How to Check if Somebody is Spying on Your Supposedly Secure Internet Connection


Steve Gibson is well known for his free tools for checking Internet security. His site at has long been a place to go for a variety of security information. In the light of all the recent revelations about government and other institutions spying on us, his page for checking if someone is eavesdropping on an HTTPS connection is worth visiting. Go to the link called Fingerprints and learn if your ISP or other agency is using a fake SSL certificate to look at your supposedly secure HTTPS encrypted traffic.

Checking SSL fingerprintGibson gives many details about what can happen with secure browser connections and how to check the fingerprint of these connections. He provides an online tool to obtain the genuine hexadecimal fingerprint of an HTTPS domain. He also gives instructions for a number of browsers on how to find what SSL certificate fingerprint is being given to your browser. I have used the online tool to obtain the certificate for Gizmo’s and you can see the result by clicking the thumbnail.

Gibson's page is informative and worth visiting.

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.

This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.

Please rate this article: 

Your rating: None
Average: 4.6 (42 votes)


I'm in China. Doya think the government is spying on me:)

On a serious note. How does this affect VPN's?

NEW: I just went into my "certificates" box in "Internet Properties" and google, Microsoft, gmail and many other critical properties are listed under "Untrusted Publishers".

What does this mean? Has my security been compromised?

When I view each untrusted certificate it says, "This certificate has been revoked by its certification authority".

What does that mean? What's going on?

PS. When I went to Steve Gibson's "Fingerprint" page our "fingerprints" matched.


eBay cannot be trusted to maintain your privacy. Here's what happened to me years ago:
eBay's privacy statement claimed that it would never divulge information about users for marketing purposes. BUT, EBay not only gave my name and address to a bank so it could send me marketing mail, eBay gave the bank my PASSWORD!!!

When I contacted EBay about this, the response was brusk: "Write our lawyers at ..."

Read the article cover to cover and then read it again, before plunging into an examination of 90% of the secure websites I use and so far, so good . . . .

Thanks again for a cracking article

Thanks so much for this! Very handy....wish there was an offline version though.

Testing a few things now.....seems that ebay is NOT secure.....I am being targetted via that account recently, but I'm wondering if anybody else has that same 'problem'?

What do you mean that eBay is not secure? It doesn't use https for browsing, but it certainly uses a certificate for logging in (which is necessary to bid), changing account info, etc.

Also, what is an "offline version"? The whole idea of a certificate is to validate a real-time internet connection.

One or more errors were encountered when querying:

We were unable to connect to the remote web server's standard HTTPS port 443. This remote web server may not offer secure HTTPS web services.

The trouble may be something you can remedy by altering the domain name submitted, or the trouble might lie with the configuration of the remote secure web server. You should examine the domain name submitted, above, the errors returned, and the error comments to determine your best course of action.

when logged in you get same gets authenticated!

yep, and i figured somebody wd say that.....obviously what i meant wd be a nice stand a lone proggy that you can run from your PC! how do you know the online version isn't one giant honey trap who is making a log of everyone who might be concerned about such things, at least? prime example!