When you see an “s” at the end of “http” websites, it’s a security barrier used to boost privacy on websites that handle money or personal data, like banks ecommerce sites, email servers, etc. But, this newish protocol is not the answer to the security challenges we face on the internet.
But the HTTPS landscape is changing. Now, tech giants, like Google and Mozilla (the techies behind the most popular web browsers, Chrome and Firefox), have decided that each and every website must adopt the HTTPS protocol. They’ll “enforce” this by marking websites that lack the “s” with a red in the browser bar for everyone to see.
The main browsers, like Chrome and Firefox, move to adopt HTTPS protocol
This is an incredible leap for internet privacy, right? Well, on the one hand, it could be awesome news for both home users and businesses; businesses will be able to see which websites encrypt data traveling on the site—starting with the information’s journey from a client’s computer to the webserver, and vice versa. Now, HTTPS websites will protect our personal information from cyber-attackers or spies.
So what’s the downside? The way its communicated to the user: the websites will implement a color-coded system—red for HTTP and green for HTTPS, fooling users into thinking that all green-lit websites are secure. In reality, no one can truly guarantee that they are 100% secure, especially not a web browser color. The S at the end of the protocol cannot erase our suspicions of website security.
The key to making this protocol work is by making internet users understand this protocol (Google and Mozilla are succeeding at this, currently). Additionally, adopting HTTPS as a standard de facto- at least if you don’t use it for your corporate website—you may run the risk of being cast away from the most popular search websites in the world. This complicates things for developers working with this protocol.
Regardless, we’ll be noticing HTTPS on almost all websites from here on out. It is definitely not the answer to our security issues, but it could seem that way for people uneducated on the issue. Of course it’s preferred to navigate HTTPS-protected pages (because, in theory, your messages are encrypted and the website must have proof of authenticity), but you should also remember that this does not mean the site is malware or threat free—these security flaws are a whole ‘nother story.
If a page uses HTTPS it does not mean they are free of malware or threats
In other words
Sites without HTTPS are insecure: almost always true.
Sites using HTTPS are completely secure: not always true.