Most web traffic online is now sent over an HTTPS connection, making it â€œsecure.â€� In fact, Google now warns that unencrypted HTTP sites are â€œNot Secure.â€� So why is there still so much malware, phishing, and other dangerous activity online?
â€œSecureâ€� Sites Just Have a Secure Connection
Chrome used to display the word â€œSecureâ€� and a green padlock in the address bar when you were visiting a website using HTTPS. Modern versions of Chrome simple have a little gray lock icon here, without the word â€œSecure.â€�
Thatâ€™s partly because HTTPS is now considered the new baseline standard. Everything should be secure by default, so Chrome only warns you that a connection is â€œNot Secureâ€� when youâ€™re accessing a site over an HTTP connection.
However, the word â€œSecureâ€� is also gone because it was a little misleading. It sounds like Chrome is vouching for the contents of the site as if everything on this page is â€œsecure.â€� But thatâ€™s not true at all. A â€œsecureâ€� HTTPS site could be filled with malware or be a fake phishing site.
HTTPS Stops Snooping and Tampering
HTTPS is great, but it doesnâ€™t just make everything secure. HTTPS stands for Hypertext Transfer Protocol Secure. Itâ€™s like the standard HTTP protocol for connecting to websites, but with a layer of secure encryption.
This encryption prevents people from snooping on your data in transit, and it stops man-in-the-middle attacks that can modify the website as itâ€™s sent to you. For example, no one can snoop on payment details you send to the website.
In short, HTTPS ensures the connection between you and that particular website is secure. No one can eavesdrop or tamper with it. Thatâ€™s it.
This Doesnâ€™t Really Mean a Site is â€œSecureâ€�
HTTPS is great, and all websites should use it. However, all it means is youâ€™re using a secure connection with that particular website. The word â€œSecureâ€� doesnâ€™t say anything about the contents of that website. All it means is the website operator has purchased a certificate and set up encryption to secure the connection.
For example, a dangerous website full of malicious downloads might be delivered via HTTPS. All that means it the website and the files you download are sent over a secure connection, but they might not be secure.
Similarly, a criminal could buy a domain like â€œbankoamerica.com,â€� get an SSL encryption certificate for it, and imitate Bank of Americaâ€™s real website. This would be a phishing site with the â€œsecureâ€� padlock, but all that means is you have a secure connection to that phishing site.
HTTPS Is Still Great
Despite the phrasing browsers have used for years, HTTPS sites arenâ€™t really â€œsecure.â€� Websites switching to HTTPS helps solve some problems, but it doesnâ€™t end the scourge of malware, phishing, spam, attacks on vulnerable sites, or various other scams online.
The shift toward HTTPs is still great for the internet! According to Googleâ€™s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. And Chrome users on Windows spend 88% of their browsing time on HTTPS sites.
This transition does make it harder for criminals to eavesdrop on personal data, especially on public Wi-Fi or other public networks. It also greatly minimizes the odds that youâ€™ll encounter a man-in-the-middle attack on public Wi-Fi or another network.
For example, letâ€™s say youâ€™re downloading a programâ€™s .exe file from a website while youâ€™re connected to a public Wi-Fi network. If youâ€™re connected with HTTP, the Wi-FI operator could tamper with the download and send you a different, malicious .exe file. If youâ€™re connected with HTTPS, the connection is secure, and no one can tamper with your software download.
Thatâ€™s a huge win! But itâ€™s no silver bullet. You still need to use basic online safety practices to protect yourself from malware, spot phishing sites, and avoid other online problems.
Image Credit: Eny Setiyowati/Shutterstock.com.
The post HTTPS Is Almost Everywhere. So Why Isnâ€™t the Internet Secure Now? appeared first on TechFans.