What are HTTP and HTTPS
Hypertext Transfer Protocol (HTTP) is a protocol for the communication between a web client and a webserver. Though it is essential to our browsing, it works, for the most part, without us noticing it. The downside to this protocol is that the traffic isn’t encrypted, which means that, in theory, anyone can see what you do when you visit a website. When we started communicating more and more vulnerable information online, HTTPS was created. This is a secured version of HTTP, which makes sure you are dealing with a legitimate website and you don’t leak any personal information. For a website to get an HTTPS certificate they have to be checked by a Certificate Authority (CA). If your browser sees that a website has a certificate from a CA it will indicate this by putting a closed green padlock next to the website’s address. The communication with HTTPS is protected by Transport Layer Security (TLS) or Secure Sockets Layer (SSL). It offers end-to-end encryption, which means that it encrypts all the traffic between your devices and the website. While HTTPS was first incorporated by websites that handled transactions or banking data, it has become the new norm.
How can I see if a Website is Secure?
But how do I know if a website uses HTTPS? Well, the system is set up very intuitively and isn’t hard to understand. It might differ slightly for every browser, but as an example you can see below how Google Chrome indicates the safety status of every website:
Of course, the first way to determine whether a website is secure or not is to see if the web address starts with http:// or with https://. However, a lot of browsers hide this part of a web address. In these cases you can check what it says to the left of the web address in the address bar. When a website is secure and has a valid certificate you will see a green padlock. In some browsers it might even say: “Secure”, as you can see in the picture below.
If you are interested you can gain even more information about the certificate a website has by clicking on the padlock and selecting “Certificate”. Here you can find information like, who issued the certificate and for what time period. When a website does not have a valid certificate you will see a little information logo. You can see an example of that in the picture below. When you click on this information icon you can see why the website isn’t secure, and what information is visible for others.
You might encounter different ways of indicating whether or not a website is secure. However, as a rule, you can click on the icon next to the web address. This will provide you with extended information about the certificate or the lack thereof.
How Safe is HTTPS?
It might sound like HTTPS secures all your browsing, but unfortunately it doesn’t. It is very useful to determine whether a website is valid or not and if they offer a general protection of your data. Moreover, while it makes it more difficult for prying eyes to see what pages you visit on a website, they will still be able to see that you visited that website. Hackers have actually managed to create HTTPS websites that are there to trick you. So, even though it does create a safer internet environment, it isn’t foolproof. The Certificate Authorities are mostly trustworthy authorities,but it only takes one corrupted CA to create false certificates. As always on the internet, it is still best to use your common sense and don’t trust to easily.
Only Visit HTTPS Websites with HTTPS Everywhere
We move from website to website these days, and being the busy people that we are, we don’t have time to check if a website is secure, every time we access a new one. Luckily, there is an initiative called HTTPS Everywhere, which will do all the work for you. HTTPS Everywhere is a browser extension that was created by the Electronic Frontier Foundation in collaboration with the Tor Project. The extension checks every website so you won’t have to. It is available for Chrome, Firefox, and Opera and can be easily downloaded from their website. HTTPS Everywhere will make sure you only get to see secure websites. If you try to access a HTTP website it will notify you of the danger. If there is a safe HTTPS version of a website, the extension will automatically send you there instead. Some VPN providers have started adding a similar function to their service. With these VPN providers you are protected with a premium VPN and you are send to HTTPS websites automatically if these exist. An example of a VPN provider with this added service is CyberGhost.
Final Thoughts
HTTP and HTTPS take care of the communication between browser and server. Originally, HTTPS was created to secure sensitive data. Now it has become a rule for secure internet use. With a green padlock in the left corner of your address bar it is easy to check if a website has this secure version of communication and end-to-end encryption. However, checking this for every website we visit can be quite the hassle. You can use the free browser extension HTTPS Everywhere to do the work for you. When turned on, you won’t be able to accidentally visit an unsecure website.