What’s the difference between… http and https?
QI’ve noticed that on most websites the text in the address bar at the top of the browser starts with ‘http’. However, on plenty of sites I visit it’s sometimes ‘https’. Even though I’m 75, I’m basically a computing neophyte, and I don’t know the difference. Should I prefer one over the other?
AIt’s not often that we can answer a question with single word but here we can – and that word is ‘secure’. That’s literally what the ‘s’ stands for (Hypertext Transfer Protocol Secure, versus the insecure Hypertext Transfer Protocol). Specifically, it means that information sent from or to an https website is encrypted before it leaves either end. So, even if the transmission is intercepted somewhere along the line, all the eavesdropper will see is scrambled data that’s practically impossible to decipher.
That’s why any trustworthy website that deals in or requests your personal information will use a secure (https) page. Depending on your browser, a secure connection is indicated by a padlock icon next to the website address, green highlighting of the ‘https’ part of the URL, the word ‘Secure’ or any combination of the three.
With this knowledge you might wonder why all websites don’t use https. There are actually several reasons why that’s the case. A key factor is that the security certificates required to provide an https connection are not free, or cheap. While big firms and banks are more than able to shoulder this cost, that’s obviously not true for, say, a small-time blogger or local-news site. Nor is a secure connection terribly important for these kinds of sites, as they tend not to ask for personal information.
There’s also a lesser problem of speed. In some scenarios your web browser might not be able to cache an https page — meaning it has to reload everything on it every time you visit. As broadband speeds get ever faster this won’t be a concern, and we expect that eventually almost all websites will use https.