A note about the security of this site

I occasionally receive inquiries about security at prayer.covert.org. I have written this response after one such gentleman let me know that he was worried about malware or phishing because of warnings issued by the web browser he uses.

Let me assure everyone that the only risk from using prayer.covert.org is the possibility of enhancing your prayer life. Maybe Wormwood is whispering in this gentleman's ear.

I am a software engineer specializing in computer security, with over 50 years experience.

My site is completely secure against any reasonable threat of phishing or malware or any possible harm to you.

What my site does not provide is encryption of the data moving to and from the site.

Encryption of data moving to and from a site is completely unnecessary for a site providing daily prayers. You are not carrying out financial transactions, or communicating government secrets, or storing valuable photographs, or transmitting any personal information at all. Your enemies might be able to tell whether you are praying the minor offices as well as Morning and Evening Prayer. But not anything else.

Providing encrypted data transfer at websites requires the purchase and installation of -- and the frequent renewal and replacement of -- security certificates which prove that the site really is "prayer.covert.org" and to enable the encryption.

Even security certificates do not protect against someone hijacking a site and all of its security certificates and replacing the site with malware or phishing exploits. With or without encryption, it is still necessary to observe proper security principles, which I have done with computers under my control for over 50 years, including systems handling medical records and carrying out financial transactions for one of the largest insurance companies in the world. Encryption is both appropriate and necessary for such applications, but not for daily prayers.

The companies at the source of such warnings haven't done a "threat analysis" of the use of prayer.covert.org or its purpose. The warnings are provided by the same organizations which sell security certificates, and they hope that people who are unschooled in threat analysis will contact me to ask that I pay for unnecessary security certificates and spend time and effort installing and renewing them.

For a site not handling confidential or critical data, "http" is completely adequate and appropriate, and "https" is unnecessary.

You may say your prayers with safety and confidence at prayer.covert.org.