷歌： (Google:)

Google is now rolling out HTTPS-by-default across all Google sites and services and for all countries, but only with preference for logged-in Google users: if you have gMail open in a browser tab, for example, all other Google services used in that browser will use HTTPS.

维基百科： (Wikipedia:)

Like Google, Wikipedia does not require an account in order to access its secure servers. You simply need the correct URL - (

https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page) - to provide a secure connection. However Wikipedia does not yet secure all of its communication, so pages received from the server will be “mixed” content: text is encrypted during transit, but images (as of this writing) are not. Your browser will likely make note of this fact. Still, using even partial encryption is preferable to none at all.

https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page )-提供安全的连接。 但是，维基百科尚未确保其所有通信的安全，因此从服务器接收的页面将是“混合”内容：文本在传输过程中被加密，但是图像(在撰写本文时)尚未被加密。 您的浏览器可能会注意到这一事实。 但是，即使使用部分加密也比根本不使用。

As an alternative to all of these, you can use a browser extension such as HTTPS-Everywhere, which will force websites that you visit to use a secure connection if it is available. However, this is a per-browser approach (the extension must be on every computer and every browser you use) rather than a service-based approach (typified by the steps above, in which you are telling the service to always use https no matter where you are connecting from, or what browser or device you are using to do so). Per-browser tends to be less efficient.

作为所有这些的替代方案，您可以使用浏览器扩展程序，例如HTTPS-Everywhere ，它将强制您访问的网站使用安全连接(如果可用)。 但是，这是一种基于浏览器的方法(扩展名必须在您使用的每台计算机和每个浏览器上)，而不是基于服务的方法(由上述步骤代表)，在该方法中，您告诉服务始终使用https您从哪里连接，或者您使用什么浏览器或设备进行连接)。 每个浏览器的效率往往较低。

翻译自: https://thenewcode.com/298/Web-Browser-Tips-Use-A-Secure-Connection-For-Facebook-Twitter-Wikipedia-amp-Google