What is HTTPS? Am I protected?
When you visit a website, they all begin with HTTP:// or HTTPS://, but what’s the difference?
HTTP stands for HyperText Transport Protocol. See, the Internet is old… that is, the thing that was around before the Internet, called Arpanet. And back then, everything had a prefix on what mode of communication was being used. Going to talk to a File Server to transfer files? That’s an FTP (File Transport Protocol) connection, which you would use ftp://. Going to a text-based page? That’s HTTP, and so forth. Each address had to have an identifier (how are you communicating with this other thing?) at the start of the address so the server knows how to properly communicate with it.
Do we need it today? No, but it’s there for legacy sake. That’s why you can enter a website address either with or without http/https:// and click go, your browser often removes the http/https from view. It’s still there but not important enough that you really need to see it.
When you visit a web page via HTTP, it transmits all that information in the clear; unencrypted. No big deal, unless it contains information you want no one else to see.
A colleague once had a great analogy when he described to a client how the Internet works: It’s not an extension cord.
What he meant by that is, it’s a series of connections from one end to another. It’s you and the website, but it’s not point “A” to point “B”. It’s more likely point “A” to point “G”. Your communication to that site is shared with everyone else, for that website and many others.
Everyone (anyone?) can listen to Internet traffic, if they wanted to. It’d be like picking up your phone and listening to every phone conversation going on at that moment, with everyone around the world. You couldn’t make sense of it all; they’re too many conversations happening at once. But the Internet knows and routes that conversation from here to there.
But (bad guys / anyone) can listen in on those conversations, and see the content on those sites – what you send to it (entering your login credentials) and the pages it returns back to your web browser. Here’s where HTTPS comes in.
HTTPS, with that last letter standing for “Secure”, means that the entire conversation is encrypted. You enter information on the screen and click OK, it sends the info to the website and it spits you back information. That entire communication is encrypted and only you and that web server can read it. No one listening in knows what’s being transmitted.
So you’re protected! For the most part…
Why am I saying this? I’m writing this so you don’t have a false sense of security. If you see a locked padlock on the address bar of your web browser, it’s “safe”, because it’s encrypted and any communication between and the website you’re visiting will be just between you two. BUT never assume that since you see that padlock that you’re completely protected from identity or credit card theft. It’s in that website’s best interest to protect all your information once they have it (ie, they also encrypt the data they store). Then if a breach ever occurred, there’s not much they can do with it.
Another thing… buying something online? You’re entering payment details, like your name, address, and credit card info, always make sure you see a padlock icon next to the website address. If it’s there, breathe a sigh of relief. If it’s not… don’t do it! Don’t buy from what site.
Someone once said to me, what are the odds of someone really listening in on the Internet traffic to pick out my credit card info. I said, okay, in this crowded room, shout out your PIN code for your bank account. Sure, it’s possible that nothing would happen, but do you really want to take that risk?