Connecting over HTTPS is not necessarily safe
In fact, Google also now warns that unencrypted HTTP sites are 'Not secure'. So the question is why there are still so many problems such as malware, phishing scams and many other dangerous activities that happen day by day, with no sign of deterioration, regardless of the How is HTTPS in common use?
'Secure' sites only need a secure connection
If you pay attention, you will notice that Chrome often displays the word 'Secure' and a green padlock icon in the address bar when you visit a website using the HTTPS protocol. Or later modern versions of Chrome simply show a little gray padlock icon here, without the word 'Secure' anymore.
However, the word "Secure" gradually ceases to be used by Google on Chrome because it is somewhat misleading. This word "Secure" makes users understand that Chrome appears to confirm that the content of the website and that everything displayed on the site is "safe". But in reality, that's not true at all. A 'Secure' HTTPS website can still be completely full of malware or even a phishing or fake website.
In simple terms, HTTPS just shows you are accessing a secure connection, but does not guarantee that the website you visit is absolutely secure.
HTTPS prevents theft and tampering
HTTPS is great, but it doesn't have the 'magic' to make everything 100% secure. HTTPS stands for Hypertext Transfer Protocol Secure. It's like the standard HTTP protocol for connecting to websites, but with an added layer of secure encryption.
This encryption layer prevents crooks from tracking your data in transit, and also prevents man-in-the-middle attacks from interfering and modifying. website when it is delivered to you. For example, no one can snoop on the payment details you send to a website that uses HTTPS.
In short, HTTPS ensures the connection between you and a particular website is secure. No one can 'peek' or fake it.
This doesn't mean that HTTPS websites are "secure".
There is no denying the benefits of HTTPS, and all websites should use it. However, with that said, that just means you're using a secure connection to a particular website. The word 'Secure' here doesn't say anything about the content of the website at all, it just means that the site operator has purchased the certificate and set up encryption to secure the connection.
For example, a dangerous website filled with malicious downloads can still be sent over HTTPS. All that means the website and the files you download are sent over a secure connection, but they might not be secure themselves.
Similarly, a criminal can buy a reputable domain name like 'bankoamerica.com', obtain an SSL encryption certificate for it, and mimic the real Bank of America website. This will be a phishing site with a "safe" padlock icon when you visit it on Chrome, but in reality this just means that you have a secure connection to that phishing site.
After all, however, the popularity of HTTPS is still having a lot of positive impacts on the Internet world!
According to Google statistics, 80% of websites visited in Chrome on Windows are loaded over HTTPS. And Chrome users on Windows have also spent 88% of their web browsing time on HTTPS sites.
This popularity makes criminals less likely to compromise personal data and privacy, especially on public WiFi connections or general public networks. At the same time, internet users will significantly reduce the chances of encountering intermediary attacks.
This is partly because HTTPS is now considered the new base standard. Everything must be secure by default, so Chrome only warns you that the connection is 'Not Secure' when you visit a website over an HTTP connection.
You should read it
- Learn about DNS Over HTTPS
- What is HTTPS? and why is it needed for your site
- Instructions for setting up HTTPS for simple websites
- How does setting HTTPS affect SEO?
- How to turn on HTTPS for your blog site
- How to enable DNS over HTTPS for all apps in Windows 10
- Enable DNS over HTTPS for apps on Windows 10
- How to enable DNS over HTTPS in Chrome, Edge and Firefox
- What's the difference between HTTP and HTTPS?
- Microsoft considers supporting DNS over HTTPS (DoH) directly in Windows 10
- Firefox is about to mark all HTTP pages as unsafe
- The default navigation protocol on Google Chrome is coming to be HTTPS
Maybe you are interested
How to set up a secure guest account on a Windows computer
How to enable or disable Secure Sign-In on Windows 10, Windows 11
Are lesser known browsers more secure?
If you're still using this insecure password method, it's time to stop!
How to fix Chrome's 'Insecure Download Blocked' warning
Brave - Fast and secure personal web browser