HTTP and HTTPS
This week, the Wikimedia Foundation (the company that owns Wikipedia) announced that all of its websites would default to HTTPS, a secure form of Web browsing that many sites embrace, but comparatively few users employ.
In an age in which everyone from cybercriminals to the U.S. government wants your information, it pays to use every tool at your disposal to keep your online data secure. One way to do this is to encrypt your connection to websites using a simple technology called HTTPS (Hypertext Transfer Protocol Secure). This common security technology is both widespread and easy to access.
What is HTTPS?
To understand how HTTPS can keep you more secure, it helps to know a little about what the technology is and how it works. This tool is a variation on plain-old HTTP (Hypertext Transfer Protocol), the technology that allows you to access webpages on the Internet.
Nowadays, you can type just a short version of a Web address, such as google.com. But the full URL, which the browser fills in for you, is http://www.google.com. The problem with HTTP is that, by default, there's nothing particularly secure or private about it.
This is where HTTPS comes into play. Whereas regular HTTP leaves data open as it travels between the user and the website, and past anyone in between, HTTPS encrypts data while it is in transit. This ensures that only the user and administrators on the server side can see the information.
This kind of functionality doesn't matter so much if you're just reading the news or looking up funny cat pictures, but if you're sending email or shopping online, the benefits are obvious. You need to share your credit card information to buy an item, and the store needs that information to charge you. But you don't want a hacker waiting to intercept your order to be able to see the info (in what is called a called a "man in the middle" attack).
HTTPS isn't perfect, of course. While it prevents third parties from viewing two-way communications, there's no guarantee that the Web server itself won't misuse your data. The NSA's PRISM program, for example, can work in conjunction with Google, Microsoft and other companies to access private user information. Protecting your data from man-in-the-middle attacks won't help much if the Web host itself gives your data away.