Q: When I surf the web, I see “HTTP” and sometime “HTTPS” in the address bar. What is the difference, and should I care?
A: Definitely you should care! Here’s why:
Communication between your computer or smart phone and the destination website traverses over public Internet via many routes. Packets are sent from your computer to the Internet in “Plain Text”, if the web address starts with HTTP.
What this means is that someone with a little computer knowledge, can eavesdrop and grab your information in your browser without your knowledge. Imagine that you are making a purchase from an unsecure ecommerce site and entering your personal information, home address along with your credit card information.
All this data can be compromised and stolen. Hackers sell your information on the Internet for financial gains. The HTTP protocol (Hyper Text Transfer Protocol), initially was designed to figure out a simple way to share information companies put on the Internet with users. The protocol by nature was not secure and the data could be intercepted on the Internet by others. The challenge became as how to protect the data between computers and Internet. The new protocol, HTTPS (Hyper Text Transfer Protocol Secure) was established to overcome this problem. Basically, with HTTPS, all communication between the sender and the recipient is encrypted- meaning, even if it is intercepted, it won’t be readable. No one would be able to decipher the data except the sender and recipient. There is a secret key that is exchanged between the sender and recipient before transfer starts, so they are the only two that can read the data.
Companies are more and more adopting to the new HTTPS protocol by default, to give a sense of security to their users when their site is visited. Always look for a lock symbol when visiting a site. Secure sites’ address always starts with HTTPS and they all have a pad lock.
Google Chrome browser’s latest update 68 in July of 2018 will display a Warning if a site is not secure and has HTTP in its address. Chrome will display a “Not Secure” next to the address field, if the site is not HTTPS. Companies are encouraged to change their website to enforce the secure HTTPS protocol.
