Is The Web Really Secure?
You probably sent an email via Gmail, logged in to Facebook, or paid someone via PayPal. You’re confident that those actions were safe. They were, really. Because these sites use HTTPS, an added layer of security to the standard HTTP protocol that facilitates web communication.
But how secure is the web? Until now, a number of the web’s top trafficked sites still use outdated encryption technology or none at all. It only shows that the web is still vulnerable.
If you’re on HTTP, the URL and the page content is visible to anyone on the network. So every page you went to on that site, what articles you’re reading, others on the network may know. If you’re on HTTPS, only the domain is visible but not the page you’re looking at. So anyone on the network can still tell what site you went to but it’s difficult to determine what you did on that site. See what the difference a single letter could do?
Without this encryption, our private information can be intercepted, manipulated, and stolen by someone sitting on the same network. What if it went to the wrong hands? For smaller websites, if they don’t implement it, it’s simply because they don’t care to. However, the bigger the website is, the trickier it gets.
HTTPS isn’t enough to guarantee web security. Some websites may have it on their homepage but failed to roll out across the other pages and services. Also, hackers have attempted to steal certificates that allow them to impersonate trusted sites.
In the near future, the next version of Google Chrome will only allow its geo-location API to be used over HTTPS. In this case, outdated sites may suffer user experience.
At least, in terms of web security, we’re getting there.