Privacy policy: הבדלים בין גרסאות בדף

מתוך ויקי נטפרי
קפיצה לניווט קפיצה לחיפוש
(יצירת דף עם התוכן "<div lang="en" dir="ltr" class="mw-content-ltr"> <div lang="he" dir="rtl"> לעברית לחצו כאן </div> <div lang="en...")
 
שורה 33: שורה 33:
 
Installing a security certificate from a filtering service does not show the encrypted communication to anyone except the filter system.
 
Installing a security certificate from a filtering service does not show the encrypted communication to anyone except the filter system.
  
הבעיה שמערכת הסינון יכולה להיות חשופה לתכנים (ססמאות, פרטי אשראי וכדו') היא בעצם התקנת תעודת האבטחה (שזה קיים בכל החברות), וללא קשר אם חברת הסינון בוחרת לסנן את התכנים של האתר או לא. דהיינו, בכך שיש חברות שבוחרות לא לסנן אתרים מאובטחים מסוימים, זה בגלל בחירתם. ובמידה וירצו לאסוף פרטי אשראי במודע על משתמשים, הם יכולים בלחיצת כפתור לסנן ולאסוף תכנים ללא ידיעת המשתמש (משתמש מתקדם יכול לבדוק בפרטי התעודה: אם היא זו של חברת הסינון, סימן שבוצע פענוח והנתונים היו חשופים).
+
The problem that the filtering system can have access to content (passwords, credit details, etc.) is actually by installing the security certificate (which exists in all the filtering companies), regardless of whether the filtering company chooses to filter the contents of the site or not. Even companies that choose not to filter certain secure sites, it is because of their choice, but if they want to collect credit information consciously on users, they can do it with a push of a button to filter or gather content without the knowledge of the user (advanced user can check the in the details of the certificate: if it is from the filter company, a decryption was done and the data were exposed).
  
האם אפשר לתת אמון בחברת הסינון? אז צריך לדעת מה הסיכון. בהחלט אם ישנה חולשת אבטחה או לחלופין מורשה ברמה גבוהה יש לו כוונה זדונית, ניתן להניח יד על הנתונים. מאידך מדובר מערכת ממוחשבת שנמצאת על ספק רשמי עם כל הרגולציה שבדבר, וישנה מחויבות לתקני אבטחה מחמירים. יש לזכור גם שכל תעבורת האינטרנט הלא מוצפנת, חשופה לספק איזה שיהיה והמידע בה לפעמים הוא לא פחות רגיש מבאתרים המוצפנים.
+
Can you trust the filter company? So you have to know what the risk is. Certainly if there is a security vulnerability or an authorized high level with malicious intent, someone can lay a hand on the data. On the other hand, this is a computerized system that is an official supplier with all the regulations by law, and there is a commitment to strict security standards. It should also be remembered that all non-encrypted Internet traffic is exposed to the provider, and the information in it is sometimes not less sensitive than the encrypted sites.
  
==== סינון אתרים מאובטחים בנטפרי ====
 
בנטפרי כל אתר מאובטח שפתוח מוגדר האם יש בו בכלל צורך בסינון. אתרים מסוימים כמו paypal לא עוברים סינון, ולא מתבצע פיענוח והתעודה המקורית נשארת.
 
באתרים בהם יש כן צורך בסינון אז מתבצע פענוח ואח"כ הצפנה שחתומה ע"י [[תעודת האבטחה|התעודה של נטפרי]].
 
  
כדי שתעודת נטפרי לא תהווה חותמת גומי לתעודות לא תקפות, מתבצעת בדיקה של התעודה מול המאגר [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/ Mozilla CA Certificate Store] שהינו קפדני ביותר. אם התעודה תקפה, ההצפנה נעשית ע"י התעודה של נטפרי. אם התעודה לא תקפה לפי המאגר הנ"ל ההצפנה נעשית בשיטת [https://en.wikipedia.org/wiki/Self-signed_certificate Self-signed certificate] כך שאצל הלקוח מתקבלת התרעה על תעודה לא תקפה.
+
==== Secured web site with NetFree ====
 +
In NetFree any open secured site is defined as whether it is necessary to filter. Some sites like paypal are not filtered, and the original certificate is not decrypted.
 +
On sites where there is a need for filtering then decryption is carried out and then encryption is signed by NetFree's [[Security certificate]].
 +
 
 +
In order for the NetFree certificate not to be a rubber stamp for invalid certificates, the certificate is checked against the database [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/ Mozilla CA Certificate Store] which is are very strict. If the certificate is valid, the encryption is done by NetFree's certificate, if the certificate is not valid according to the above database, the encryption is done using the method [https://en.wikipedia.org/wiki/Self-signed_certificate Self-signed certificate] so that the customer receives a warning about an invalid certificate.

