• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Pew Research Spreading Misinformation

October 18, 2019 By Trevor Collins

Girl facepalming

Pew Research recently asked adults in the US some basic digital knowledge questions as a part of a research study. Out of 10 questions asked, only 20% scored 70% or higher with correct answers. There are some concerns about the questions Pew used though. While the survey asks some good questions, one of the questions doesn’t relate to digital knowledge. It asks to identify a picture of Jack Dorsey, the CEO of Twitter. In another question, Pew themselves got the answer flat wrong. The question “What does it mean when a website has ‘https://’ at the beginning of its URL, as opposed to ‘http://’ without the ‘s’? ” They say, accessing the website means you send and receive only encrypted traffic. This isn’t technically true. In a website with mixed content, where encrypted and nonencrypted traffic passes to the website the URL contains https:// but some areas of the site send and receive unencrypted traffic. Luckily most browsers warn you with a notification in the address bar if you look for it. See this example for a https URL where you send unencrypted content. https://www.bennish.net/mixed-content.html.

The study’s results explain that privacy policies create a contract between the website and the user. We question this since users and the website never sign anything. Additionally, whomever provides the service can change the policy at any time. This post on Twitter explains why accepting a privacy policy doesn’t mean you have a contract. https://twitter.com/BillMcGev/status/1182335853080829953

Misinformation like this makes educating users on security much harder. If you see a website contains HTTPS, this doesn’t automatically mean everything gets encrypted. Check for any errors in the URL bar before inputting any important information. Companies can’t be sued over breaching their own privacy policies. While you may not have a contract, you can contact the FCC about companies that don’t follow their own privacy policy. The FCC can then investigate and possibly fine the company.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The White House Tackles AI
  • What to Expect from NIS2

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Grading our 2023 Security Predictions
  • What to Expect from NIS2
  • Combined Cyber and Kinetic Warfare
  • The White House Tackles AI
  • The Threat Actor That Hacked MGM
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use