If a website isn’t served over HTTPS, then your communication with it is not secure
When it comes to HTTP vs HTTPS, the devil is in the details. Not like, literally. He’s not waiting in the minutiae to plunge a pitchfork into your nether regions or anything—it’s just an expression. But it’s a good one. Especially in my experience. For instance, I used to think I was in a good parking spot, safe, under a tree, shaded from the hot sun—but those birds’ nests in the branches said otherwise. A pretty big detail to miss. That’s why it’s important to be vigilant, cautious. I wasn’t born that way, but I sure am now. My car has been pooped on a lot in life.
But that’s not why we’re here. We’re here to talk about the difference between HTTP and HTTPS. How on the internet, that one little letter – S – makes all the difference. A small detail, it may seem, but an important one.
I Just HTTP-ed All Over Myself
HTTP stands for Hypertext Transfer Protocol. I didn’t know that until I looked it up. Hypertext is normal text that is flipping out like a four-year-old at a birthday party [Editor’s Note: No, it’s not]. Actually, I’m not sure that’s right [Editor’s Note: It isn’t—Hypertext is structured text that uses hyperlinks between nodes containing text], but that’s not really important for the sake of this discussion [Editor’s Note: It kind of is]. All you need to know is that the HTTP protocol is used to transmit information between a web server and a web browser.
What’s interesting is that HTTP first debuted in 1997, the same year that Mike Tyson bit off part of Evander Holyfield’s ear—which, incidentally, is why I never let anyone with a gap in their teeth get too close to my head. The fact that HTTP is still in use today means that it’s old—ancient by internet standards.
The problem with HTTP communication is that it’s not encrypted. Encryption is the process where all communication from a browser is basically scrambled, or encrypted, and the only one capable of unscrambling it is the web server with the proper key. HTTP doesn’t have that capability. So, all of the communication that’s occurring between the browser and the server during an HTTP session is out in the open—visible to anyone who cares to see.
For a layman, like myself, that means anything you send to that website is capable of being intercepted or altered by any interested third party. Banking information, personal details, ANYTHING you send can be stolen. You are not safe. It’s enough to make you want to stop using the internet altogether.
I did. I stayed offline for seven months the first time my identity got stolen—thanks to not knowing that I wasn’t secure over HTTP. The last time it happened I felt almost as silly as the time a now ex-friend of mine tricked me into jamming my credit card into my computer’s floppy disk drive to pay for a set of, well… nevermind. Of course, you millennials probably don’t even know what a floppy disk is—aside from perilously close to a phallic spelling error.
Anyway, sticking a credit card into a disk drive to pay for online transactions don’t work, by the way. And neither does HTTP. I mean, it does work. But it’s not safe.
HTTPS – The S is for Super [Editor’s Note: Nope]
Before we get to HTTPS, I have to try and explain SSL/TLS. An SSL Certificate is what enables encryption, except an SSL Certificate is actually an SSL Certificate in name only. You see, SSL has evolved and is now called TLS. SSL stands for Secure Sockets Layer, TLS stands for Transport Layer Security. They both do the same thing, but nowadays TLS Certificates are the norm since SSL is outmoded. But TLS Certificates are still sold as SSL Certificates. I know, it’s confusing. I’m even a little confused myself. So let’s move on.
Ok, so a TLS Certificate (or SSL Certificate, if you will) enables encryption via HTTPS. HTTPS is actually just HTTP + TLS. How all that works is a lesson for another day (I’m not even sure myself, I’ll have to do some research)[Editor’s Note: Not sure I would have admitted that]. Anyway, the important thing is that any website served over HTTPS is secure. Nobody can intercept the information your computer is sending and misuse it.
That makes HTTPS essential if you want to conduct any kind of business online. If your bank doesn’t use HTTPS—don’t trust it. If the online store you’re shopping at doesn’t use HTTPS—don’t trust it. Even if a website is only asking for your email if it doesn’t use HTTPS—don’t trust it. Heck, I try to make it a point never to even visit sites that don’t use HTTPS. I’m always paying attention for that little “S.” The internet is not going to trick me again. Don’t let it trick you.
And here’s something else to consider too, HTTPS is secure—but not necessarily safe. Criminals can own websites too. Just because a website is served over HTTPS, doesn’t mean you can trust the people behind it. That’s why there’s business validation and OV and EV SSL Certificates. We’ll talk about that more another day though.
There are even other advantages to HTTPS beyond just encryption. Nowadays, websites served over HTTPS are up to 90% faster than ones served over HTTP. You can even go see for yourself by heading over to HTTP vs HTTPS. That’s right, HTTPS is faster AND safer. What else can you say that about? Definitely not cars. The faster you go, the more likely you are to die. I’ll be honest with you, I’m terrified to even go over 70. That’s why I drive a Saturn, people give me a pass on my speed because they just assume my car can’t even get to 70. Seriously, that engine isn’t much more than just a couple of hamsters on wheels. 2 HP—Hamster Power. Anyway, what were we talking about? Oh yeah! There’s a lot of bad people on the internet. But HTTPS helps keep them from stealing our personal information or intercepting our communication with the websites we visit.
HTTP served its purpose. Just like MySpace. It was created at the beginning of the internet era and has allowed a lot of great things to be built on the worldwide web. Unfortunately, it’s also allowed a lot of bad things to happen to good people. You just can’t trust websites served over HTTP nowadays, just like you can’t trust anyone who still uses MySpace. It’s not safe.
Fortunately, there’s HTTPS, which uses encryption to keep our communication safe. HTTPS is the only way you can be sure that whatever information you’re sending to the website you’re visiting can’t be intercepted and read by others.
The difference is all in the “S.” It may seem like a tiny detail, one that’s easy to miss, but it’s the difference between safely navigating the internet and having your social security number plastered across the web. Don’t let your social security number get plastered across the web. Look for the “S.”
Stay cautious, my friends.