On 17 March 2016, WIRED published a piece demonstrating concerns that 79 of the top 100 websites do not use HTTPS. This would not have been a cause for concern if we weren’t living in the 21st century, a time when Wi-Fi networks are so ubiquitous you could literally triangulate your location within a city using them. This is an era where unprotected public networks are the norm in places like bars, hotel lobbies, and airports. Hacking has also become more sophisticated since the end of the 20th century. Using HTTP is no longer an option for large or small websites, so what’s the deal? And how do you protect yourself from the vulnerability of browsing the (mostly) non-encrypted web?
What Is HTTPS?
HTTPS is a standard that layers itself on top of the HTTP protocol, adding encryption to it. By encrypting the data that goes between a visitor and a website, it is less feasible to sniff out the network activity. Basically, it ensures that your computer’s “conversation” with the website you visit is locked down and private, as it was meant to be. This is why the encryption standard is often applied to websites where you exchange highly-sensitive data such as PayPal, Facebook, or Google.
Why Aren’t Websites Using It?
For the most part, using HTTPS “back in the day” was something that required a significant amount of investment in the form of time and sometimes money. HTTPS was a headache to implement, so only banks and other companies that dealt with money would be bothered to retrofit their sites for this. That was twenty years ago, however. Today, implementing HTTPS on a website is more akin to a simple configuration rather than the chaotic nightmare that it used to be. For a large website with thousands of pages, it’s not necessarily something that would take more than a day to finish. It may take a little bit of trial and error, however, so some remnants of the “headache factor” are still there.
To be sincere, I do not see much wrong with something like an open magazine (one which doesn’t require or store any accounts) using good old HTTP. However, any website that you give your own data to should definitely be using it.
Why Is This Dangerous for Me?
If you ever connect to unprotected Wi-Fi networks (the kind that don’t ask you for a password or key), a hacker equipped with a simple sniffer could see every single bit of information your computer sends to a website unless that website uses HTTPS. This leaves you extremely vulnerable to having your personal information and possibly some important accounts leaked. If the password you use for one site coincides with the one for your PayPal account (and the site uses HTTP), then it’s not a foregone conclusion that the hacker will gun for that route and have instant access to your online wallet.
How Do I Protect Myself?
First things first: You should avoid giving any personal data to a website or logging into any accounts in any public Wi-Fi network unless that website uses HTTPS **and** it is absolutely necessary to do so at that particular point in time. In fact, you should avoid holding an account at all on a website that doesn’t use HTTPS. Websites that do not encrypt your transactions are less likely to take care of your personal information. Be vigilant and kindly send emails to companies that you know own websites without encryption.
Is there anything else that people should do to avoid the problems associated with non-encrypted websites? Tell us in a comment!