Surfing & Emailing

This document will help you to safely surf (move around) the web and handle emails properly. Some information is a bit technical, but you should go through all of it once.

HTML

The basic elements of the Internet (World Wide Web) are HTML files and HTML rendering browser programs and email programs.

HTML is the HyperText Markup Language.

It allows the creation of computer files which are rendered (processed) by programs to produce desired effects. In fact, this document is written in HTML. Computer instructions are included in it to create headings, skip lines, embed images, and even bold characters. Specifically, the word "bold" (both here and in the previous sentence) is coded as:

<b>bold</b>

Hyperlinks

A hyperlink (or link) is an HTML instruction which causes a word or section of the currently-displayed web page (possibly even a portion of an image) to be clickable. When clicked, the rendering program will fetch (read) another web page, jump to a different location on the current page, download a file, or take some other action. This is the mechanism which makes surfing the Web so easy.

However, link HTML instructions, like the bold instructions above, obviously hide some information from you. Specifically, the text that you see in a link may be unrelated to the code instructing the rendering program what to do when you click the link.

For example, the following link:

www.google.com

will not take you to the Google website. Instead, it will just take you to the bottom of this page (Try it! Then click Back or the browser's BackButton to return here).

How can that be? Well, it's just the way it's coded, which is:

<a href = "#bottom">www.google.com</a>

So you see, when you click on a link, you should have a pretty good idea of what's supposed to happen, and who created the link (someone you can trust).

Mouse-Over

In fact, HTML also allows actions to be initiated just by mousing over (simply moving the cursor over an area of the current page). This makes it even more important for you to be able to trust the web material you are surfing.

Web Browsers

Web browsers are programs which render HTML and present the resulting output to you on your screen. Some popular browsers are: Microsoft Edge, Mozilla FireFox, Google Chrome, Opera, Safari, and many more.

Addressbar

The web browser addressbar (or locationbar) is used to enter a specific web address (e.g., "www.somename.com"), which is also known as a url (universal resource locator) to fetch. You then press Enter or click Go, and the browser contacts the website with the request.

Warning:
Do not confuse the browser addressbar with a search engine input box (as found, for example, on the real www.google.com web page).

Search Engines are designed to search the web for items which are related to your input, but not necessarily the single specific thing that you enter.

If you specify an incorrect web address, some web browsers, in some instances, will automatically execute a web search and present you with the first result of that search, so that the next web page you see might not be what you intended.

Be careful!
The reason you must be careful is as follows:

Say you wish to go to "www.bankwell.com" and accidentally enter "www.bankweil.com" (mis-typing the "I" for an "L"). Now suppose that someone has created a website named "www.bankweil.com", and has copied all the relevant web pages from the real "www.bankwell.com".

As a result, you would see web pages that look exactly like bankwell.com's, but actually could be some crook's counterfeit website!

Don't let this happen to you, because the next thing you'll probably be asked to do is enter your username and password to access your account information. If this is indeed a counterfeit website, you'll be giving away the items a crook needs to steal your identity.

Criminals create websites with names similar to legitimate websites, but with common transpositions of mis-typed letters, numbers, etc. There is some policing of these website names, but you still must be careful.

So, you must be sure to enter the correct web address. Obtain it directly from the resource you want. In this example, you would call the bank or get it from a monthly bank statement.

You should examine your browser's "Search from Address Bar" options/facilities, and disable them.

Protocol

The addressbar is also where you can see the result of a page request. That is, after fetching and displaying a web page, the addressbar is set with information about the page.

For example, if you request the following page:

www.bankofamerica.com

the addressbar might be set to:

https://www.bankofamerica.com/index.jsp

The https indicates that the web page was transmitted to your browser using the "HyperText Transfer Protocol Secure", which means that the information being sent/received is encrypted (scrambled), making it difficult to understand if surreptitiously viewed.
Some browsers change the color of the addressbar to indicate https is being used, or even display a padlock on the statusbar.

The /index.jsp indicates a particular resource on the website. This might be a page of text, or a program which performs some task.

