Spanish institutions, no matter how much we feel, are not as up-to-date as they should be. Installing the digital certificate is still a nightmare today, with a multitude of errors and certificate failures that even force the use of old and unsafe browsers. In addition, if we try to enter a multitude of official websites , the error that ” the connection is not private ” appears. Why happens?
Google and the large technology companies worldwide have made almost all current websites use HTTPS . Thanks to this, the connections we make with them are completely encrypted, and our data travels between our devices and the servers where the websites are hosted safely.
Not all government websites use HTTPS
That a website has HTTPS does not mean that it is secure, since that website may be under the control of a cybercriminal, and that the data we give them ends up in their hands to carry out illegal activities. However, if a website does not have HTTPS, then we can determine that it is not secure under any circumstances.
When a website is secure, in its URL we find that it begins with HTTPS. At present this is seen more quickly if the page has a closed padlock to the left of the URL when we enter it in the address bar of the browser. If we click, we can see if the connection is secure, as well as check which certificate the web uses.
Unfortunately, institutional websites have a long way to go. As stated by the #websegura project of PucelaBits , only 3% of Spanish institutional web pages comply with a correct minimum configuration to avoid attacks. To determine if a website is secure or not, they have used the Mozilla Observatory analysis service, which offers grades from A + (the best) to F (the worst). Only websites that receive an A or B rating are considered safe. The rest have security deficiencies, and some even do not have HTTPS, or have problems with the certificate , which may be expired or have been revoked, hence the error appears.
Only 3% of the 776 analyzed are safe
Thus, of the 776 websites of institutions in Spain analyzed , only 3% had a good security configuration. An example is found on the website of the Ministry of Industry, Commerce and Tourism , which, although it uses a certificate and has HTTPS on the web, there are contents of it that are not served by HTTPS .
This may be the case for some images. If we analyze the source code of the page, we can see that there are 103 links with HTTPS , but in return we found 41 results from HTTP , including links to tweets. Therefore, it is a matter of fixing those links, and thus browsers like Firefox would not show the web as unsafe.
According to Maldita, the Government is working so that all government domains become secure and use HTTPS extensively. To do this, not only do you have to acquire the certificate, but you have to adapt the services used on each website, and some may be too old and not compatible with encryption or current security standards. In turn, there is no one source of certificates that is used in a homogeneous way in all portals, since there are those who use certificates from the FNMT, GlobalSign or DigiCert.
