Most casual users only take a glance at the green HTTPS padlock when they open up a website, not paying attention to some of the more precise details of the platform itself. In practice, this is most often a good way of telling if a site is safe. But, there's one question that a growing number of privacy-oriented users are asking - as most websites nowadays can boast with HTTPS, can such a feature maintain the same reputation and security levels as before? In this post, we go into the details of HTTPS to find out if it can be enough to protect your online privacy and security.
What is HTTPS?
Hypertext Transfer Protocol Secure, more commonly known as HTTPS, is the modern version of the HTTP application protocol. It builds upon the original by adding TLS/SSL encryption over the base HTTP protocol. If you want to read up more on how this type of encryption works, we've talked about TLS/SSL topic before on our site, so make sure you go through it if you want to know exactly how it works.
HTTPS helps websites protect their information from any unwanted eyes, snooping ISP's or potential security threats. Unlike HTTP, which can easily be evesdropped, HTTPS encrypts traffic so that even if your information gets viewed, the third-party will only be able to see long rows of nonsensical characters bundled together. It also goes without saying that websites that don't use HTTPS encryption can suffer third-party breaches and unmoderated advertizing injections into their platforms.
The way how HTTPS works is quite simple. When you connect to a particular webpage, it then sends over its Secure Sockets Layer (SSL) certificate to your computer. The SSL certificate holds the public key required to start the secure browsing session. After this, the server computer and your device undergo an SSL/TLS handshake. This is a series of back and forth transmissions between the two devices necessary to establish a secure connection.
What does the Green Padlock Mean?
We mentioned the green padlock at the beginning of this article, but what does it represent? It merely serves to show that all online traffic to and from the site is protected and encrypted. The green padlock has a very important purpose. It guarantees that the site you have typed into the address bar is indeed the one you've accessed. Of course, it is by no means ensures that the site you're accessing is trustworthy. This leads us to the next question.
Possible Limitations of HTTPS
To fully understand HTTPS, we also have to touch on its possible limitations. Although HTTPS may seem like a very secure mechanism to have by your side, it is a fairly simple protocol. Some of the biggest limitations it faces are:
Server Identity Weak Points
One of the biggest concerns when it comes to server limitations is the so-called "certificate verification" process. During this procedure, the applicant must prove that he is in control of the domain he wants to certify. This issue brings us back to the green padlock we mentioned above. While the green padlock does prove that the site is the one which it says it is, the attackers can simply register the platform under a domain name that looks similar to the original. For example, they can register under facebook.com.somewebsite.com. Users who don't understand how URLs work or don't pay attention to address details can easily get hooked and share all of their personal and sensitive information with the illegitimate site.
Client Identity Weak Points
HTTPS aims to protect all information while it is in transit between two endpoints. However, it does not protect the information when it is loaded in the client app. This means that, if the browser has been previously infected with malware due to the app's weak points, or the client has been affected by user tampering in some way, it is susceptible to spyware attacks. These attacks can range from OS malware to malicious browser extensions.
Besides the two main weak points that can come up from the server's or client's side, many other HTTPS limitations can happen in practice. Deployment limitations such as having non-secured links (http) and mixed content (https and http) and other real-world implementation limitations can serve as possible exploit points for malicious third-parties.
Always Make Sure to Double-Check
Since HTTPS has become a common thing in today's online world, malicious sites don't shy away from featuring the green padlock icon on their platforms. As a result of this, users should pay extra attention to the type of certificate that's behind the icon. Only when you are completely sure and satisfied with the information the site provides you with, should you enter your sensitive credit information or personal data.
To sum it up, HTTPS undoubtedly brings a lot of security benefits to the table and helps make our online browsing experience safer. Nevertheless, you should also be aware of all of its limitations and know what it cannot do. On its own, HTTPS often isn't enough, but when coupled along with other security and privacy tools, it can provide you with an overall very secure and private online environment.
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.