HTTP vs HTTPS: What Are They and Why Should You Bother [ILFS Explains]

0 Comments
Editor Ratings:
User Ratings:
[Total: 0    Average: 0/5]




Over the past decade and a half, the Internet has become an almost inevitable part of our lives. Countless people from all around the world, spend a major chunk of their day hooked up into this invisible but Omni-prevalent mesh of inter-connectivity. Internet users come from all age groups, from business executives whose E-mail clients keep on buzzing with Push E-mail notifications and Stock prices, to teenagers who seem to be interested in sharing their entire lives with their “FB” buddies, posting those “INSTAGRAMIFIED” self-clicks, to hardcore tech geeks like me and everyone that contributes to this great tech blog because, well, because we love doing it.

blog_http_https2-1024x642

But have you ever wondered, what happens to all this information that we share with each other on a daily basis? How it’s handled, and more importantly, why you should know how it’s handled and why you should ensure it’s handled the way it’s supposed to be handled? Sounds confusing? Read on.

What is HTTP?

HTTP stands for Hyper Text Transfer Protocol. I’m quite sure that even though most of us really don’t care about it, we can surely recall having seen this acronym countless times. Well, you’re right. HTTP is the protocol (a set of rules that defines how a particular system works) that majorly defines the flow of information across the Internet. This is something that becomes evident the moment you expand this well known acronym. “Hyper Text” looks like any normal text, but that’s where the similarities end. Hyper text is basically the founding block of any webpage, and thus the atomic element of all the feature rich websites that we keep our eyes glued to 24×7.  Hyper Text thus, is an “active text” that you can interact with. Any link on any page is hypertext. Whenever you click on a link (hypertext), it changes in color, and leads you to another page. This interaction forms the basis upon which information propagates (or gets transferred) across the Internet.

Http illustration

Does the above picture ring a bell? Of course it does. HTTP is basically the first element of any URL (Universal or Uniform Resource Locator, also known as website or webpage address) on the Internet. To some extent, depending upon the browser that you’re using, HTTP gets prepended to any URL that you type in the address bar, from the word go. Whether you type Facebook.com, Gmail.com or any other web address, it’s never complete without HTTP. Some browsers like Google Chrome only display the website’s address and hide it, but that doesn’t mean that it doesn’t exist. No matter what happens, HTTP or Hyper Text Transfer Protocol is the Omni-present important driving force that helps to ensure the smooth flow of information across the Internet. It has done this effectively for every single webpage on the Internet for every single day, and it will (hopefully – unless of course, a newer protocol takes over!!) continue to do so for the foreseeable future.

What is HTTPS? and what’s with the Extra “S”?

HTTPS stands for Hyper Text Transfer Protocol Secured. At the core, it is virtually identical to HTTP. It’s also argued that HTTPS is not even an altogether different protocol. And for the major part, this is true. HTTPS isn’t a separate protocol. It’s just the good ol’ Hyper Text Transfer Protocol encapsulated with an extra layer of “SECURITY” (Hence the keyword – Secured).

The need for slapping HTTP with a layer of security was initially felt when online transactions (e-commerce) became popular. But over the years, its use has expanded to almost all websites that require a user to input some confidential information on a webpage. More and more websites are moving to the HTTPS standard, and in a way, it’s good that they are.

Essentially, HTTPS is the same as HTTP. Just like HTTP, the websites that employ HTTPS have their web address prepended with HTTPS. But what happens at the core is much more. The websites or webpages employing the HTTPS standard have their communications secured and Encrypted (Encryption essentially means to convert standard information into unreadable stuff with a secure key so that only the intended recipient can read it with his/her separate secure key) with SSL (Secure Socket Layer) and its successor TLS (Transport Layer Security). These layers are also cryptographic protocols that ensure that any sensitive user information that has to travel across the Internet does so in the most secure way possible.

So, whenever a user enters any confidential information on a webpage on the Internet (say – username and password on social networking sites like Facebook, E-mail services like Gmail, Internet Banking IDs and Credit/Debit card numbers on banking portals like chase.com, axis bank.com and so on), then this information is first encrypted and secured using the portal provider’s security certificate (A secure online document provided by a third party certification authority (like Go Daddy, VeriSign) that identifies a website as secure to the browser, and to the user) before being used to authenticate a user’s identity on the web portal.

Any Https secured website is fairly easy to identify. As the figure below indicates, the word https appears before any HTTPS secured website. Moreover, all HTTPS secure websites also display a small LOCK icon, somewhere in the address bar. This lock icon (position may vary depending upon the browser), when clicked, provides important information about the Security Certificate’s Issuing Authority (VERISIGN in the screenshot)

httpsecureillustration1

Thus, HTTPS is essentially HTTP but with an extra layer of security. And this secure layer ensures that the confidential information of millions of online users remains the way it is supposed to be – confidential, whenever they are online. No wonder all E-mail Providers, Online Shopping Portals, Social networking Websites, have now all of their websites secured using HTTPS.

Also check out what is POP and IMAP.

Why you should make sure that (most of) the websites you visit are HTTPS secured?

  • For the obvious reasons cited above. Any site that requires you to enter confidential information should make you feel comfortable in doing so. And HTTPS is the only way to do that.
  • HTTPS makes the Internet a much safer place. Besides, the horrific consequences of having your identity stolen and misused online are often more far more than they initially may appear to be.
  • With an increasing number of websites requiring you to make an account before being able to do something as simple as posting a comment, HTTPS becomes all the way more important.

How can you check whether a website is HTTPS secured?

  • As mentioned earlier in the article, check for the words https before the URL of the webpage in the address bar.
  • The URL of any website secured with HTTPS will always have a small lock icon besides it.
  • Always click the lock icon to make sure the Certification Authority (The Certificate Issuer) is a well known one. (Examples include VeriSign, Go Daddy, to name a few)

Conclusion

The Internet has become an important part of our lives. More and more people are sharing their private information with others every single day. With all this information overload, it becomes paramount that the security of this information is ensured. And HTTPS is an important step towards accomplishing that. However, any technology is only as secure as its users. So Internet users should be prudent enough to ensure  that information they share with others is shared in accordance with good usage practices.

What do you guys think about HTTPS? Do you take care of this while entering your private information on websites that seem to be so much interested in knowing everything in our lives? Do let me know your thoughts in the comments.

Editor Ratings:
User Ratings:
[Total: 0    Average: 0/5]