I'm sure that a lot of SB-I users are aware that when they login to some sites via HTTPS, many other areas of the site are not encrypted. I'm not just talking about torrent sites. Online Banking and Shopping, Email,and Social Media sites are just a few of the examples where the login page may be the only thing that's encrypted. Therein lies the problem. There are many ways for hackers to sniff account information and passwords by going the backdoor route. If you logged on through a HTTPS connection but are using a section of the site that isn't encrypted, your level of security is virtually nonexistent. Many sites are exploited by this loophole.

There is a somewhat new security enhancement called: - - HSTS - HTTP Strict Transport Security. HSTS is basically a header request to automatically upgrade the connection to a secure one, for each and every link that the user clicks on. In reality, HSTS tries to force encryption throughout the entire domain of visited links. This should only be tried on sites which already support some type of HTTPS encryption. Even though this is an emerging technology, there are a few sites that already fully support this. Paypal was the catalyst for HSTS. Their input for this technology was instrumental in getting it off the ground floor. While this will not fully protect you while online, the odds are a little better in your favor.

At the time of posting this info, I know of only two ways of activating forced encryption or HSTS. This feature is already available in Google Chrome and Noscript with Firefox. This post is a summary of two articles from where I retrieved my information.

http://hackademix.net/2010/10/27/forcing-https-with-noscript/

extreme geekboy: HTTP Strict Transport Security has landed! (http://blog.sidstamm.com/2010/08/http-strict-transport-security-has.html)