Anyone who uses the internet is no stranger to the ‘http://’ or ‘https://’ markers that precede most web addresses. Maybe you’ve heard that you should reveal your credit card details only to sites with HTTPS in the URL. You’re not wrong, but let’s get down to the bottom of this.
HTTP vs HTTPS
HTTP stands for HyperText Transfer Protocol. HTTP connects to the webserver of the required website and sends a request for the page you need. Your browser receives the page and closes the connection.
If there are images, videos, or links, your browser generates new HTTP requests for each of them.
Error 404, a message that most internet users are familiar with, is generated when the HTTP request does not return a page from the server. This is usually because the page has been deleted.
HTTPS stands for HyperText Transfer Protocol Secure. As the name suggests, it carries out the same functions as HTTP but in a safer manner. HTTPS uses an SSL/TSS protocol to encrypt the data exchanged between the server and the browser.
SSL stands for Secure Sockets Layer. Under this system, the browser first verifies the server’s identity by checking its SSL certificate. After that, the server either implicitly trusts the SSL certificate or trusts the authority which verified the certificate. Any exchange of data can occur only upon the completion of this step.
Following this, data is coded through an algorithm previously agreed upon by the server and client browser. A public/private key pair usually decodes this. The private key is inaccessible to all but the systems themselves. Thus, even if malicious elements intercept these messages, they cannot understand them.
Also read: If Google says a website isn’t secure, what does it really mean?
Why is HTTPS better than HTTP?
HTTP sites allow internet providers and bad actors to see what site you’re on and the exact pages. HTTP uses plain text to send and receive messages. Hence, anyone who intercepts the message can not only understand it but potentially also change its meaning.
Even ads that pop up all over the page are a direct result of using a non-HTTPS site. Such ads are not from the webpage. They’re more often than not injected along the way. Hackers often serve malware in this manner.
Not only does an SSL certificate ensure privacy, but also provides website integrity.
However, recent studies show that over 50% of phishing sites use SSL certificates, implying that the familiar lock symbol on your browser will still be present even for untrustworthy sites.
Furthermore, SSL can be hacked by specially programmed Python scripts. The most well-known of them is SSLstrip, which can access 117 e-mail accounts, 16 credit card numbers, 7 PayPal log-ins and over 300 other “miscellaneous secure logins” in 24 hours.
Undoubtedly, SSL certificates are a step in the right direction towards increased user safety. Encryption and decryption provide further privacy to users and protect them from attack. Even though the HTTPS protocol provides a certain modicum of protection, keeping your wits handy while using the internet is always wise.
Also read: Is Windows Defender good enough for your PC?