Pew Research recently asked adults in the US some basic digital knowledge questions as a part of a research study. Out of 10 questions asked, only 20% scored 70% or higher with correct answers. There are some concerns about the questions Pew used though. While the survey asks some good questions, one of the questions doesn’t relate to digital knowledge. It asks to identify a picture of Jack Dorsey, the CEO of Twitter. In another question, Pew themselves got the answer flat wrong. The question “What does it mean when a website has ‘https://’ at the beginning of its URL, as opposed to ‘http://’ without the ‘s’? ” They say, accessing the website means you send and receive only encrypted traffic. This isn’t technically true. In a website with mixed content, where encrypted and nonencrypted traffic passes to the website the URL contains https:// but some areas of the site send and receive unencrypted traffic. Luckily most browsers warn you with a notification in the address bar if you look for it. See this example for a https URL where you send unencrypted content. https://www.bennish.net/mixed-content.html.
The study’s results explain that privacy policies create a contract between the website and the user. We question this since users and the website never sign anything. Additionally, whomever provides the service can change the policy at any time. This post on Twitter explains why accepting a privacy policy doesn’t mean you have a contract. https://twitter.com/BillMcGev/status/1182335853080829953
Misinformation like this makes educating users on security much harder. If you see a website contains HTTPS, this doesn’t automatically mean everything gets encrypted. Check for any errors in the URL bar before inputting any important information. Companies can’t be sued over breaching their own privacy policies. While you may not have a contract, you can contact the FCC about companies that don’t follow their own privacy policy. The FCC can then investigate and possibly fine the company.