How to Computer:
HTTP vs. HTTPS

The "Fast Lane" Answer

"HTTP" stands for Hypertext Transfer Protocol. It is an application protocol that facilitates the transfer of information like image, text, video, music, graphic and other files on web pages. HTTP works well as the basis of web browser communication, but it leaves data vulnerable to intruders and electronic adversaries. HTTPS (Hypertext Transfer Protocol Secure) is a protocol which uses an encrypted HTTP connection by Transport-Layer Security. By encrypting communications between clients and servers, HTTPS helps keep your data (and your cat videos) safe.

This article (part of a series dealing with computers) explains how adding a level of security to our internet communications can help us sleep easier at night.

The data you send and receive online has a huge bullseye painted on it; it has all kinds of value. Unguarded valuables are hard for unsavory individuals to resist, and you will never find a more wretched hive of scum and villainy than the internet. HTTP transmits data as plaintext; that is, as bare and open as when it was created, which means all it takes is a little digital cherry picking by a hacker and your data's as good as gone.

HTTPS gives you a leg up by encrypting your data. That way, if packets of data are intercepted, they're not so easy to crack open.

The "Scenic Route" Answer

The interwebs can be treacherous. There are multiplicitous cyberattacks that we can all fall victim to, and there are scores upon scores of people willing to launch those attacks. The most obvious targets of such attacks are communications such as online payments or bank logins. That data is the low-hanging fruit of internet crimes. So what's to be done? How do we protect ourselves from electronic exploitation?

Simple: we add a little security. Let's start at the beginning.

HTTP

Hypertext Transfer Protocol (HTTP) is, quite literally, the series of instructions that tells your computer how to manipulate hypertext—the portions of text that serve as connections between web pages. It functions as a butler that serves the internet up to you on a silver platter. It's the workhorse that actually moderates the communication of requests and data between your web browser and Internet Protocol.

The problem with HTTP relates somewhat to public transportation: anyone can use it. Anyone can hop on the bus, or the subway, or the tram. That means anything you're sending on that subway can be looked at, altered, replaced, or stolen. And that vulnerability, in case you were wondering, is bad.

So with the internet being used for more and more sensitive data each day, it's important that we have ways to protect our data against everyone who's trying to unlawfully obtain your information.

HTTPS

HTTPS puts the "security" in HTTP. No, seriously—the "S" stands for "security." It operates the same way that HTTP does, with a single, very important difference: it encrypts the data it transmits. It was created for and initially used by Netscape, though the child far outlived the parent in this instance. HTTPS is widely used to protect sensitive and valuable data that is sent over the internet. Everything from ecommerce, to online banking, to Facebook profiles are guarded by HTTPS encryption.

We've already covered how HTTPS works. The internet has different layers to it, from the application you use for browsing the web to the electrical pulses that serve as the heartbeat of the computer itself. Beneath the application layer (that's the web browser you're using right now) is the transport layer. That's where the magic of telecommunications happens. There, your request to lookup cute kitten pictures is broken down into packets of data and piped through wireless signals and hardlines from your device to the server it's talking to.

That transport layer is where your data is most vulnerable. (Technically, your data is vulnerable everywhere, but you can't do anything about the server at the other end, and any lack of security on your device is pretty much your fault.) While in transit, your data is out in the open, and it's easy for a third party to eavesdrop on your communications and slip in the middle as if nothing suspicious is going on.

So whereas HTTP just sends data packets willy-nilly, HTTPS sets up a sublayer that operates betweens TCP and the application the HTTP is operating for. That sublayer takes your data and encodes it like it's on a spy mission (minus the "This message will self-destruct" part) before handing it off to the transport layer. The data is then decoded when it reaches the server, and the process is reversed for the response.

It's important to note that the encryption process doesn't actually increase protection against the interception of packets. Your data can still be taken, it's just a lot harder to unlock without the key. Imagine stealing a gun safe; sure, you got the safe, and technically you're in possession of the goods inside. But without either the combination to the safe, you're not going to access the goods inside.

HTTPS is being used more and more frequently these days. In fact, it has even been proposed as the new standard (thereby replacing HTTP, and making all online interactions encrypted). Mostly, you're going to see it anytime information is of a sensitive nature. Your email? HTTPS encrypted. Your bank account? HTTPS encrypted. Your World of Warcraft account? HTTPS encrypted.

But how can you tell if you're protected? Try checking the URL. If it starts with "http://", then you're not protected. If, however, it starts with a padlock symbol, then "https://", you're good to go. Bonus points if it's highlighted green (that means the server provided a certificate that proved it really was who it said it was).

Those are the basics; green padlock = HTTPS. HTTPS = encryption. Encryption = good.

S-HTTP

Google isn't the only way to find something on the internet, and likewise there's an alternative to Hypertext Transfer Protocol Secure. It's called Secure Hypertext Transfer Protocol (don't ask us; we didn't come up with the names). It offers encryption at the application level—right where your browser is—rather than at that sublevel we mentioned before. S-HTTP is nowhere near as popular or widespread as it's cousin, and as such is not very well known. Kind of like how nobody says "Let me Bing that for you."

Decoding the Message

Computer security is serious business. Hackers and other persons of malicious intent and adequate skill level can do untold amounts of harm to your systems. Identities can be stolen. Bank accounts can be emptied. Facebook profiles can be besmirched. Insufferable crimes like these are just the tip of the iceberg.

Cyberattacks—and the cryptography used to defend against them—are a teeny bit more involved than what this article can afford.The structure of HTTPS, likewise, is a bit more involved [https structure] than we discussed here. For present purposes at least, the bottom line is this: HTTPS encryption is the first line of defense against the intrusions that can cause all of these problems. Keeping those intruders out is up to you and the server you communicate with, but for keeping the packets safe in transit, HTTPS has you covered.

If you're looking for more information on any of these topics, you can keep reading, or you can call into our friendly support staff, who enjoy answering questions of all sorts, including but not limited to how HTTPS works.

Or for a real live demonstration, you can also chat with them. So if you like HTTPS encryption, you can talk to us about HTTPS encryption while we encrypt your HTTPS questions with HTTPS encryption.

We're thorough like that.

Product Features Demo Pricing Help Company Documentation Articles Contact Customers Legal Stuff