Statusbar

The statusbar is usually at the bottom of the browser's window, and displays information about the current web page, browser activity, and more. It may also be a floating or pop-up window of information which appears when the cursor hovers over a link before clicking.

Specifically, when you hover over a link, the web address associated with the link will be displayed in the statusbar.

Try it on this link: Hover here

You should see: "...This link goes nowhere!" in the statusbar. If not, examine your web browser options, and turn this feature on.

Also, some browsers allow a right-click on a link to display a Properties menu-item, which shows additional information about the link.

Cookies, Active Content, Scripting

Cookies are text files that your browser writes on your computer disk drive. These allow websites to "remember" (by reading these files) that you visited them previously, and perhaps specified certain preferences for your browsing experience, etc. Generally, these files are safe, and should be allowed in the browser's options.

Active Content refers to elements embedded within a web page which are dynamic. These can range from a simple audio file playing background music while you surf, to complicated scripting programs which can interact with your mouse, keyboard, disk drive, microphone, etc., allowing web authors to create a much richer browsing experience.
With these facilities, such things as pop-up balloons, automatic tables-of-content, floating menus, and dynamic page content are possible.

In fact, if this web page is accompanied by a table of contents in the left column, then JavaScript, operating on the Document Object Model (a standardized representation of a document and the browser's state) is active. If so, you may scroll the table of contents, click on an entry, and thus reposition this page.

Some of these facilities are enabled in the browser by default (like JavaScript, VBScript, Active-X, and .NET). Others, such as multi-media players, will pop-up Download / Install dialogs when you first try to use them.

Plug-Ins, Applets, Download / Installs

As more content appears on the web, so, too, more programs are written to render it. No single web browser is capable of rendering all the various media types that are now available.

Thus, Plug-Ins are developed to perform this task. Plug-Ins are browser 'helper' programs which you voluntarily Download and Install on your computer. Then, when your browser encounters a particular type of media, the appropriate Plug-In is called to process it.
There may be several Plug-Ins available to handle any particular type of media. It's like viewing a show on different TV's: The content is the same, but the rendering and controls may differ.

Applets (application-lets) are programs that run within another program (like your browser). They function like Plug-Ins, but are not associated with media types, and are typically started manually (by mouse-click or -hover).

You must use caution when you Download / Install Plug-Ins, applets, and programs, obtaining only legitimate software.

There's a long list of legitimate software providers (Microsoft, Adobe, RealNetworks, Apple, etc., etc.) who have created many significant Plug-Ins and programs. In fact, one of the great strengths of the web is the literally millions of lines of programming that are available for almost any conceivable aspect of life.

When you surf to popular websites (like Google, YouTube, or WCBSTV) you can be sure that anything they offer for download is OK.

However, you must be wary of third-party or "mirror" sites (possibly linked-to by Google, YouTube, etc.) that offer downloads: It is possible for unscrupulous people to piggy-back malicious software on a seemingly harmless download. Download files from such sites can have the same name, but different contents.

Malware: Adware, Spyware, Trojans, Viruses, Worms

Malware (malicious software) and Adware (advertising software) refer to cookies and/or programs that criminals or advertisers install on your computer which may pop-up windows during your browsing to sell you something, track your browsing (so they can try to figure out what to sell to you), or otherwise disturb your computing experience. Spyware, Trojans, Viruses, and Worms are types of malware that you don't want on your computer. Therefore:

It is imperative that you run an anti-virus program on your computer.

Anti-virus programs screen downloads, emails, and email attachments, removing such harmful malware before it can infect your computer.

Such anti-virus programs are often available freely from your ISP (Internet Service Provider), or as freeware (free software) on the web. The best of these programs (by Norton, McAfee, Kaspersky, AVG, Avast!, and others) maintain current virus definitions by periodically downloading a file from the company's servers.

There are other security methods used on the web to ensure software legitimacy, such as "Digital Signatures" and "Digital Certificates" that are associated with files and providers which can be verified. However, a good anti-virus program with current virus information will normally suffice.

