The development and adoption of safer browsing with HTTPS meant the transmission of data was finally safe enough for widespread eCommerce and banking. For the transmission of data across devices and networks on the internet, it needs to follow protocols that tell the computers how to send information from them to the modem and on to the Internet Service Provider (ISP). The ISP then relays this information to the modem of the recipient, and then the same protocol is used by the recipient to decode the information. These protocols are what make the internet work.
The Predecessor of HTTPS
Currently, the most widely used protocol for communication across the internet is HTTP or Hypertext Transfer Protocol. The World Wide Web was developed as a foundation of the World Wide Web. It was developed by the legend Tim Berners-Lee and his associates in 1989. The protocol has undergone a number of changes over the years, but due to its flexible nature, it is still widely used.
HTTP is an application-layer protocol used for sending and receiving hypermedia entities like Hypertext Markup Language. It lets web users and servers communicate amongst themselves and across other devices and networks.
Hypertext Transfer Protocol Secure (HTTPS) – The Era of Secure Communication
Hypertext Transfer Protocol Secure (HTTPS) is a secure version of HTTP, the most commonly used internet communications protocol. It is widely used on the internet for secure communication of data. The HTTPS protocol works by encrypting the communication via a Transport Layer Security (TLS) which was formerly known as Secure Sockets Layer (SSL). It is the reason HTTPS is also known as HTTP over TLS or HTTP over SSL.
The two major factors on which the whole system of HTTPS depends are:
- Authenticating the accessed web resource like any website or other entity contacted from a computer.
- Protection of the privacy and integrity of the data while it is in transit between computers, servers, or computer networks.
How HTTPS Works?
HTTPS makes communication over the internet secure by preventing man-in-the-middle attacks. These events are the tempering of the information that is being relayed between two parties by a third person. In such attacks, both the parties think that they are receiving the information that was intended by the other one. But it is either altered or copied while in transit. It is achieved via bidirectional encryption of the data communicated between a client and the server to prevent events of data theft. All-in-all, the system provides reasonable security of data transfer and makes sure that the receiver gets exactly what the sender intends to relay, and the data is not accessed by anyone during the transfer process.
HTTPS – A “Luxurious Security” for the Rich
The authentication part of the HTTPS setup requires a trusted third party to generate and vet server-side digital certificates (you can see them in your browser’s settings menu). The third-party involved in the process does make the security of the system fool-proof, but it had a catch. It was hugely expensive for websites and users to use this secure facility. So, historically HTTPS and SSL certificates were only used exclusively for online payments and other financial transactions, or the multi-million-dollar corporations used this technology to make the transfer of the corporate information safe. Until as long as the mid-2010s, the World Wide Web only offered HTTPS for the ones who could pay for it.
History and Development of Safer Browsing With HTTPS
Here is a timeline of the important events that lead to HTTPS becoming a norm on the World Wide Web, thanks to which we can now be safe on the internet at no astronomical costs.
- In 1994, Netscape Communications invented HTTPS and made it a part of their Netscape Navigator, their flagship web browser application.
- Secure Socket Layer (SSL) certificates were initially used by Netscape to provide security to the nascent HTTPS ecosystem.
- By May of 2000, Secure Socket Layer (SSL) had evolved into a more advanced form called Transport Layer Security (TLS).
- RFC 2818 formally specified the protocols for HTTPS by the mid of 2000.
- All the online banking channels mandated the use of HTTPS for financial transactions by the end of 2000.
- During the first decade of the 21st century, more and more websites and internet services continued shifting to HTTPS.
- In 2013, Facebook implemented HTTPS, making it mandatory for all users to access the site via a web browser or smart device capable of processing HTTPS encrypted communications.
- Electronic Frontier Foundation launched a campaign in 2016 with the cooperation of web browser developers to make the use of HTTPS a norm on the internet. They spread awareness to the general users of the internet about how it was extremely insecure for them to not use HTTPS. It led to the mass-scale migration of webs browsers, smartphone applications, and websites to HTTPS.
- The final blow to non-secure HTTP websites came from Google Chrome, one of the most widely used web browsers in the world. In February of 2018, Google announced that their browser (Chrome) will alert the user about a website not being secure if it was still running on HTTP. The change was implemented in July 2018, and now the user is warned about the site being insecure, and then they can choose to visit it at their own discretion.
- 69.3% of the 1 million most visited websites on the internet are using HTTPS as their default communication protocol as of January 2021 stats.
What it all Mean for an Average Internet User?
So far, we have been talking about the history, technology, development, and working of HTTPS, all nerdy stuff. For an average internet user like you and me, here’s what HTTPS is all about:
- The information you send to anyone on the internet is encrypted from your end and can only be decrypted by the intended user.
- Even if someone taps into your router to access your private information, they’ll only get a string of random characters meaning nothing more than gibberish.
- Your credit cards, bank accounts, social media, and other online information are totally secure unless you keep your passwords safe.