The Mathematical Universe

Check your padlock before you sign in or buy anything online

Written by Abbott Walking Carbonic on 2020-05-24. Posted in Hacks (The Mathematical Universe)
436

Of course, most of us thrill at the capability of the internet. I still remember using my phone to access notes over the internet in 2014 when I was suspended from high school. Without the internet, life was to be hard, and I would definitely fail my final exams. Everyone the internet has touched positively has their own story to tell; however, on the other spectrum, the internet can also be that unsafe place where your life may feel threatened, and where you can actually lose all the money in your bank account. In this very article, which is a beginner, I am yet to warn you to not trust any site that doesn't have a locked padlock. By instinct, you probably have guessed it out that the padlock can either be unlocked or locked and when unlocked, then that means you are not safe and when locked then you are safe. But let's start with some theoretical background.

HTTP and HTTPS

When you are browsing (that is accessing the internet using a web browser), you enter an address (What we technically call URL - Uniform Resource Locator) which typically specifies where on the internet you want your browser to look. A small pause. A browser is a software that you use to access the internet and examples include firefox (my favorite), chrome, Opera and others. The URL usually starts with either https:// or http://. Http is formed from Hypertext transfer protocol; meanwhile, https is formed from secure http. The two are one of the protocols employed in internet communication.

So, what's a protocol?

When we start talking of networking under which internet falls it inevitable to mention the term protocol, and it won't help if I don't define this. A protocol is simply a set of rules that governs how things should happen. Think of being in a classroom listening to a teacher explaining the migration of  River lake nilotes from southern Sudan to Uganda. Your teacher is using English, therefore English becomes the communication protocol. If your teacher for some reason starts to use Chinese, she would have broken this protocol. The same, HTTP is simply a protocol that allows you to request for some web page and receive your response to this request as a webpage. It is important to note that however much HTTP protocol seems to be the one visible to us the users, there are lots of other protocol stacks involved in internet communication, and that is a good subject for yet another article.

What's the difference between HTTP and https?

Https is not the opposite of HTTP, but a modification of HTTP. When your address starts with https://, then all your communications are encrypted. By encrypted I mean everything is jumbled around to the extent that if someone hijacked your communication, then he or she won't make any sense of the communication since it's jumbled. Contrary to https:// communications, the http:// communications are not secure and when you are using http:// everything you send over your communication, for example, password, credit card numbers can be stolen since they are not encrypted.

Should I always use https://?

Your task is to ensure that the website that you currently using is using https://. If a website is not using https:// then just know that you are not secure and if your security matters, then close the website and go for the alternatives. However, on some browsers, the https:// or http:// may be hidden but you can use the padlock to know whether your connection is under http or https

Unlocked and locked padlocks

Enough on the theoretical background, let's compare the address bar contents of two related websites: Yukudemy and Passuneb -- all e-learning platforms.

The above figure shows the URL for Yukudemy which is https://www.yukudemy.com . Most importantly, you can see that the padlock is closed. Let's look at the one for passuneb.

The URL (that's the address) of passuneb doesn't have any http indicated; however, you can see that the padlock is open and crossed with red. The red is the browser's alerting that your credentials and other sensitive information may be stolen by using this website. Therefore passuneb is purely on http://passuneb.com/

Additional notes

It's not up to you a user to implement https, instead, it's the work of the website owner to install https. Actually what usually happens is that the owners of a website are supposed to obtain an SSL (secure socket layer) certificate from a third party (Certificate Authority, shortened as CA) and then install this onto their servers that serve the website so that your communication can be encrypted. Them not doing that simply means that they are either less interested in the website or they lack enough technical and financial capabilities to make your communication secure. Your task is to leave the site.

If you are interested in learning more about the internet, I have a course hosted with Yukudemy titled, Introduction to internet, you can enroll for it. You can start by freely watching the preview video that covers a practical session covering http, https, and SSL.

Thanks a lot. Write your comments in the comment section.


Sign in with Yukudemy to comment
Comments
Photo
<% comment.commenter %> from <%comment.yukusite_detail.site_name%>