In recent years attacks against large public websites such as Facebook and Google have accelerated the important trend to increase user security by moving web communication from HTTP to HTTPS.
HTTP is the method that web browsers and many applications use to communicate over the internet. When you open a website with a browser (like Firefox or Chrome), the information is communicated between the site and your computer using HTTP.
HTTP allows anyone on the same network between your computer and the server to read what you are downloading and uploading, including your passwords. With more computers using wireless networks—especially in places like cafes and similar public places—it becomes trivially easy for malicious parties to spy on, steal, and sabotage your online activity.
HTTPS encrypts the communication between your web browser and a website to hide the information being exchanged. In most cases, the only information an attacker can access when HTTPS is in use is the domain name you are viewing and the website’s IP address.
When you are browsing, HTTPS protects your privacy and data in some simple but very useful ways:
If, for example, you are reading an article about an LGBTQI issue on a general news website, a monitoring party is only able to see that you visited the site but would not see which specific articles you read. (Be advised, however, that if the website itself is LGBTQI-specific, that is another challenge entirely.) HTTPS does not protect you from someone pursuing other ways to access your full browsing history, but it limits the data available when tapping your internet communication at a cafe or if authorities demand this information from your ISP.
HTTPS protects login information from being read by malicious people on your network. Think twice before participating in forums or websites without HTTPS. If you do chose to participate on HTTP-only sites, be very careful not to use your real name or share any personally identifying information.
If you are working with sensitive information but you only have access to an HTTP website, it is safer to wait until you have access to an HTTPS-enabled website before you upload or download anything.
Some websites have HTTPS enabled, but still use HTTP by default as a cost-saving strategy. You can help secure your browsing by using the HTTPS Everywhere tool, which has a Firefox add-on and a Chrome extension. HTTPS Everywhere forces your browser to use the HTTPS version of a website whenever one is available.
Each time you visit a new website, look at the address bar. If you don’t see “https://” before the domain name, you are only using HTTP. Be extra alert and vigilant about your activity on that site.
This blog post was written for Arab Foundation for Freedoms and Equality as part of their Security Blog. This post may not be republished before 1 January 2017. Original: HTTPS: Helping Secure Your Internet Communication Published: 23.06.2016