VPN Transparency Project

HTTPS

Home » Glossary » HTTPS

Hypertext Transfer Protocol Secure (HTTPS) is a secure version of HTTP, the protocol used to transfer data on the World Wide Web. HTTPS uses Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt the communication between the client and the server and to verify the identity of the server.

HTTPS is widely used to protect the privacy and security of internet users, as it helps to prevent attackers from intercepting or tampering with the data exchanged between the client and the server. HTTPS is commonly used for sensitive internet activities, such as online banking, shopping, and accessing personal information.

To use HTTPS, a website must obtain and install an SSL/TLS certificate from a trusted certificate authority (CA). The certificate contains the website’s public key and a digital signature that verifies the website’s identity. When a client (such as a web browser) connects to the website, it establishes an encrypted connection using the website’s public key and exchanges a series of messages to verify the website’s identity.

HTTPS is indicated by the “https://” prefix in the URL of a website, as well as by a padlock icon in the web browser. Many web browsers also display a green padlock icon to indicate that a website is using an extended validation (EV) SSL/TLS certificate, which provides additional security and trust.

Advantages of HTTPS over HTTP

To put it simply, the difference between HTTPS and HTTP is like mailing a letter. With HTTP, you are sending a post card with no security, anyone who handles it can read what you wrote on the card. When you use HTTPS, it’s like a sealed envelope – people handling the envelope can see the sender and recipient but not the specific contents.

Here are some specific advantages of HTTPS over HTTP:

  1. Encryption: HTTPS uses encryption to protect the data exchanged between the client and the server, while HTTP does not. This makes HTTPS more secure than HTTP, as it helps to prevent attackers from intercepting or tampering with the traffic.
  2. Server authentication: HTTPS verifies the identity of the server using an SSL/TLS certificate issued by a trusted certificate authority (CA). This helps to prevent man-in-the-middle attacks and to ensure that the client is communicating with the intended server. HTTP does not provide server authentication.
  3. Data integrity: HTTPS uses a message authentication code (MAC) to protect the integrity of the data exchanged between the client and the server. This helps to prevent attackers from altering the data in transit. HTTP does not provide data integrity protection.

When you use Hypertext Transfer Protocol Secure (HTTPS), your internet service provider (ISP) can see that you are accessing a website that uses HTTPS, but they cannot see the specific content of the communication between your device and the website. This is because HTTPS encrypts the data exchanged between the client and the server, which makes it more difficult for third parties to intercept or monitor the traffic.

However, it is worth noting that your ISP can still see certain information about your internet activity, even when you use HTTPS. For example, they can see the IP addresses of the websites you visit and the amount of data you transmit, which can be used to infer your online activities. Your ISP can also see your device’s IP address, which can be used to identify your device and potentially your location.