HTTPS, the game changer

Recent changes by most Web Browsers  e.g Google, Edge, Firefox etc means that HTTP has now (in effect) been deprecated. Websites now need to use HTTPS to access them and sites that use HTTP are difficult to access. Some might say this is using a sledgehammer to crack a nut but is it?

Lets back track a bit / lot!

The concept of using “Webpages” was developed by the brilliant Tim Berners Lee (TBL), some 30+ years ago, in the form of the World Wide Web (WWW). Webpages are the content of Websites, which are hosted on Web Servers. Web and other services are accessed via the Internet.

When you want to visit a website, you can enter e,g, http://www.pcjudo.co.uk. This is called the URL (Uniform Resource Location) or  “Web Address“.

Lets break down the above Web Address (URL) :-

HTTP = Hyper Text Transfer Protocol! which simply means that you want your browser to use HTTP. Webpages are always HTTP or HTTPS (see below) so there should be no need to type the HTTP / HTTPS bit.

WWW =  World Wide Web, this tells your browser you are looking for a web address, you don’t need to enter WWW!

pcjudo.co.uk = the website (and actual domain name) you want to access. You could enter pcjudo.co.uk/apagename to go direct to a particular page.

If the DNS settings for the website have been set up correctly, all you really need type in the address bar is pcjudo.co.uk .There was no need to enter HTTP or WWW, if the website was using HTTP by default. However, HTTPS has been in use for a few years and this is more secure. Where websites were using HTTPS and were not set up correctly (to force use of HTTPS ), it was necessary to “stipulate” that you wanted to use HTTPS instead of HTTP, so you would have to enter https://webaddress.

Going forward. Things have changed! (for the better)

HTTP uses plain text so any info e,g, passwords that you exchange with the Web address / site can be compromised!

HTTPS (Hyper Text Transfer Protocol Secure) uses encryption, this means that any info you exchange with the website will be encrypted. This is the “secure” bit. Until recently, most websites used HTTP because using HTTPS involved a cost. This has now changed, HTTPS is now mainly free to use and ultimately makes browsing the Web / t’interweb a lot more secure.

HTTPS has superceded HTTP in that it is now the de facto standard and most web browsers won’t let you access websites that don’t use HTTPS, this means that HTTPS is a game changer that has some positive knock on effects.

HTTPS has mostly negated the need to use a VPN (Virtual Private Network) when accessing banking and other “sensitive” websites that you need to enter passwords and other details. However there are some instances where VPN may be beneficial .e.g. hiding your browsing from your ISP but using a VPN will always be slower, by its very nature (encryption, encapsulation, tunneling). One comment I like about VPN was that its “like using the Internet with condom on” and yes just like condoms VPNs are often difficult to deploy 🙂

To confirm you are using HTTPS, you will see a padlock in the address bar.

Any website that shows the padlock means it is a secure connection and is encrypted.

With regard to anonymity when browsing the web, a VPN can help hide your browsing activity from your ISP but your VPN provider will still have those details! The main downside to VPN is the reduction in connection speed.

An alternative to VPN could be TOR, again often very sluggish but quite useful at times.

Privacy and anonymity when browsing the Web or using the many services accessed via the Internet, are currently the “hot potato”! Mozilla Firefox is one of the browsers in your corner and is one of, if not the, best and most secure browsers.

With privacy and anonymity in mind, Encrypted DNS (this link is a must read but might be a bit geeky) is becoming “main stream” and may become the de facto in the near future.

Conclusion.

The enforced using of HTTPS is a benefit, overall but for webpages that are “read only” HTTP is probably adequate.

The use of HTTPS and Encrypted DNS is the way forward!

Further reading:-

Disadvantages of VPN vpncrew

VPNs aren’t perfect ijnet

Encypted DNS arstechnica.com

Encrypted DNS Cloudflare.