Nowadays, most of us share a whole bunch of information to everyone mostly through social media. But do we take privacy seriously when we are finally signed out?
More and more of us use online services that handle a lot of personal sensitive data; we check our bank account balance online, we use our credit card online to buy stuff, we complete all kinds of forms to subscribe to newsletters, offers or even at a new website we found to be worthy of our time. But how can you be sure that the information you handed over so easily is kept safe? What if someone could alter the communication between you and the server (the so-called man-in-the middle attack)?
Well, before you start worrying that someone stole your identity and used your credit card to buy a ticket to New York, take a step back. There are ways to keep you safe and we will introduce you to the most common one, HTTPS and the differences between HTTPS and the most common one, unfortunately, HTTP.
How can I distinguish if the website I am visiting uses HTTP or HTTPS?
Have you ever noticed that most of the websites that interact with you in some way, have a small word written next to the website’s URL (that’s on the top of your browser usually), slightly different that the usual? Well this small word should be https:// while the usual one is http:// and we are now going to talk about the fundamental differences between those two and which one helps you keep your information safe.
HTTP VS HTTPS
While HTTP is the foundation of data communication for the WEB, it does not actually provide any security protocol (it only allows authentication in some cases) thus it is easy for someone with the appropriate knowledge to steal your information if the website has not yet migrated from HTTP to HTTPS.
HTTPS on the other hand, uses the SSL/TLS protocol to encrypt the data exchanged between you and the server, it secures the data so no one can modify them and authenticates (proves) that you are actually communicating with the intended server.
Is HTTPS actually widely used or not?
Well, that really depends on your internet surfing habits but let’s assume, for example, that you use a search engine almost every day (as most of us do). All 3 major search engines (Google, Yahoo and Bing) have already implemented HTTPS protocol and you should be thrilled since it does not only help you to stay safe, but also keeps your searches private! To make it simple if you are using a computer/smartphone connected to your workspace’s network (which is most likely being monitored), the person that monitors your internet activity can see that you are using Google for example, but he/she can’t see what you are searching for! Isn’t that great?!
Apart from search engines, Facebook, Twitter, Ebay, Amazon, Gmail, Yahoo Mail, YouTube, VPNCompare and a vast majority of other websites and e-shops are currently using it.
Can I enable HTTPS on websites that are only using HTTP?
Yes you can and it’s actually easy and handy! The easiest way is by adding an add-on at your browser (supported by either Chrome, Firefox, Opera or IE). “HTTPS everywhere” is the most popular one, though I have to warn you that a lot of issues have been reported. The most common one is website crash.
Why should a Web Designer use HTTPS?
If you find yourself in the position of creating a website you may want to consider to implement HTTPS, even if no sensitive personal data are required by the users, to increase your traffic. You might find this strange, but you should know that Google has announced that the websites using HTTPS are pushed up in the rankings. It’s a win-win scenario as you both keep your users happy and safe and you get more traffic!
Got any other related questions? Feel free to use the comment section below!