Sometimes you WANT to post about the latest party you went to, or the pictures from the great vacation you just had. But the rest of the time, most of us don’t want to broadcast our private information to the rest of the world when we’re online. Many people don’t realize that when they type http://... into their browser, it is like sending a postcard that is easily read along the path between browser and server. An easy solution to keeping your data secure, like putting the message into an envelope, is to use https://... instead.
HTTP and HTTPS
Our browsers have to know how to exchange information with all the servers throughout the internet, so each side of the conversation understands the messages. Two standard methods (or protocols) have been created that the browser and server use to converse, http and https. (The “s” in https stands for secure, and it is the safer method). When using https, the messages between you and the server are encrypted, so no one else can read them if they get between you and the other server. The messages between the browser and server are sent in a type of code, to which only the two end points have the keys and can understand. Anyone else who “listens in” just hears garbage.
Benefits of HTTPS
We’ve all heard about the hackers that are trying to steal our credit card information, our identities, or just snoop on us. Using encryption can protect you from these things. Https isn’t new, but it is really underutilized in our day-to-day activities on the internet. Our banks, and most sites that ask for credit card information, will use https as a default. (Don’t enter information into ones that don’t!) You may have been trained to look for the little lock icon that shows up in the corner of the browser address bar, showing that the site is safe for sensitive transactions. That’s great for those critical situations, but what about the rest of the time?
Sites that Support HTTPS
The simplest, and most often overlooked way to keep your information private is to always use the https protocol when you browse. Many websites, including popular destinations like Google, Wikipedia, Instagram, Pinterest and Facebook, support https all the time. Some sites will use it by default, but most don’t. According to the Google Transparency Report, of the top 100 non-Google web sites which account for 25% of the web traffic, 45 run https as a default at this time. Another 15 sites work with https, but don’t use it by default. Many other popular sites may not yet be https capable.
Some sites support both protocols. So remember to ask for the extra level of security, by using the https at the start of the web address. When you do, all the traffic you send goes encrypted, and is much more secure. Should someone have compromised the path between your browser and the server, they won’t be able to see the information being sent. You send different kinds of information to the server, like search strings, the links you click, the data you enter into forms or files you upload. The server sends requested information back to you – your email, search results, etc. With https, all this is encrypted both ways, so no one in the middle can see the details.
You can check that the lock icon and https are both displayed in the address bar of your browser, showing that the path is set up correctly for safety. A few sites still don’t support https, so sometimes you may not see the lock icon, and you may sometimes get rerouted to a page that uses the insecure communication method. This may also happen if you’ve just clicked on a link that someone sent you that didn’t use the https in its address. That can be ok, if the information you’re sending isn’t something you are worried about. At least you understand what is going on underneath, and can decide whether you want to proceed or not.
If you want, you can install an extension, called HTTPS Everywhere, to the Google Chrome, Firefox or Opera browsers that will ask for HTTPS to be used all the time. See the HTTPS Everywhere instructions for more information. Note that this extension may not work with sites that don’t support https properly. You can decide how important this extra help asking for https is to you, since it can be a bit aggravating to get errors for sites that don’t yet support https.
You can get more tips on keeping your information safe from the US government cybersecurity team. Their site has some good information on other things to consider to keep your browsing safe.
And just so you know, Magnolia Prime uses https by default for all our customer application access, so your information stays safe with us.