Anyone who uses the internet is no stranger to the ‘http://’ or ‘https://’ markers that precede most web addresses. Maybe you’ve heard that you should reveal your credit card details only to sites which have HTTPS in the URL. You’re not wrong, but let’s get down to the bottom of this.
HTTP vs HTTPS
HTTP stands for HyperText Transfer Protocol. HTTP basically connects to the web server of the required website and sends a request for the page you need. Your browser receives the page and closes the connection.
In case there are images, videos, or links, your browser generates new HTTP requests for each of them.
Error 404, a message that most internet users are familiar with, is generated when the HTTP request does not return a page from the server. This is usually because the page has been deleted.
HTTPS stands for HyperText Transfer Protocol Secure. As the name suggests, it carries out the exact same functions of HTTP but in a safer manner. HTTPS uses an SSL/TSS protocol to encrypt the data exchanged between the server and the browser.
SSL stands for Secure Sockets Layer. Under this system, the browser first verifies the server’s identity by checking its SSL certificate. The server either implicitly trusts the SSL certificate or trusts the authority which verified the certificate. Any exchange of data can occur only upon the completion of this step.
Following this, data is coded through an algorithm that is previously agreed upon by the server and client browser. This is usually decoded by a public/private key pair. The private key is inaccessible to all but the systems themselves. Even if malicious elements intercept these messages, they cannot understand it.
Relative merit of HTTPS
HTTP sites allow internet providers and bad actors to not only see what site you’re on but the exact pages as well. HTTP uses plain text to send and receive messages. Hence, anyone who intercepts the message can not only understand it but potentially also change its meaning.
Even ads that pop up all over the page are a direct result of using a non-HTTPS site. Such ads are not from the webpage, they’re more often than not injected along the way. Hackers often serve malware in this manner.
Not only does an SSL certificate ensure privacy, but also provides website integrity.
However, recent studies show that over 50% of phishing sites use SSL certificates. This implies that the familiar lock symbol on your browser will still be present even for untrustworthy sites.
Furthermore, SSL can be hacked by specially programmed Python scripts. The most well-known of them is SSLstrip. The hack can apparently give access to 117 e-mail accounts, 16 credit card numbers, 7 PayPal log-ins and over 300 other “miscellaneous secure logins” in a 24-hour period.
Undoubtedly, SSL certificates are a step in the right direction towards increased user safety. Encryption and decryption provide further privacy to users and protect them from attack. Even though the HTTPS protocol provides a certain modicum of protection, it is always wise to keep your wits handy while using the internet.
Also read: Is Windows Defender good enough for your PC?
Akshaya is an aspiring cardiac surgeon who writes both content and creative pieces at any given juncture. As a powerful orator, a voracious reader, and a bit of a know-it-all, she is usually found with a book in hand. A self-labelled fangirl, Akshaya considers herself a connoisseur of all things nerdy.
Contact Akshaya via email: [email protected] or call: +91-522-4333653