Accounts

In order to identify yourself to a website, you are often asked to register by creating an account, consisting of a username (or userid) and password.
This provides a way for the website to customize your web surfing experience.

Username

The username is a public identifier.
It might appear on the "home" page of the website you're visiting in a salutation, like:

Hello username

Or, it might be published to other users of the same site, so that they can communicate with you.

Some websites request your email address as your username or as a separate item. This is useful because your email address is unique to you, since each ISP (like AOL, Comcast, etc.) must assign a different email address to each customer, to be able to correctly deliver your mail.

Password

Your password, however, is a private identifier.

It should only be known to you.

You should ensure that your password can't be guessed or figured-out. Don't use your name, birth-date, house address, anything related to you or your life, or a single common word, etc. A fairly good choice is a combination of some words with numbers or punctuation between them. For example:

dog56punch8ralph
or,
candle4leaf15picture

Also, don't use the same password on multiple websites: Would you like it if your email provider also knows your bank-logon password? No.

Websites have varying criteria for usernames and passwords: length, disallowing certain characters, etc. The username that you request on a particular website may already be in use by someone else. Be patient, and thoughtful about this.

SiteKey

In order to prevent the disclosure of your username and password to illicit websites (see Addressbar above, and Phishing, below), some websites have instituted a SiteKey security procedure, as follows:

During the registration process, you select an image and/or phrase for verification.

During logon, after entering your username, the image and/or phrase is presented to you. Since this information is known only to you and the legitimate website, you can be sure that you're really communicating with the right website if the image/phrase is the correct one.

Only after you verify the correct SiteKey do you enter your password, and complete the logon process.

If you don't recognize the SiteKey, you don't enter your password, thus keeping it from being disclosed.

Favorites / Bookmarks

As you surf the web, you will collect many website/username/sitekey/password sets.
All web browsers have a Favorites (or Bookmarks) capability to save and quickly access stored websites with their associated web address. Make sure that you save the correct web address.

For each website, you must also keep a record of these username/sitekey/password sets.
Do not keep this information near your computer or workspace when you're not around. If someone accesses or steals your computer but doesn't have your username/sitekey/password list, then your web-based information is still safe.

Some browsers have the option of "remembering" usernames and passwords, and automatically inserting them when you surf to specific websites.
There are also separate programs which allow you to store such information on your computer in encrypted files. If you choose to use these facilities, make sure that you understand their capabilities and pitfalls, if any.

Again, if you allow your browser to automatically supply usernames and passwords, what happens if your computer is stolen?

Email Programs

All modern email programs render (and can create) HTML messages. Popular ones are: Microsoft Outlook, AOL, Mozilla Thunderbird, and many more.

This allows authors to create email messages which contain links. It's a very convenient way to send a message to someone, and point them to an interesting item on the web. You just include the appropriate link. The reader then clicks the link, which starts their default web browser, and the item is presented.

Phishing

Crooks send emails which are made by copying pages from legitimate websites (banks, stores, services, etc), claiming that some change has to be made to your account for some reason. Would you please click this link, then do this and that, then make the required changes? No! Don't do it!

This trick is known as phishing. It has the same trappings as a counterfeit website.

New versions of web browsers have anti-phishing facilities. They try to determine if the link you click is legitimate. They maintain lists of known, suspect web addresses, and will warn you if you attempt to surf to these websites, but you still must be careful.

Don't even click on unsubscribe or opt-out links, which are supposed to eliminate you from advertising emails (spam), or the like. Doing so only sends an email to someone, announcing that, in fact, you really exist!

Firewall

A firewall program (or device) monitors and controls the flow of data between your computer and other computers or devices. Rules can be set to allow only certain types of communications traffic.
For example, there's a type of data request which can devulge your computer's existance. This is a relatively harmless type of traffic.
However, certain types of viruses, if activated on your computer, attempt to act like web servers, creating unsolicited communications with other computers. A properly-configured firewall will stop such traffic.

All the major operating systems either have built-in firewall routines or allow firewall programs to be utilized. There are freeware firewall programs available, also.

