What is HTTPS?

Greetings and good Wednesday to you my friends. I hope you’ve been having a less hectic week than I have. In order to take a break from what else I have going on by continuing my practice I started last week of using Wednesdays to explain some basic concepts in Computer Science. I find that a lot of websites fall victim to one of two major faults in the area of explanation: their explanations are either too simple to be accurate, or they give you so much information that they loose the ability to effectively communicate the message behind what they’re talking about. So, hopefully I will find a happy medium.

Today, I’m covering something called the Hypertext Transfer Protocol Secure (HTTPS) that is used to secure communication between you and websites.  So, if it sounds like something you’re interested in reading about it, you’ll find more after the jump!

Foundations: How Websites Work

It wasn’t very long ago that organizations like banks and other organizations that transmit sensitive information figured out that the World Wide Web was an awesome tool for communicating with their customers and peers. Websites allowed these companies to do communicate prices and product details to anyone who wanted to know them. These websites, much like every other one out there, are only useful through the use of the Hypertext Transport Protocol (HTTP) that allows computers to transmit website data to each other.

To really boil down how the whole process works, consider this graphic:

[![](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ace/1283379611000/?format=original "An example of a regular HTTP Exchange of information")](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ace/1283379611000/?format=original)
An example of a regular HTTP Exchange of information (click to enlarge)
This is pretty simple right? The user (that would be you) manipulates you web browser into asking a website (technically, a web server – but I’m being lax with my terminology for the sake of communication) for a home page. The website then sends the homepage back to you. This entire exchange happens in something we in the computing world call **plain text,** meaning that if you were an outsider looking in on the exchange of data, you could pretty easily read what was going on. And on the Internet, there is always *some* third party watching what is going on.

Locking down communications

So, let’s be honest. Do we really care if someone knows that we accessed the homepage for the Bachellorette? Ok, well some people might. But most of the time, our use of the Internet is pretty mundane. Making sure that mysterious shadow on the wall can’t see what is going on isn’t usually that big of a deal. But, I propose this possibility: what if the exchange in the graphic above looked more like this:

[![](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ad1/1283380408000/?format=original "We don't want this to happen!")](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ad1/1283380408000/?format=original)
We don't want this to happen! (click to enlarge)
Naturally, this is a bad idea because anyone could be listening in on this little exchange between you and what is presumably your banking website. Surely you don’t want to end up having your banking account number plastered all over the web for anyone to use. It was on this realization that people came up with a modification to HTTP called **HTTPS**, or **Hypertext Transfer Protocol Secure**. The goal of HTTPS is to scramble, or [encrypt](http://en.wikipedia.org/wiki/Encryption), HTTP messages so that anyone who might be listening in will have no idea what is going on. So, the graphic above ends up looking like this:
[![](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ad4/1283380794000/?format=original "Someone looking in would have no idea what is going on here.")](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ad4/1283380794000/?format=original)
Someone looking in would have no idea what is going on here. (click to enlarge)
Of course, while this is going on – you don’t notice any difference in what you see in your web browser. You are still sending messages to the website and receiving webpages as a response, but someone who is snooping on your connection won’t be able to see what is going on. Your computer and the website use these items called **certificates** that allow the both parties that are privy to the conversation to understand each other, while everyone else listening in is clueless. Think of it as if you’re actually speaking a completely different language than everyone else on the Internet, that is unique to your specific conversation. Pretty cool, right?

How do I use this technology?

Odds are you already do and don’t realize it. Look up in the address bar of your web browser. You probably noticed that the address starts out “http://” – which means that you’re running on a regular connection. But anytime that starts out “https://” you’re running in a secure mode and it will be very difficult for someone else to snoop in on your connection.

In addition to this, most modern browsers will even provide some visual indicator when the highest level of security has been reached successfully. Take Chrome and Firefox visiting a secure page on Facebook as an example:

[![](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ad7/1283381408000/?format=original "Chrome's Address Bar while visiting a secure site")](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d4e4b044d779f49ad7/1283381408000/?format=original)
Chrome's Address Bar while visiting a secure site (click to enlarge)
[![](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d5e4b044d779f49ada/1283381442000/?format=original "Firefox's address bar while visiting a secure site")](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d5e4b044d779f49ada/1283381442000/?format=original)
Firefox's address bar while visiting a secure site (click to enlarge)
In addition to this, these security measures can also be used to ensure that the website you’re talking to is the one that you’re supposed to be talking to. Some browsers like Google Chrome will give you a pretty clear indication when something may be hinky with site you’re trying to visit, and often it looks something like this:
[![](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d5e4b044d779f49ae3/1283381577000/?format=original "Chrome letting you know something is wrong")](http://static.squarespace.com/static/507ba2f9c4aa45dec4f03316/507ba4cee4b044d779f49a4b/507ba4d5e4b044d779f49ae3/1283381577000/?format=original)
Chrome letting you know something is wrong (click to enlarge)
Take note of two things. First, of course, the big warning message in place of a web page. But secondly, note that the “https” in the address bar is crossed out in red, instead of appearing in green in the previous image I showed you. This is Chrome telling you something isn’t right.

Certificates for secure communication on the Internet have to be renewed periodically. And oftentimes, it is the case with some large organizations (coughThe University of Georgiacough) that the certificates expire – generating warnings like the one you see above. However, if you’re not completely sure that you’re communicating with someone trustworthy – those warning signs are generally a pretty good reason to back up and go find another website to hang out on.

In Conclusion

I hope this has been a helpful, yet still technically accurate explanation of what HTTPS is and why it’s helpful to know about. As always, leave me some comment love below. At some point I’ll get around to covering some recent events again – I’m just tired of the lawsuit drama for now.