Why is anyone using HTTP?

HTTP = Hyper Text Transfer Protocol.

HTTPS = Secure Hyper Text Transfer Protocol.

(For more details look at this article on LifeWire)

If invoking HTTPS is as simple as HTTP, why would anyone use HTTP?  In Google’s opinion, no one should be.  When Chrome V63 is released a new feature will be running that is going to scare a lot of people.  When you visit a website that contains Form fields, but is not running HTTPS then it is going to tell you that the site is Not Secure.  Will it scare you?  It should.

Let me give you an example from just a minute ago.  I’ve been hearing the commercials on the radio about how “ATB Listens” and that if you have a suggestion for them you can go to ATBListens.com, put in your suggestion and they will read it.  ATBListens.com redirects to http://www.atb.com/listen/Pages/default.aspx/  No use having a new website when you can just put in a redirect.  But notice that it is HTTP not HTTPS.  That means that anyone between you and ATB has the opportunity to listen in, capture the data and do what they want.  If you are on a WiFi connection there are dozens of free tools out there that will let you spy on what people saying over WiFi.

But, if the connection is over HTTPS it is much more difficult to spy.  They will identify the connection, know that you are chatting back and forth, but the content, the key to the conversation, will remain hidden.  ATBListens?  Everyone is listening, not just ATB.

When you go to Google you end up going to https://google.ca. Your searches are private.  (Well, between you and Google.)  People don’t get to eavesdrop on what you are searching for and that is important.  Your privacy is important.

If you have a comment about an Alberta Government website you can go to https://www.alberta.ca/contact.cfm#toc-1 and fill out the form.  if you try to go to HTTP it redirects you back to HTTPS.  It is forcing you to be secure.

When you go to Telus and browse around you are using HTTP but when you want to make a purchase, ask a question or pre-order something it switches to HTTPS.  And when you go back to browsing it goes back to HTTP.  It’s kind of schizophrenic and really should stick with just one protocol:  HTTPS.

By going to non-secure sites you open up the ability for people to piece together a trail of where you’ve been, why you’ve gone there and, potentially, where you’re going to go next.

Be safe.  Be secure.  And upgrade your version of Chrome as soon as possible.

Leave a Reply