httpvshttps

HTTP vs HTTPS: a guide for beginners

Find out more about these Internet security protocols

Very few people look at their browsers’ URL address bars, isn’t it? And it's even harder to see the actual URL properly on mobile devices. But there's no need for that, right? Because often times, we browse the web by jumping from one link to another. Maybe you have a list with the top tech sites, for example, so you type it into your browser. Or maybe you type a few words into Google’s search box to bring on a list of good results. But then, you’re pretty much clicking links, without necessarily paying attention to the actual URLs that you are visiting. And it’s a shame, because a simple “S” that is added at the end of the well-known HTTP Internet browsing protocol can make all the difference in the world when it comes to data security. Let’s see why.

Okay, so you may not be familiar with the HTTP protocol. It’s the acronym for Hypertext Transfer Protocol, the algorithm that allows us to send our requests over the Internet, and then receive the data that we are interested in: a website page, a pdf report, an image, a video, etc. It’s an old protocol, though, so it can be hijacked quite fast. Cyber criminals can intercept the data exchange with your online bank by making use of the many HTTP flaws, for example. Then, once that they have gotten your user name, account password and access token, they’ll be able to steal your money, for example.

But wait, there is more! Hackers can intercept, and then redirect some of your data packets to an infected website, which will install malware on your computer or mobile device. Then, they will be able to monitor your keystrokes, take screen shots of your screen, and even start your webcam, using it to record whatever it is seeing. So yes, accessing sites that utilize the HTTP protocol is very dangerous.

Fortunately, more and more sites have started to use the secure version of the HTTP protocol, which is named HTTPS. I truly appreciate Google’s involvement in this sector. The company has put in a lot of effort into convincing webmasters to switch their sites to HTTPS, and now its Chrome browser will send a “non secure” warning whenever you try to visit a less secure, HTTP-based website.

HTTPS is much more secure because it encrypts the data that is sent across the web. Nobody is able to see the data that travels between your computer and the server that you are interested in accessing, at least in theory. This means that man in the middle attacks, which allow hackers to intercept your information and alter it, replacing it with corrupted data packets, are impossible if you are accessing a HTTPS site.

So, what should you do if you still want to access a few HTTP sites? First, contact their webmasters, tell them that you are a huge fan or their work, and then ask them to switch to HTTPS. Since some companies will also offer free SSL certificates, which allow webmasters to protect their sites, cost will definitely not be an issue.

It is true that at this point only about 20-30% of the sites use HTTPS, but this percentage can only grow in the future. And if you really want to visit that old site, avoid giving away any information you care about. To give you an example, when you send your user name and password to a HTTP site, the data can easily fall into the wrong hands, because it can be easily intercepted. The good news is that most big sites such as Facebook, Twitter, banks, etc. are already making use of the HTTPS protocol.