Previous Next Index Thread
Previous Next Index Thread
Archive-name: investment-faq/general/part7
Version: $Id: faq-p7,v 1.33 1996/05/28 13:40:32 lott Exp lott $
Compiler: Christopher Lott, lott@informatik.uni-kl.de
This is the general FAQ for misc.invest, part 7 of 7.
Compilation copyright (c) 1995 by Christopher Lott. Use and copying
of this information, distribution of the information on electronic
media, and preparation of derivative works based upon this information
are permitted, so long as the following conditions are met:
+ No fees or compensation are charged for this information,
excluding charges for the media used to distribute it.
+ Proper attribution is given to the authors of individual articles.
+ This copyright notice is included intact.
Disclaimer: This information is made available AS IS, and no
warranty is made about its quality or correctness.
-----------------------------------------------------------------------------
Subject: Trading - via the Internet
Last-Revised: 27 Mar 1994
From: lott@informatik.uni-kl.de
In September 1994 I wrote an article that severely criticized making
trades via the Internet. In that article, I discussed problems of
sending information *in the clear* via various routes:
+ With an asynchronous communication setup (e.g., e-mail), timeliness
is impossible to guarantee; a message may be delayed for many hours.
+ With either a synchronous communication setup (e.g., telnet) or
asynch. comm. (e-mail), security is impossible to guarantee because
of packet sniffers.
Well, I'd like to recant. :-) Recent developments on the net have
addressed these two problems. The fundamental development is the use
of *encryption* technology. While schemes such as PGP have been out
there for a while, only the recent incorporation of encryption
technology into the WWW browser _Netscape_ makes this fairly secure
mode of communication easily accessible. This scheme is called
``secure http'' aka HTTPS. My understanding of HTTPS (warning: I am
a cryptographic novice) is that your Netscape client negotiates with
the remote WWW server to figure out a way to encrypt all communications,
and you (the user) are not required to type any secret key or otherwise
take any steps. Thereafter, the user can be reasonably sure that even
if someone is sniffing packets, the sniffer will have to work Extremely
Hard at deciphering them, in fact sufficiently hard that the attack on
the sniffee is not worth their time. But remember that cryptography
is often quite subtle, and I am NOT QUALIFIED to judge whether the
Netscape scheme is sufficiently difficult to break such that it is
suitable for the average investor.
I know of one service that accepts trades via the HTTPS scheme: PAWWS.
PAWWS, aka ``Wall Street on the Internet,'' is a division of Chicago-based
Security APL. To learn about making trades on the Internet, use the
URL <http://pawws.secapl.com/>. Obviously you will require a browser
that supports HTTPS. PAWWS offers access to these services:
+ The Net Investor, from Howe Barnes Investments of Chicago
<http://pawws.secapl.com/C_html/hbi/top.html>
+ NDB Online, from National Discount Brokers.
<http://pawws.secapl.com/Ndb_phtml/home.html>
In the end, I'm still not sure I'm personally comfortable with having
my account accessible on the internet. I want to emphasize also that
I'm not some kind of Luddite, just somewhat mistrustful of combining
WWW servers and my portfolio. My recommendation for those who want to
trade via some computer interface still stands: get an account with a
provider such as Prodigy (which offers access to some trading system)
or with any of the discount brokers who offer an electronic trading