What Is HTTPS & How To Enable Secure Connections Per Default

Ads by Google

http secure connectionSecurity concerns are spreading far and wide and have reached the forefront of most everybody’s mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by the masses. Most people also understand that sensitive information, such as credit card numbers or address data, should be transmitted using a secure connection.

With the rise of social networks however, more and more private information is transmitted via websites without any security layer. While it is possible to increase one’s privacy by making a profile private, the transmission of data will still be unencrypted and can thus be intercepted easily. Twitter and Facebook reacted earlier this year and have been offering an optional secure connection, i.e. HTTPS. In this article I will explain how HTTPS works and how you can enable it on any website that supports it.

What Does HTTPS Mean?

HTTPS stands for HyperText Transfer Protocol Secure. To make sense of this cryptic name, let’s break it up into its components.

http secure connection

HyperText describes the content of a website that does not require scripts or plugins, i.e. text, tables, or images. The word is also found in the acronym HTML, which means HyperText Markup Language.

Ads by Google

HTTP is a networking protocol that guides the transfer of data between a client, for example a browser and a server, which typically is a computer hosting a website.

Secure connections are a combination of two protocols: HTTP and SSL/TLS. The latter are cryptographic protocols that encrypt network connections. The abbreviations translate into Secure Sockets Layer and Transport Layer Security. Apart from web browsing, these protocols are used to encrypt data transfers in emails, online faxes, instant messages, and voice-over-IP.

Taken together, HTTPS means that the ‘plain text’ communication of a website is encrypted to increase security.

How Can I Always Turn On HTTPS?

HTTPS is not something you can simply turn on. It is a service provided by websites and can only be enabled when offered. However, there are more and more websites that do provide this service. Unfortunately, most don’t offer HTTPS as a default connection and manually switching from HTTP to HTTPS is inconvenient and thus easily neglected.

If you want to play it safe and always use HTTPS whenever it is available, I recommend using a Firefox extension called HTTPS Everywhere. HTTPS Everywhere is a collaboration between the Tor Project and the Electronic Frontier Foundation. It was recently released as version 1.0 and has officially left the beta stage. It now contains a list of hundreds of websites that support HTTPS.

secure http

Should you find a website that is missing, you can create your own rule and add it manually. Click on the respective link in the options window of the extension to learn how to write your own rule sets.

If you wish to exclude a website, you can remove the green checkmark and prevent HTTPS Everywhere from making a secure connection. Note that this does not overrule the defaults of the website itself, which may still force a secure connection for certain tasks.

http secure connection

A similar extension called Use HTTPS Options is available for Chrome. Presently it only supports Twitter and Facebook.

Last year, someone asked “How I can surf the internet always using a secure SSL connection?” on MakeUseOf Answers, which created quite a discussion and highlighted how HTTPS is often misunderstood. As pointed out previously, it is not something you can force on a website, it is an encryption service that the website has to offer.

There were several more questions and if you are interested in the topic, you should check out the detailed answers:

How secure do you feel when you browse the net and transmit private data?

Image credits: jimmi, wongwean

Ads by Google

6 Comments - Write a Comment

Reply

Cell Travis

I feel HTTPS Everywhere should be a standard add-on with Firefox updates. Secondly, while I feel fairly secure transmitting private information, there are concerns regarding in-the-wild or zero-day malware that browsers may not yet be prepared to handle. These include browser hijackers among others, though I feel that with better filters and heuristics at the browser level, the problem can be contained, if not entirely solved.

Reply

Ankur

1 query. how is a connection going to be secured by a plugin. if a website doesnt support it then how can i force it to be secure. it will be still transmitted as unsecured bits over the net. 

Tina

Ankur,

that’s what the article points out (see first paragraph of ‘How can I always turn HTTPS on?’): the plugin only gathers all websites (server side) that do support/offer HTTPS and then forces the browser (client side) to use HTTPS. Obviously the client depends on what is offered by the server side.

Ankur

ok, got it. now it  make sense. :)

Reply

Bjørn Megning Jensen

https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckofWhy is this not mentioned.
It works on most webpages that has https
KB SSL Enforcer

Tina

Thanks for sharing that one, Bjørn!

The reason it is not mentioned is because I probably didn’t search for SSL when scanning for alternative browser add-ons.

Your comment