How do I know that the website I entered is safe for my computer? For example this website: Temp-Chat I visited it and saw that there is a sign of a lock on the address but what does that actually mean and does anyone know what the level of security is on this website?
That's the kind of problem that Let's Encrypt doesn't really help with. Whether a site is "safe" can be very subjective and different people may be concerned with different risks. The "lock on the address" only means that your system is actually connecting to a system for the domain name in the address bar, it doesn't say anything about whether that domain name is trustworthy, or is the domain name that you actually meant to type in or link to.
Various browsers have attempts to detect and prevent malicious sites, like Google Safe Browsing and Microsoft Defender Smartscreen. But those certainly won't catch everything, and might be more concerned about risks to your computer from malware than about whether anything shown on a site is true or trustworthy.
5 Likes
Most certitificates are so called "Domain Validated" (DV) certificates and the only thing those certificates do are just that: they validate that the domain (hostname part of the URL to be exact) mentioned in the certificate is actually issued to the owner of that domain name. There are other certificates like Organization Validated (OV) and Extended Validation (EV) certificates where more things are validated, but those are the minority. Let's Encrypt only issues DV certificates.
The only thing a DV certificate says is that the secure (TLS encrypted) connection from your browser to the webserver of the website is made to the webserver which actually belongs to that domain name. I.e.: if someone would somehow hijack the connection, they wouldn't be able to provide the DV certificate and thus your webbrowser would throw an error.
A DV certificate does NOT say ANYTHING about the trustworthiness of the website itself: not anything about the contents of the website (it might be hacked) or the owner/operator of the website (they might be criminals to begin with).
What do you mean by "level of security"? Resistance to hacking? Certificates have nothing to do with how secure a website is agains attacks or things like that.
1 Like
Surprised this wasn't already shared here:
OP, no certificate authority--neither Let's Encrypt nor anyone else--can or does certify that the site you're dealing with are "good guys." The most they can certify is that the site is who they say they are, within the scope of the certificate[1], and that you're having a private conversation. But for all they know, you could be having a private conversation with Satan himself.
with Let's Encrypt, that means the domain name you've entered in your browser is actually the domain name you're talking to ↩︎
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.