HTTPS is much more secure than HTTP. When you connect to an HTTPS-secured server—secure sites like your bank’s will automatically redirect you to HTTPS—your web browser checks the website’s security certificate and verifies it was issued by a legitimate certificate authority. This helps you ensure that, if you see “https://bank.com” in your web browser’s address bar, you’re actually connected to your bank’s real website. The company that issued the security certificate vouches for them. Unfortunately, certificate authorities sometimes issue bad certificates and the system breaks down. Although it isn’t perfect, though, HTTPS is still much more secure than HTTP.
When you send sensitive information over an HTTPS connection, no one can eavesdrop on it in transit. HTTPS is what makes secure online banking and shopping possible.
It also provides additional privacy for normal web browsing, too. For example, Google’s search engine now defaults to HTTPS connections. This means that people can’t see what you’re searching for on Google.com. The same goes for Wikipedia and other sites. Previously, anyone on the same Wi-Fi network would be able to see your searches, as would your Internet service provider.
Why Everyone Wants to Leave HTTP Behind
HTTPS was originally intended for passwords, payments, and other sensitive data, but the entire web is now moving towards it.
In the USA, your Internet service provider is allowed to snoop on your web browsing history and sell it to advertisers. If the web moves to HTTPS, your Internet service provider can’t see as much of that data, though—they only see that you’re connecting to a specific website, as opposed to which individual pages you’re viewing. This means much more privacy for your browsing.
Even worse, HTTP allows your Internet service provider to tamper with the web pages you’re visiting, if they want. They could add content to the web page, modify the page, or even remove things. For example, ISPs could use this method to inject more advertisements into web pages you visit. Comcast already injects warnings about its bandwidth cap, and Verizon has injected a supercookie used for tracking ads. HTTPS prevents ISPs and anyone else running a network from tampering with web pages like this.
And, of course, it’s impossible to talk about encryption on the web without mentioning Edward Snowden. The documents leaked by Snowden in 2013 showed that the US government is monitoring the web pages visited by Internet users around the world. This lit a fire under many technology companies to move towards increased encryption and privacy. By moving to HTTPS, governments around the world have a tougher time viewing all your browsing habits.