A Lesson in Cybersecurity: HTTPS

Ever notice how most websites you visit have a green lock next to the address, or how part of the address bar turns green? This is because the webpage you’re on is using HTTPS instead of regular HTTP.

I don’t know you or your knowledge of cybersecurity, but even if you do know what HTTPS is, it’s always good to have a refresher. So, what is HTTPS? How is it any different from HTTP?

What is HTTP?

HyperText Transfer Protocol—HTTP for short—is one of the oldest protocols in the Internet’s history, dating back to 1989 with the creation of the Web itself. With HTTP, a browser is granted the ability to request data, such as a webpage, from a server, and consequentially, the server can send the data back over to the browser.

Simply put,communication of data on the Internet is—most of the time—done through HTTP. Clients(you) and servers can exchange data through this protocol, but what makes HTTPS so different?

This is only a basic explanation, as there are more in-depth details like gateways and caches that can be explained, but for the sake of keeping things brief, all we need to know about HTTP is a surface-level explanation of what it does.

What is HTTPS?

HTTP is fantastic and, once again, the basis for communication on the Internet. However, base HTTP is anything but secure. After all, it was invented in 1989, when the Web was just made and criminals didn’t have access to it.

But in 1994, Netscape Communications introduced the world to HTTPS, the secure, filtered version of HTTP.

In general, HTTPS works the exact same as HTTP. The client will still request data from the server, the server will grant the request and transfer data to the client and so on and so forth. However, there is one little twist: encryption.

While this tried-and-tested process goes on, HTTPS adds a layer of SSL encryption, prohibiting the data being sent back-and-forth from being intercepted by a third-party. This is why banks, companies and most websites use HTTPS: data is much more secure.

Keep this in mind next time you’re making an online payment online; if you don’t see an HTTPS indicator in that address bar, don’t enter any personal information!

And while HTTPS is adored over regular HTTP, there is one debate that some bring up: what’s the point of security software, for instance, a VPN, when HTTPS exists?

Why HTTPS Doesn’t Invalidate Security Software

The argument that HTTPS may invalidate some privacy/security software is nonsensical. Sure, HTTPS encrypts data and keeps data transfer straightforward and secure, but HTTPS can’t be counted on 100% of the time.

For example, one website you visit frequently may use HTTPS while another may use regular HTTP. All of a sudden, your data isn’t secure, but software like a VPN can keep your data encrypted and secure 100% of the time and not on a per-site basis.

Also, HTTPS only guarantees security between your browser and the server it’s communicating to, AKA the webpage and the hosting server for the webpage. When it comes to your device, it’s still at risk of sending out data that can be intercepted. For example, HTTPS won’t protect your data when you’re on a public network and there just so happens to be a cybercriminal on the same network.

Some people are desperate to choose one over the other, but HTTPS has it’s own place and so do VPNs and other privacy tools. Plus, a VPN can’t, you know, load webpages for you.

And there you have it! A quick look into why HTTPS was the logical next step for the HTTP protocol, and why you’re better off using HTTPS for your site—if you have one, of course. I wonder if, one day, we look back onto HTTPS and think it unsecure.