Connecting over HTTPS is not necessarily safe

In fact, Google also now warns that unencrypted HTTP sites are 'Not secure'. So the question is why there are still so many problems such as malware, phishing scams and many other dangerous activities that happen day by day, with no sign of deterioration, regardless of the How is HTTPS in common use?

'Secure' sites only need a secure connection

If you pay attention, you will notice that Chrome often displays the word 'Secure' and a green padlock icon in the address bar when you visit a website using the HTTPS protocol. Or later modern versions of Chrome simply show a little gray padlock icon here, without the word 'Secure' anymore.

However, the word "Secure" gradually ceases to be used by Google on Chrome because it is somewhat misleading. This word "Secure" makes users understand that Chrome appears to confirm that the content of the website and that everything displayed on the site is "safe". But in reality, that's not true at all. A 'Secure' HTTPS website can still be completely full of malware or even a phishing or fake website.

In simple terms, HTTPS just shows you are accessing a secure connection, but does not guarantee that the website you visit is absolutely secure.

HTTPS prevents theft and tampering

HTTPS is great, but it doesn't have the 'magic' to make everything 100% secure. HTTPS stands for Hypertext Transfer Protocol Secure. It's like the standard HTTP protocol for connecting to websites, but with an added layer of secure encryption.

This encryption layer prevents crooks from tracking your data in transit, and also prevents man-in-the-middle attacks from interfering and modifying. website when it is delivered to you. For example, no one can snoop on the payment details you send to a website that uses HTTPS.

In short, HTTPS ensures the connection between you and a particular website is secure. No one can 'peek' or fake it.

This doesn't mean that HTTPS websites are "secure".

There is no denying the benefits of HTTPS, and all websites should use it. However, with that said, that just means you're using a secure connection to a particular website. The word 'Secure' here doesn't say anything about the content of the website at all, it just means that the site operator has purchased the certificate and set up encryption to secure the connection.

For example, a dangerous website filled with malicious downloads can still be sent over HTTPS. All that means the website and the files you download are sent over a secure connection, but they might not be secure themselves.

Similarly, a criminal can buy a reputable domain name like 'bankoamerica.com', obtain an SSL encryption certificate for it, and mimic the real Bank of America website. This will be a phishing site with a "safe" padlock icon when you visit it on Chrome, but in reality this just means that you have a secure connection to that phishing site.

After all, however, the popularity of HTTPS is still having a lot of positive impacts on the Internet world!

According to Google statistics, 80% of websites visited in Chrome on Windows are loaded over HTTPS. And Chrome users on Windows have also spent 88% of their web browsing time on HTTPS sites.

This popularity makes criminals less likely to compromise personal data and privacy, especially on public WiFi connections or general public networks. At the same time, internet users will significantly reduce the chances of encountering intermediary attacks.

This is partly because HTTPS is now considered the new base standard. Everything must be secure by default, so Chrome only warns you that the connection is 'Not Secure' when you visit a website over an HTTP connection.

Micah Soto

Update 06 January 2021