Public Access

A skeptical approach must be taken to public-access internet connections. These range from computers in friends' homes to kiosks in hotel lobbies, WiFi Hotspots in restaurants, cafes, or airports, or WiFi networks in hotels and condos.

Keyloggers and ScreenGrabbers

A Keylogger program is one which captures every keystroke on a computer keyboard and secretly makes that information available by either saving it in a file, or transmitting it somewhere on the internet.

A ScreenGrabber program is one which captures an image of the computer screen, and can save or transmit it just like a keylogger program.

If such a program is running on a computer that you use, even password-protected information is vulnerable*.

Now, this is not to say, for example, that if you go to a friend's house, and start to do some work on the internet, that he's intentionally capturing your passwords for criminal use.

However, it may be that your friend does no important work on the internet, and doesn't care about security. In such a case, perhaps a keylogger or screengrabber program was accidently downloaded and installed.
And perhaps this program sends a record of each keystroke or every completed input screen to a criminal's computer somewhere on the internet.

You don't want this to happen while you're paying your bills through your online banking facility.

Similarly, kiosks and shared public computers (often in hotel lobbies or "computer rooms") may have such malware running. Even computers in well-known establishments may be compromised because anyone using the computer before you may have installed such a malicious program. Therefore:

For safe, secure web surfing, you cannot use public-access computers or terminals.*1

Network Access: Ethernet, WiFi, HotSpots

Ethernet is a cabled connection to an access point which may then be connected to the internet.

WiFi and Hotspots are wireless access points which may then be connected to the internet. Such access points are actually radio transmitters/receivers which talk wirelessly to your computer, and then send/receive the information to/from the internet.

There are some dangers here which you must be aware of:

Network Spoofing

Imagine that you're staying at a "Motel 21" somewhere, and when you check in, you're told that WiFi is available. So you check in, get comfortable, start your computer, and, using your wireless network software you see that the following networks are available:

motel215O4
motel21502
motel21501
motel21503
linksys
berb042

You then click on the first entry, and connect to motel215O4, and begin your work.

The problem here is that motel215O4 is not valid!

Notice that there is a difference between the letter "O" in "motel215O4" and the number zero in the other "motel215nn" specifications (This will be more or less obvious, depending on the font you're looking at).
In this scenario, "motel215O4" could be a criminal's computer that is "spoofing" a real Motel 21 access point. That is, it appears to be a valid network, but is actually inspecting all information that it receives, and then passing it along through another network connection.

Your computer's wireless software may even be configured to automatically logon to whatever access point it finds, without even informing you.

Clearly, there is a risk here. Therefore:

You must be sure of your network connections.

Network Logon Passwords, Encryption

Now, let's assume that you have connected to a legitimate WiFi/Hotspot network, and you begin to do your work. You logon to your email account, and then onto your bank account.

The consideration here, is that if you logged on to a WiFi network without having to specify a network logon password, you may be transmitting at least some of your information in clear text. That is, the data is humanly readable. Remember, the data is being transmitted everywhere on a simple radio signal.
Requiring a network logon password might mean that the data being transmitted between your computer and the access point is encrypted, making understanding such information much more difficult (but not impossible). However, just requiring a logon password is not proof of encryption. Therefore:

You should inquire about network encryption.

Network Admin Passwords

When a WiFi access point (typically a router) is added to a network, it must be configured by an administrator. There are many options, such as enabling encryption, which computers are allowed to connect, how computers can connect, etc., etc.
In addition, there's an administrator password which should be specified, which protects the configuration from unauthorized changes.
When an access point device is manufactured, it is loaded with code (known as firmware or microcode) to perform its tasks. Many of these devices are also loaded with a default administrator password that is well-known in the computer industry.*2
So, unless the device has been properly password-protected, it is possible for a criminal to re-load the firmware (even wirelessly), and install a keylogger-type routine to spy on users' communications.

You might think that if you check in to a well-known establishment, the computing environment is safe and secure. However, in our Motel 21 example, imagine that the motel is off the beaten path, run by folks who have no computer knowledge whatsoever.
They may have sub-contracted the computer support to some local company, possibly not even within the corporation's guidelines, which would then have access to all the guest's communications. You can see the possibility here for some problems. Therefore,

You should inquire about network maintenance procedures.

