Facts matter: Sign up for the free Mother Jones Daily newsletter. Support our nonprofit reporting. Subscribe to our print magazine.


Via Tyler Cowen, this comes from a Microsoft Research paper about why ordinary people are probably justified in ignoring most security advice on the internet:

Browser vendors have invested considerable effort in making it harder to ignore certificate errors. In Firefox version 3, when encountering an expired, invalid or self-signed certificate the user sees an interrupt page explaining that the SSL connection failed. If he chooses to add an exception he sees another interrupt page with more warnings and a choice to add an exception or “get me out of here.” If he elects (again) to add an exception he must click to get the certificate, view the certificate, and then add the exception. Internet Explorer 8 is somewhat less intrusive, but the procedure also seems designed to suggest that adding exceptions is very risky. Is it? Ironically, one place a user will almost certainly never see a certificate error is on a phishing or malware hosting site. That is, using certificates is almost unknown among the reported phishing sites in PhishTank. The rare cases that employ certificates use valid ones. The same is true of sites that host malicious content. Attackers wisely calculate that it is far better to go without a certificate than risk the warning. In fact, as far as we can determine, there is no evidence of a single user being saved from harm by a certificate error, anywhere, ever.

I’ve long wondered about those certificate errors I get from time to time, but apparently they’re just that: errors. Now I know I can just ignore them and still sleep soundly at night.

THE END...

of our fiscal year is Thursday, June 30, and we have a much larger fundraising gap than we can easily manage with only days left to go.

Right now is no time to come up short: If you value the hard-hitting, democracy-protecting, justice-advancing journalism you get from Mother Jones, please help us keep charging as hard as we possibly can with a much-needed and much-appreciated donation today.

payment methods

THE END...

of our fiscal year is Thursday, June 30, and we have a much larger fundraising gap than we can easily manage with only days left to go.

Right now is no time to come up short: If you value the hard-hitting, democracy-protecting, justice-advancing journalism you get from Mother Jones, please help us keep charging as hard as we possibly can with a much-needed and much-appreciated donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate