HTTPS stands for “Hyper Text Transfer Protocol Secure” and it is the secure version of HTTP, the protocol over which data is sent between your browser and the website you’re connected to.
Most web traffic online is now sent over an HTTPS connection, making it “secure.” In fact, Google now warns that unencrypted HTTP sites are “Not Secure.”
So why is there still so much malware, phishing, and other dangerous activity online?
“Secure” Sites Have a Secure Connection
In previous iterations of Chrome, it used to display the word “Secure” along with a green padlock in the address bar when you were visiting a website using HTTPS. Modern versions of Chrome simply have a little gray padlock icon next to the navigation bar, without the word “Secure.”
That’s partly because HTTPS is now considered the new baseline standard. Everything should be secure by default, so Chrome only warns you that a connection is “Not Secure” when you’re accessing a site over an HTTP connection.
The reason for the removal from displaying the word “Secure” is that it may have been a little misleading. It may have easily been misconstrued to appear like Chrome was vouching for the contents of the site as if everything on the page is “secure.” But that’s not true at all. A “secure” HTTPS site could be filled with malware or phishing attempts.
HTTPS Does Not Mean A Site is “Secure”
HTTPS is a solid protocol and all websites should use it. However, all it means is the website operator has purchased a certificate and set up encryption to secure the connection.
For example, a dangerous website full of malicious downloads might be delivered via HTTPS. The website and the files you download are sent over a secure connection, but they might not be secure themselves.
Similarly, a criminal could buy a domain like “www.bankofamerica.com,” get an SSL encryption certificate for it, and imitate Bank of America’s real website. This would be a phishing site with the “secure” padlock, but again, it only refers to the connection itself.
HTTPS Stops Snooping and Tampering
Despite that, HTTPS is great. This encryption prevents people from snooping on your data in transit, and it stops man-in-the-middle attacks that can modify the website as it’s sent to you. For example, no one can snoop on payment details you send to the website.
In short, HTTPS ensures the connection between you and that particular website is secure. No one can eavesdrop or tamper with the data in-between.
HTTPS Is An Improvement
Websites switching to HTTPS helps solve some problems, but it doesn’t end the scourge of malware, phishing, spam, attacks on vulnerable sites, or various other scams online.
However, the shift toward HTTPS is still great for the Internet. According to Google’s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. Plus, Chrome users on Windows spend 88% of their browsing time on HTTPS sites.
This transition does make it harder for criminals to eavesdrop on personal data, especially on public Wi-Fi or other public networks. It also greatly minimizes the odds that you’ll encounter a man-in-the-middle attack on public Wi-Fi or another network.
It’s still no silver bullet. You still need to use basic online safety practices to protect yourself from malware, spot phishing sites, and avoid other online problems.