What Do You Do When Websites You Visit Neglect Basic Security?

What Do You Do When Websites You Visit Neglect Basic Security?

On 17 March 2016, WIRED published a piece demonstrating concerns that 79 of the top 100 websites do not use HTTPS. This would not have been a cause for concern if we weren’t living in the 21st century, a time when Wi-Fi networks are so ubiquitous you could literally triangulate your location within a city using them. This is an era where unprotected public networks are the norm in places like bars, hotel lobbies, and airports. Hacking has also become more sophisticated since the end of the 20th century. Using HTTP is no longer an option for large or small websites, so what’s the deal? And how do you protect yourself from the vulnerability of browsing the (mostly) non-encrypted web?

What Is HTTPS?

HTTPS is a standard that layers itself on top of the HTTP protocol, adding encryption to it. By encrypting the data that goes between a visitor and a website, it is less feasible to sniff out the network activity. Basically, it ensures that your computer’s “conversation” with the website you visit is locked down and private, as it was meant to be. This is why the encryption standard is often applied to websites where you exchange highly-sensitive data such as PayPal, Facebook, or Google.

Why Aren’t Websites Using It?


For the most part, using HTTPS “back in the day” was something that required a significant amount of investment in the form of time and sometimes money. HTTPS was a headache to implement, so only banks and other companies that dealt with money would be bothered to retrofit their sites for this. That was twenty years ago, however. Today, implementing HTTPS on a website is more akin to a simple configuration rather than the chaotic nightmare that it used to be. For a large website with thousands of pages, it’s not necessarily something that would take more than a day to finish. It may take a little bit of trial and error, however, so some remnants of the “headache factor” are still there.

To be sincere, I do not see much wrong with something like an open magazine (one which doesn’t require or store any accounts) using good old HTTP. However, any website that you give your own data to should definitely be using it.

Why Is This Dangerous for Me?


If you ever connect to unprotected Wi-Fi networks (the kind that don’t ask you for a password or key), a hacker equipped with a simple sniffer could see every single bit of information your computer sends to a website unless that website uses HTTPS. This leaves you extremely vulnerable to having your personal information and possibly some important accounts leaked. If the password you use for one site coincides with the one for your PayPal account (and the site uses HTTP), then it’s not a foregone conclusion that the hacker will gun for that route and have instant access to your online wallet.

How Do I Protect Myself?

First things first: You should avoid giving any personal data to a website or logging into any accounts in any public Wi-Fi network unless that website uses HTTPS **and** it is absolutely necessary to do so at that particular point in time. In fact, you should avoid holding an account at all on a website that doesn’t use HTTPS. Websites that do not encrypt your transactions are less likely to take care of your personal information. Be vigilant and kindly send emails to companies that you know own websites without encryption.

Is there anything else that people should do to avoid the problems associated with non-encrypted websites? Tell us in a comment!


  1. 1. Use a VPN 24/7 (a trusted one… Preferably one that is your own like from OpenVPN). Then you can do whatever you usually do on the net with some more privacy and security.
    2. Don’t give any info more than your email or make a account on a site that doesn’t use https. Clearly they don’t care if your personal info is compromised, sadly.
    3. Keep your os up to date. If a hacker can compromise a site (if they don’t have https) then they can try to infect your system. An up-to-date system helps patch the vulnerabilities the hackers use against you.
    4. (Bonus: for the tech-savvy) Try using Linux if you are more concerned about privacy/security. Linux is good because:

    Security by obscurity. Not many regular desktop people use Linux.
    Private! All code is open source so bugs and vulnerabilities are patched really fast, making it harder for hackers to use exploits since they are patched faster than Windows or OS X.
    More security! Thanks to SELinux and apparmor, your applications are more heavily sandboxed against attacks and minimizes malware’s damage. Or if you use Windows, try to use Sandboxie for all applications that require internet access.

  2. “Today, implementing HTTPS on a website is more akin to a simple configuration rather than the chaotic nightmare that it used to be.”

    You must not have seen the man pages for OpenSSL. I think it still qualifies as a chaotic nightmare. (Don’t get me wrong, HTTPS using properly-configured TLS is great. The Let’s Encrypt project is really helping out for the novices.)

Comments are closed.