Finally, some of the above may seem somewhat outlandish or convoluted, but consider this:
People who frequent nice hotels or rent condos (especially in resort locations) and who use computers to manage their life's activities, will generally be at least moderately wealthy. Thus, such individuals are high-probability targets for criminals.
And it's not really too troublesome for a criminal to lounge on a balcony at some luxurious hotel, with a laptop, running programs to intercept and analyze such communications.

Therefore, before you enjoy the convenience of available-anywhere internet access, you must be fully aware of the above pitfalls, and act accordingly.

Sensible Surfing

If you use a common-sense approach to your surfing, you'll be OK.

For example, say you obtain a trusted web address (like your bank), and register a username and password, with your email address, thus creating a new user account.

Typically, you are told that you will be sent an email with a link which will activate your new account. This allows the website to verify your email address.
And so, you receive the email, which contains a link. You click the link, and are brought to a web page which requests your username, password, and other personal information. Since you initiated this process, you can be sure that it's legitimate. Go ahead and enter the information.

On the other hand, let's say you receive an unsolicited email, apparently from your bank, saying that there's been some suspicious activity on your account, would you please click here, to confirm something, and blah, blah, blah.

What you should do is:

Exit the email
Start your web browser
Enter the web address for your bank that you know is correct (from your Favorites)

If in fact, there's something wrong with your account, you'll be advised when you get to it via your usual method.

So, the essential things to remember are:

When being asked to enter personal, private, important information on the internet (either in an email or while surfing), you must ask yourself:

How did I get to this request?
Did I initiate the process?
Is there a logical, sensible thread connecting this request with some previous action of mine (like the register/email activation example above)?
Can I determine, in fact, that this request (web page) is indeed from the real website of the entity (bank, company, etc.) that I wish to communicate with?

If you can't satisfy the above queries, you probably should not continue.

Questionable Content

So now you're safely surfing the internet, and come upon a very official-looking website which seems to contain much information about something that you're vitally interested in. And the gist of the information seems to go against all you previously understood to be true. What are you to think of it?

Here's where the essence of the internet shows: Anyone can publish on the internet!

In the old days, if you wanted to publish anything more than a handout, you had to get a fair amount of money together and a willing publisher. But with the internet, it's as easy as typing a letter. And the graphics and special effects that are available can be very impressive.

But all this doesn't mean that there's any more truth on a website than if you bumped into a stranger on the street, and were told by him that the world is flat.

You must verify things found on the internet: The website you obtain your information from is key. Is it a celebrated publishing house? Is it an established news organization? Also, don't be fooled by volume. You may find many references to something, but that doesn't make it fact. At one time, and for a long, long time, people did think that the world was flat! Check it out.

References

A good place to start your web browsing is the official website of your computer's hardware manufacturer (Dell, eMachines, Gateway, Toshiba, etc), then the software operating system (Microsoft for Windows, Apple for Mac). Obtain it from the documenation that came with your computer.

Most modern computers now come with an automated 'update' facility which logs onto the manufacturer's support website, usually on a schedule (daily, weekly, etc), to see if any new or updated software is available for your particular system. With all the thousands of lines of programming that a modern computer system requires, there are always going to be occasional updates. Such updates improve reliability, security, and performance. Check your computer system documentation.

Additionally, the following are some useful websites:

LibreOffice.Org	Open Source (free-to-the-public) office suite which completely supplants Microsoft Office, for free! There's a word processor, spreadsheet, presentation manager, and more.
SourceForge	Open Source software repository.
PC Magazine	Computer, Software, Hardware and Electronics Review.

* Notes:

1. There are advanced security facilities (both software and hardware) that can overcome various public-access problems, but these are not addressed in this document.

2. Many access-point manufacturers and ISPs now provide devices with individualized administrator passwords (usually printed on a removable label). This greatly increases security.

Back

Comments?, Suggestions? Email PaulJayD