Welcome to The Spellbook's Security page. First, thank you for your interest (or concern) on this topic. Cybersecurity is possible
only with everyone working to make it possible.
You may have received a security warning from your browser when you first came to this site. It might be in the address bar of your
browser right now. If so, that's great! That means that your browser has correctly identified this site as lacking the security
features that would be necessary to provide secure communication. If not, you might want to look into getting a browser that
provides this kind of warning. While it's not necessary, it can make it easier for you to spot websites that secure and those that
are not. In this specific case, you see this warning because this website uses "http" instead of "https" to send
and receive information. There are a number of differences between these two tools, but for this conversation, there are only
two that we will look at: No Encryption and No Identity Verification.
The http tool that I'm using to bring this website to you does not use encryption. Encryption is a process by which communication stays private between two parties. The process is complicated and involves a lot of math, but the end result is that if you are using a (properly) encrypted communication channel, you can trust that only you and the person you are talking to will be able to understand what you are saying. This is not to say that someone else can't "hear" you, only that if they did hear you, they would not know what you are saying. That's what makes encryption great. Unfortunately, I don't know how to properly encrypt communication, so this website does not use encryption. Maybe in the future that will change.
You can still view content on this website. However, you should be aware that anyone could be looking at what you see. If you think
that I might send you some information that you don't want someone to know that I sent you, you should not use this website.
Maybe you live in a place where viewing that information is illegal, or maybe you don't want someone to know that you are receiving
this information from me. Because this website is not encrypted, anyone and everyone could understand what we are talking about.
You could still send information to me. However, you should be aware that anyone could see what you are sending to me. If you
wouldn't want someone else to know what you are sending me, you should not send me that information. In reality, I don't have any
way for you to send me information, exactly because someone might make a mistake and send something that they didn't want someone
else to hear about. Maybe this will change in the future.
The http tool that I'm using to bring this website to you does not use identity verification. Identity Verification is exactly what it sounds like, it's the process by which two people verify that the other person is who they are supposed to be. I have no idea how this works, but the end result is that if you are using a process that (properly) implements identity verification, you can trust that the other person is who you think they are. Unfortunately, I don't know anything about identity verification, except that I think it takes money, and this is a hobby project. I'm not going to go through the process to verify my identity to you, or verify that you are who I think you are.
You can still view content on this website. However, you should treat this as the work of an anonymous, random person. You should not trust that the person who made this is the person that you think made this. It could be a different person every week, or it could be hijacked and controlled by an entirely different group of people. There is no way to know. If you would not trust this information if it came from a random person on the street, you should not trust this website either.
Now that I've dug myself into this hole of mistrust and suspicion, I'm going stop. There is no reassuring conclusion here. Cybersecurity is a complicated topic, and there has been a lot of work by a lot of smart people to make the internet a safer place. Unfortunately, my knowledge of the subject is not there yet, so I can't implement those practices. However, that is not to say that my website is necessarily dangerous. It just needs to be approached with the knowledge that the informatin that we send back and forth to each other could be overheard by anyone, and that neither one of us is sure who the person on the other side of the screen is. If you keep this in mind, and act accordingly, you should be able to use this website without trouble.
The astute reader will have, by now, put together the logical issue with all of the above information. If you should not trust that I am who you think I am, then why should you trust that anything that I say is true? How can you trust that it's ok to view this website when you see a security warning when you go here? That's a great question! The answer is, you can't! If you understood anything about the above, it's that you should not trust what's written here. So why did I write all of this? While I'm not asking you to trust me, I tried my best to give you correct information. Even if you don't trust that (and you shouldn't), this can serve as either an introduction to this topic, or a reminder of what you already knew. If this is new to you, I encourage you to do a quick web search for something like "Is it ok to use HTTP" and read up on it. You can use the information that you find to make a decision about whether you are comfortable viewing information on my hobby website.