HTTP and HTTPS?

Author • Praise Oyeniyi

___________

- What’s the difference?

- Which is safe?

- Importance of HTTPS?

You probably have noticed HTTP/HTTPS in browsers and have been wondering what they mean, or you know, but you think your browser just selects between them randomly. Well… Not so, they’re not only meaningful but they’re also different, join me as we dissect this together

What is HTTP (Hypertext Transfer Protocol)?

It is the primary protocol (A Protocol is a set of rules that we use for specific purposes. In the current scenario, it is about communication) used to send data between a web browser and a website. Simply put, it is the way Joe’s browser and the internet server communicate with each other. The HTTP handles two main type of messages; Request (GET) and response (POST). How does this work? For example, Joe wants to log on to his Twitter account through his web browser, then he logs on to google to search for “Twitter”, series of results are displayed, if Joe clicks on any link afterwards, Joe’s browser would create and send series of “HTTP GET” requests to the server – ‘why?

It’s because the sever hosts what the web browser data and it has to GET it’ – the server would then generate an “HTTP POST” response to render the webpage to Joe’s browser. NB: All these requests and the response gotten are sent as plain text between Joe’s browser and the sever.

What is HTTPS (Hypertext Transfer Protocol Secure)?

It is the secure version of HTTP. As seen above, the “S” behind the HTTP stands for SECURE. The lock icon also confirms HTTPS websites.

How does the HTTPS work?

HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer security (TLS), formerly known as Secure sockets Layer (SSL).

This protocol secures communications by using what’s known as an asymmetric(one-way) public key infrastructure that allows two different keys to encrypt communications between two parties: What is a Public Key?

THE PUBLIC KEY – When Joe visits a website with an HTTPS address link, the information, any information Joe provides to that website remains encrypted and can only be decrypted with THE PRIVATE KEY which is only available to the website owner thereby making sure no one else can get Joe’s information.

HTTP and HTTPS - What are their differences?

1. HTTPS prevents websites from having their information sent in a way that can be easily viewed/accessed by anyone snooping on their network. HTTP on the other hand, allows all communications occur in plain text, making them easily accessible to anyone with the right tools, and vulnerable to on-path attacks. This makes communication over an unsecure medium, such as public Wi-Fi, highly vulnerable to snooping, interception, compromisation.

Let’s look at an example:

Before encryption (HTTP): “This is a string of text that is completely readable” 

After encryption (HTTPS), the above text becomes something like: “ITM0IRyiEhVpa6VnKyExMiEgNveroyWBPlgGyfkflYjDaaFfKn3bo3OfghBPDWo6AfSHlNtL8N7ITEwIXc1gU5X73xMsJormzzXlwOyrC”

2.  In HTTP websites, it is possible for Internet service providers (ISPs) or other parties to inject content into webpages without the approval of the website owner. This mostly take advertising form, where an ISP injects advertising into customers webpages.

HTTPS eliminates the ability of unmoderated third parties to inject advertising into web content.

Importance of HTTPS?

1.    HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms. 

2.    HTTPS is used to prevent men-in-the-middle attack. Where Joe’s information cannot be snooped, compromised and infected.

3.    HTTPS protects you while you’re on public WIFI’s. When Joe surfs the internet through a public Wi-Fi, it is possible for an hacker to hack into the WIFI’s router and get every detail Joe provides to websites while still connected to the Wi-Fi, but with HTTPS, Joe is secured to an extent.

Read: VPNs and what they do by Praise Oyeniyi

Should Joe be cautious?

Every information provided here is personal so, I think Joe can go ahead to decide what websites he provides with his sensitive information.

HTTP and HTTPS! What’s the difference? Which is safe? Importance of HTTPS?

©2021 Praise Oyeniyi. All Rights Reserved.

BRIEF - HTTP and HTTPS?

HTTP and HTTPS are two protocols used to transfer data over the internet. HTTP stands for Hypertext Transfer Protocol, while HTTPS stands for Hypertext Transfer Protocol Secure. The main difference between the two is that HTTPS uses an encrypted connection to communicate between the server and the browser, while HTTP does not. This means that HTTPS is more secure than HTTP, as it protects the transferred data from being stolen as it’s exchanged. HTTPS uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols to establish an encrypted connection between the client and the server. HTTPS requires the use of SSL/TLS certificates, which verify the authenticity of the server and establish a secure connection with the client. HTTPS is recommended for transmitting sensitive information, such as passwords, credit card details, and personal data, as it provides a higher level of security. On the other hand, HTTP is recommended for non-sensitive data or when security is not a major concern.