גרסה מ־06:26, 12 בנובמבר 2018

לעברית לחצו כאן

Home page > Privacy policy

Data Collection

In NetFree, data is not collected even not temporarily or for support purposes, the user is the only one who can initiate such an action temporarily for support needs.

In other words, if the user has a problem or malfunction on a secure site, neither the service representatives nor the managers have the ability to know where he or she is surfing. But the user himself can launch the Trafic record tool, and receives a unique link to this temporary recording, the link he can send to support to help solve the problem.

Secured sites

Background

Any access to a remote computer is done using a predefined rule set (protocol). The two common protocols are the http protocol used for unencrypted communications, and the https protocol used for encrypted communication.

An example of unencrypted communication is browsing to a weather forecast site. The user asks to display certain data (for example: the expected weather in Jerusalem tomorrow), and the remote computer displays the answer visually.

An example of encrypted communication is browsing to a bank's website. The user asks to view certain data (for example, his current account status at the bank). The remote computer wants to verify that the applicant is entitled to access this data, which is done by a user name and password that the user must provide. In order to prevent a quote from foreign media, it is executed in a secure protocol that encrypts the media, which does not allow other parties to quote it. At this point, the remote computer knows that the user is allowed to view the data they are requesting, but the user can not tell if he is requesting the data from the remote computer of the bank, or from a remote computer who acts like the bank (impostor) and thereby stealing his or her password. Worse of this, one can "mediate" between the user and the bank, and look at the data and even change it. Here comes the Security certificate, which is a kind of hologram sticker affixed to the site and confirms: 1. The site is not an impostor but the real 2. Encryption of the data has not been "opened" before any users until they reach the user's browser.


Secure site filtering in general

Today, many sites use encrypted protocols, such as Google, e-mail services, banks, credit card companies, online shopping sites and many more.

Every filtering system needs to decrypt encrypted data. Encryption of encrypted communications requires the filtering server to re-encrypt it with its own certificate. This certificate that belongs to the filter service must be installed on the client computer to know that it is trustworthy, otherwise the browser will block the connection.

Installing a security certificate from a filtering service does not show the encrypted communication to anyone except the filter system.

The problem that the filtering system can have access to content (passwords, credit details, etc.) is actually by installing the security certificate (which exists in all the filtering companies), regardless of whether the filtering company chooses to filter the contents of the site or not. Even companies that choose not to filter certain secure sites, it is because of their choice, but if they want to collect credit information consciously on users, they can do it with a push of a button to filter or gather content without the knowledge of the user (advanced user can check the in the details of the certificate: if it is from the filter company, a decryption was done and the data were exposed).

Can you trust the filter company? So you have to know what the risk is. Certainly if there is a security vulnerability or an authorized high level with malicious intent, someone can lay a hand on the data. On the other hand, this is a computerized system that is an official supplier with all the regulations by law, and there is a commitment to strict security standards. It should also be remembered that all non-encrypted Internet traffic is exposed to the provider, and the information in it is sometimes not less sensitive than the encrypted sites.


Secured web site with NetFree

In NetFree any open secured site is defined as whether it is necessary to filter. Some sites like paypal are not filtered, and the original certificate is not decrypted. On sites where there is a need for filtering then decryption is carried out and then encryption is signed by NetFree's Security certificate.

In order for the NetFree certificate not to be a rubber stamp for invalid certificates, the certificate is checked against the database Mozilla CA Certificate Store which is are very strict. If the certificate is valid, the encryption is done by NetFree's certificate, if the certificate is not valid according to the above database, the encryption is done using the method Self-signed certificate so that the customer receives a warning about an invalid certificate.