Security concerns are spreading far and wide and have reached the forefront of most everybody’s mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by the masses. Most people also understand that sensitive information, such as credit card numbers or address data, should be transmitted using a secure connection.
With the rise of social networks however, more and more private information is transmitted via websites without any security layer. While it is possible to increase one’s privacy by making a profile private, the transmission of data will still be unencrypted and can thus be intercepted easily. Twitter and Facebook reacted earlier this year and have been offering an optional secure connection, i.e. HTTPS. In this article I will explain how HTTPS works and how you can enable it on any website that supports it.
What Does HTTPS Mean?
HTTPS stands for HyperText Transfer Protocol Secure. To make sense of this cryptic name, let’s break it up into its components.
HyperText describes the content of a website that does not require scripts or plugins, i.e. text, tables, or images. The word is also found in the acronym HTML, which means HyperText Markup Language.
HTTP is a networking protocol that guides the transfer of data between a client, for example a browser and a server, which typically is a computer hosting a website.
Secure connections are a combination of two protocols: HTTP and SSL/TLS. The latter are cryptographic protocols that encrypt network connections. The abbreviations translate into Secure Sockets Layer and Transport Layer Security. Apart from web browsing, these protocols are used to encrypt data transfers in emails, online faxes, instant messages, and voice-over-IP.
Taken together, HTTPS means that the ‘plain text’ communication of a website is encrypted to increase security.
How Can I Always Turn On HTTPS?
HTTPS is not something you can simply turn on. It is a service provided by websites and can only be enabled when offered. However, there are more and more websites that do provide this service. Unfortunately, most don’t offer HTTPS as a default connection and manually switching from HTTP to HTTPS is inconvenient and thus easily neglected.
If you want to play it safe and always use HTTPS whenever it is available, I recommend using a Firefox extension called HTTPS Everywhere. HTTPS Everywhere is a collaboration between the Tor Project and the Electronic Frontier Foundation. It was recently released as version 1.0 and has officially left the beta stage. It now contains a list of hundreds of websites that support HTTPS.
Should you find a website that is missing, you can create your own rule and add it manually. Click on the respective link in the options window of the extension to learn how to write your own rule sets.
If you wish to exclude a website, you can remove the green checkmark and prevent HTTPS Everywhere from making a secure connection. Note that this does not overrule the defaults of the website itself, which may still force a secure connection for certain tasks.
A similar extension called Use HTTPS Options is available for Chrome. Presently it only supports Twitter and Facebook.
Last year, someone asked “How I can surf the internet always using a secure SSL connection?” on MakeUseOf Answers, which created quite a discussion and highlighted how HTTPS is often misunderstood. As pointed out previously, it is not something you can force on a website, it is an encryption service that the website has to offer.
There were several more questions and if you are interested in the topic, you should check out the detailed answers:
- How can I secure my computer against attacks when visiting unsecured http sites?
- Do you need the extra security of HTTPS if your Internet connection is secure?
- How secure is http?
How secure do you feel when you browse the net and transmit private data?