What is HTTPS and why it matters?

Edward G. | April 27, 2020

To some, HTTPS versus HTTP looks like nothing more than an added “s” to a meaningless URL. But for those who care about online security, the “s” carries plenty of meaning. Still, the distinction between these two matters now more than ever. So, what exactly HTTPS should mean to you and why it is a game-changer?

Understanding the basics: what is HTTP, and what does HTTPS stand for ?

HyperText Transfer Protocol is a set of rules for transmitting a web page between a web server and your browser. Simply put, HTTP is what allows web communication through the exchange of data. It is the most basic protocol and one that has been around since the very beginning of the internet.

Although the protocol focuses on interchanging data, it cares less about the way the information travels from one place to another. It leaves the conversation in a plaintext format. Unfortunately, it means that anyone between the web server and your browser can intercept the communication and read it. While executing the man-in-the-middle attack, a threat actor can alter the HTTP and steal your private data.

For a long time, the protocol was acceptable for non-confidential data exchange. However, growing concerns amidst internet security pushed towards replacing it with something safer. This is how HTTPS was born.

What does HTTPS do ?

Full HTTPS meaning is HyperText Transfer Protocol Secured. The primary difference is that instead of plaintext, HTTPS transmits the information in an encrypted format. The new protocol uses Secure Socket Layer (SSL) and Transport Layer Security (TLS) cryptographic technologies. This way, the protocol makes it relatively difficult, if not impossible, to intercept your data. Anyone hoping to glean information from encrypted format gets nothing more, than garbled letters and numbers.

HTTPS protocol requires the websites to have SSL certificates to authenticate the transmission. These are digital certificates issued by trusted third-party authorities. Hence, they act as proof that a particular site is secure. For a long time, this was a costly procedure for website owners, so the use of HTTPS was quite rare. In recent history, however, it became the most common method of web-based data transfer.

Now, most browsers alert users that their connection is unsafe whenever they access an uncertified website. Despite all of the HTTPS complexity happening behind the scenes, your browser makes it easily recognizable. In addition to having “https://...” in your URL bar, you can also see a small padlock icon indicating your connection to the website is secure.

what is https

What does HTTPS mean to your security?

Broad adoption of the new encryption standard added a lot of padlocks - and resembling data protection - to the web. However, even though it is far more secure, it’s not foolproof.

HTTPS server encrypts the message itself, but it cannot protect some of the metadata that is integral to the transmission. That means your IP address and port numbers remain visible. Someone eavesdropping can determine the moment of connection, its duration, and how much data protocol transmits.

Often, users don’t use additional mechanisms to enforce security on the websites they visit. Hence, they cannot protect themselves from various cyberattacks. The truth is, man-in-the middle attacks are also possible with HTTPS. For instance, attackers could redirect the user to an HTTP website that looks similar to a secure one. From there, they would have all terminals set up in hopes of stealing valuable data.

Final thoughts

Without a doubt, the additional security-enhanced protocol certainly adds an extra layer of protection. However, until every website finally implements HTTPS protocol, you can take extra protection measures yourself.

With joint forces, like VPN, you can move your data in a safe fashion. A VPN secures all online communications coming from your device with a robust piece of encryption. Also, it disguises your IP address and location, as well as offers defense against internet censorship. VPN is a must for the privacy-conscious and those who wish to browse the internet without any restrictions.

Both VPN and HTTPS work well together towards more secure cyberspace. Hence, by always keeping your VPN enabled and only visiting HTTPS websites, you can have great security behind your back.

If you are still looking for a VPN that suits your needs, give Atlas VPN a go. You can use it for free, and get the feature-rich Premium service whenever you feel comfortable:

John C.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.