One of my two online emails warning website doesn't supply identity information & not all is encrypted.
For years I have had earthlink set as my home page & two earthlink email addresses which I access online.
I go to the home page & both email addresses several times a day & never have any issues w/the address bar turning red EXCEPT for one of the two email addresses. When I click on the x-ed out lock, it says "This website does not supply identity information. Your connection to this site is only partially encrypted and does not prevent eavesdropping."
Weirdly enough, when I leave the inbox and click on the sent, trash, draft &/or possible spam boxes, the address bar reverts to white. It's ONLY RED in the inbox.
I have cleared cookies, cache, history, etc. And nothing changes.
How can the home page & one email on the same website be safe and another email on the same website not?????
Please advise in 'technical help for dummies' terms. :-)
Thank you.
I use FF v.21 I restarted in safe mode with everything disabled & instead of getting the red address bar, the lock was gray & had the same warning.
Todas as respostas (10)
hello, firefox won't show the padlock icon, when it's a so called "mixed connection". when a email message is embedding external images, those might not be loaded over a secure https:-connection. even if there is one single element of the page that is not loaded through a secure connection, then firefox won't show the padlock icon in the location bar (your connection to the earthlink servers itself will stay encrypted nevertheless).
https://developer.mozilla.org/en-US/docs/Security/MixedContent
Thank you phillipp. I did attempt to read the article you linked me to but a good portion of it went over my head. (sorry, I'm not very techie) Based on what I think I got out of it, let me see if I understand this. There may be an email in the inbox that has something embedded in it that is preventing FF from seeing the identity & security info that it sees in the other email boxes (like trash, sent, etc*) & in my other earthlink online email. Is that the gist of it? The reason I ask is that when I open up the details, it specifically refers to earthlink & says that the owner doesn't supply info ownership information.
I did a little more digging.
- I have several folders where I move emails to keep them sorted. I checked them all & only one of them isn't encrypted in the same way the inbox isn't encrypted. The rest show that they are encrypted.
I signed in to my other earthlink email & clicked on the lock in the address bar & got the this (which is the same that shows up in all but my inbox & one folder):
"You are connected to earthlink which is run by (unknown) verified by COMODO CA Limited. Your connection to this website is encrypted to prevent eavesdropping."
Then I signed in to my earthlink home page & clicked on the gray ball (where the lock normally shows up). There was no red address bar. But, I got this message:
"This website does not supply identity information. Your connection to this website is not encrypted."
Nothing seems to be consistent. :-/
hello, yes i think you got the basic gist of it - the connection to earthlink will be secure & encrypted for the most part, howeveras soon as there's one element in the page that isn't loaded through https:// firefox will indicate the page to the user as totally unencrypted in order to not provide any false sense of security...
you might even have a chance of finding out yourself what exactly is causing the issue in your case:
- while your in your inbox press ctrl+shift+k which will bring up the firefox web console (use the same shortcut later to close it again)
- disable the buttons labelled CSS, JS & Logging, so that only Net is still enabled
- then press F5 in order to reload the page
- now a large number of entries should show up in the web console - the ones you're looking for are painted in red and have the [Mixed Content] indicator after them.
- in case such mixed content entries start with something like http://webmail.earthlink.net/ then it would indicate that there is a problem with the programming of the site itself - you should report that to your mail provider and ask them to fix it. if the entries start with the address from another domain like http://random-webshop.com this might give you an indication which of your emails might cause the issue...
Hi again phillipp. Thank you. I followed your instructions and there was only one painted red. I am posting it here.
[18:03:56.811] GET http://r20.rs6.net/on.jsp?t=1113871177402.0.1011013268068.745974&ts=S0915&r=3&o=http://ui.constantcontact.com/images/p1x1.gif [HTTP/1.1 200 OK 219ms]
The only thing I recognize here is that a .gif is an image. That doesn't help much as I have several emails w/images in them.
I clicked on it and got a new window which I copied & am pasting here:
Request Method:
GET Status Code: HTTP/1.1 200 OK Request Headers 18:03:56.000 User-Agent:Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0Host:r20.rs6.netDNT:1Connection:keep-aliveAccept-Language:en-US,en;q=0.5Accept-Encoding:gzip, deflateAccept:image/png,image/*;q=0.8,*/*;q=0.5
Response Headers Δ219ms Vary:Accept-Encoding,User-AgentServer:ApachePragma:no-cache, no-cacheP3P:CP="CAO DSP TAIa OUR NOR UNI"Date:Wed, 26 Jun 2013 23:03:59 GMTContent-Type:image/gifContent-Length:57Content-Encoding:gzipConnection:closeCache-Control:private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"Accept-Ranges:bytes
Is this something I should report to earthlink?
Thank you cor-el for the link.
I read the info even tho I don't have the Aurora version & think I understand. However, normally if I go someplace where there's possible unencryption or partial unencryption, I get a warning letting me know. I don't get that on either my earthlink home page or the online email. Does that mean it's still encrypted?'
Also, I sometimes get this same thing on other websites like Facebook. I usually just have to refresh the page & it disappears.
New Information:
I just noticed something. Earthlink sends me a 'spamblock' email daily to notify me of what is in my suspect mail folder. When the spamblock email is first in my in box, the red & lined out lock are gone. So I started clicking on the other emails and each time I did, the address bar turned red. That got me to thinking because once I clicked on something that turned red, everything else I clicked on stayed red. However, when I refreshed & it would take me back to the top of the page, the red disappeared & I clicked on a different email and it would be ok. So what this will take to isolate which email(s) are causing this is to click on each email, one a at time, note if they are clear or red, then refresh & go to the next email.
My question is, what can be done to stop FF from doing this in the first place? Is there somewhere I create exceptions for those emails that I receive on a regular basis?
Thanks!!!
the culprit entry that you found out indicates that the problem is within one of the emails:
[18:03:56.811] GET http://r20.rs6.net/on.jsp?t=1113871177402.0.1011013268068.745974&ts=S0915&r=3&o=http://ui.constantcontact.com/images/p1x1.gif [HTTP/1.1 200 OK 219ms]
this looks like a 1x1 pixel image that is embedded into an email, which is used by a sender of the mail in order to find out if/when you read the email. unfortunately the link only leads to a general e-mail marketing firm but it doesn't reveal which email sender in particular has used this tactic - but it is probably used in a mail with commercial content or a newsletter of some sort.
you could try to use an addon like adblock plus & create a custom filter to block content from the rs6.net domain...
Thank you philipp!!! I have adblock plus & will do as you suggested & create a filter. Your advice is much appreciated! :-)
READ THIS!!
Finally fixed this problem on my own after countless times of updating Firefox and running my anti-malware/spyware program 100 times with no fix or detection of the problem. Every-time I went to a website i knew was secure and still got a message about other ppl can see what Im doing on my bank account site...I knew something was wrong. I also got pop-ups when my anti-popup feature was checked. So I went to a couple of blogs to find a fix. Some blogs said it was normal.. I didn't buy into that. So I started to go to options in Mozilla and look at me plugins.
- HERE'S THE FIX**
It was a simple fix go into your add-ons and plug-ins and look for programs that you have not accepted but are showing up as enabled. "Disable" it first then "Remove it" after that restart the browser and the problem is fixed. If you cant remove that "spyware" add-on or plug-in report it to Mozilla.
I hope this helped you; please share with other to help protect all of us!
- #M_Chubbz :-)