When you open a website, do you notice a padlock icon in the front of the address bar? Just next to that you could read the site URL starting with HTTP or HTTPS — those are protocols. Well, Google Chrome is doubling down on websites carrying just HTTP in their URL and marking them not secure since July 2018. Why did Google suddenly take such an extreme step?
Well, Google believes that Internet users should expect that the web is safe by default. Hold on, hold on. You must be wondering what does HTTP or HTTPS have to do with safety? Well, the additional S at the end of HTTP makes a world of difference.
In this guide, you will learn what these two terms mean, how they differ from each other and most importantly, why you should care about it.
1. What’s HTTP
HTTP stands for Hyper Text Transfer Protocol which defines and governs the rules for the transfer of information, or data packets, over the World Wide Web (WWW). In simpler terms, the data exchange takes place between the server hosting the website information and the browser that is requesting that very information. That’s how you can view and interact with a web page. Still with me? Cool.
That data is called Hyper Text in technical language. Hence the name. While there are other protocols available, HTTP is the simplest and most widely used data transfer protocol. A gold standard, if you will.
In HTTP format, the data is transferred in plain text, making it easier to read and also intercept and hack.
Fun Fact: Tim Berners-Lee wrote the first web client and server back in the year 1990. Widely regarded as the father of the Internet, he wrote the HTTP protocol too.
2. What’s HTTPS
In HTTPS, the ‘S’ stands for Secure. That means your connection to the specific website's server is secure and it is difficult to snoop on your activity. I guess you know what that means? With the rise in the number of cybercrimes, in various forms and shapes, there arose a need for a more secure way to transfer data over the web.
Cryptographic protocols such as TLS (Transport Layer Security) and SSL (Secure Sockets Layer) were developed to overcome the limitations of HTTP. These protocols are used to make sure that the data is encrypted before it is transferred. Today, TLS has been deprecated in favor of SSL.
Both protocols are meant to protect user privacy and maintain data integrity while it gets transferred between the servers and the browser requesting it.
Also on Guiding Tech
Here are some objective differences between the two protocols:
HTTPS has an S in the URL.
HTTPS is more secure than HTTP.
HTTPS requires a certificate, typically SSL.
HTTPS uses encryption, and HTTP doesn't.
HTTPS uses port number 443 while HTTP uses 80.
HTTPS will protect you from man-in-the-middle attacks. (Well, mostly unless the hacker is crafty.)
4. Why You Should Care
Let’s take an example. Say, you are shopping on Amazon for the upcoming holiday season. I know there’s still time, but some people like to plan ahead. Anyway, you have selected an item and proceed to checkout. Amazon will now use HTTPS in the browser during the checkout process. Why?
To make sure that hackers do not intercept your financial information like credit card and bank details. Before transferring that data, it will get encrypted and securely passed through the necessary round of checks.
So how would you check whether a site is safe or not? Look for a padlock icon at the extreme left in the address bar of the browser. Click on it to look for more details like cookies stored, SSL certificate provider, and other information regarding permissions. Go on, try it out with our site — https://www.guidingtech.com.
Most browsers, including Google Chrome, will mark the site as ‘not secure’ in the address bar if the browser can't locate an SSL certificate. That makes it easy for the users to know whether or not to trust the said site.
Now that you know the difference, always check the address bar for the padlock icon before entering any sensitive information on a website.
Even if you are not entering any sensitive information, not filling any forms, it is still crucial to check the security of the website. That’s because hackers today are using smarter methods to inject code in your browser, install programs sneakily, and set up trackers to the aggregate data about user behavior and patterns.
As a user, always check whether the site is secured and carries an SSL certificate if you plan to make a buy something or enter any financial information.
Also on Guiding Tech
5. The Road Ahead
Following the footsteps of Google Chrome, other Chromium Project-based browsers are also slowly adopting the methodology to mark the HTTP protocol carrying sites as "not secure". In a way, Google aims to set an example with Chrome.
Because most people use Google Search as well as Chrome as their default browser, the implications of that are going to be far and wide. Google shared the idea first at a Chrome Developers’ conference and since then, has taken root.
The developers working at Google have written an in-depth post on the importance and benefits of securing the web. I recommend you to go through it once.
A Google transparency report shows that web encryption across the Internet, and even within various Google products, has gradually increased over the years. But it also shows that there is still a long way to go.
HTTPS is the future of the web, and rightly so.
Is the Web's Future Secure?
With the growing rate of sophisticated attacks, the green padlock icon for HTTPS is not enough. The web functions in a chaotic and complicated. Meanwhile the aspects related to security as well as loopholes are constantly evolving. Flagging HTTP protocol websites as 'not secure' might push other website makers to employ better security and encryption measures.
As a user, you should be aware of it and pay attention to the same while browsing the web. After all, it is your responsibility to take enough measures to protect your privacy and secure your system. So you would need more than a browser and an antivirus program to stay secure on the wild wild web.
Next up: Looking for browsers that are built with a privacy-first mindset? Click on the link below to learn more about Firefox Focus and DuckDuckGo mobile browsers.