As part of our guide to online safety and how it relates to play at online casinos, we take a look at Secure Sockets Layer (SSL) encryption and explain it in layman's terms. Read on to find out how and why you should protect yourself when playing online by always ensuring that your private information stays that way.
The Internet is, at its most simple description, a network of connected computers that spans the globe. When you ask your web browser to load a web page, or you click a button on a web page, or enter some information and submit a form, you send what is known as a "request" from your computer to the computer that hosts the site you are viewing (known as a server). In order for your request to reach the web server, it must first be routed through many other servers across the globe on its journey across the network.
When using a standard unencrypted connection to browse the web, the information contained in your request is passed from server to server on its journey across the web in plain text. This means that at any point along that journey, anyone with access to one of the servers that your request is passed through could potentially log the contents of the request and re-use the information in it. This person could be a bad guy operating the server, a hacker with remote access to a compromised server, a misconfigured server logging data that could later be discovered by a hacker, or even a snooping government department in the country that you live.
Obviously this is not an acceptable situation for people wanting to send sensitive information around the globe. Sensitive information could include a credit card number and expiry date, or an internet banking login, or indeed the password to an online casino account. Therefore it is possible for web servers to be configured to allow, or even require, web browsers to connect to them using an encrypted connection via a cryptographic protocol known as Secure Sockets Layer.
Without going into the technical detail of explaining exactly how SSL works (see further reading below), the effect of using such a connection is the difference between those intermediary servers being able to log information in an unencrypted request like this:
and an encrypted request like this:
The beauty of SSL encryption is that only your browser and the web server you are contacting can read the information that you are sending each other.
The easiest way to do this is to look at the URL bar at the top of your web browser window. All major current browsers will display either a small padlock icon or a larger green coloured icon or address bar that indicates that your connection is secure.
Another thing to look for is to check the start of the URL that you are accessing. If it starts with http:// then your connection is not secure. If it starts with https:// (note the extra 's') then you can take it as a strong indication that the site is secure, providing the site's certificate is valid.
This situation becomes one of risk assessment that differs depending on the situation. You need to consider what kind of information you are sending to the web server and the risk associated with the loss of that information. A couple of examples might help clarify this:
Sadly during our review process at Casino Listings we have come across several online casinos that do not enforce the use of a secure SSL connection, putting the private information of their customers at risk. Below is a list of these casinos along with relevant notes and further information. We strongly recommend that you do not register, login, or play at any of the casinos on this list.
|Casino Cash Palace||Despite showing an invalid SSL seal verification image in the bottom corner of their website which claims to be SSL protected, this casino operates completely in plain text, allowing unencrypted registration and login.|
|Cherry Gold Casino||Instant play section of the website allows insecure registration and login, which leaves your personal information and password transmitted in plain text.|
|SlotLuv Casino||Aside from being run by a bunch of criminal scammers, the in-browser instant play section of this casino allows unencrypted login and registration.|
If your casino is on this list and you have fixed the problem, please contact us and we will gladly remove it, pending verification. Similarly, if you discover an unencrypted casino that we do not have on this list, please let us know and we will credit your account with some CLchips as a reward.
This is intended only as a basic guide to online safety and SSL encryption. If you would like to know more about the technical details of how encryption and SSL itself works, I recommend reading the following resources: