Hypertext Transfer Protocol Secure (HTTPS)

By Sean Toru | last updated 28th December 2020


Hypertext Transfer Protocol Secure (HTTPS)

What is HTTPS

HTTPS is a secure ‘protocol’ by which web pages can be sent from a remote web server to your browser without anyone in the middle being able to read their content. When you see https:// in a URL, or a padlock in your browser's address bar, it means the contents of the communication between your computer and the remote web server are ‘encrypted’.

If you were to load your bank statement via HTTP, rather than HTTPS, then there would be nothing stopping the various companies that run the internet hardware that the statement passed through on its way to you from reading its contents. Thankfully your bank would prevent you from loading a statement via HTTP however.

HTTPS works like most modern encryption, via ‘public key cryptography’. There is a mathematical foundation to this based on the manipulation of prime numbers. The upshot is that at the start of each connection you make with the remote server, ‘certificates’ are created that your computer and the remote machine then use to ‘encrypt’ any data sent - making it appear like gobbledygook to anyone who intercepts without the certificate to ‘decrypt’ it.

Why was the web not built to be secure in the first place?

The Internet is a global network of servers, cables and routers that allows computers to communicate remotely with each other, as well as the agreed upon ‘protocols’ by which this communication should abide . It is an incredibly robust network that is decentralised and not owned/controlled by any one organisation. This is a result of it being created by the American military to be used in the event of nuclear armageddon.

The world wide web is a set of protocols by which ‘Hypertext’ documents (aka web pages) can be sent between each other over the internet. It was conceived and developed mainly by academics in the USA and Europe. These academics thought it would be cool to share their research papers, they did not envision Cambridge Analytica. This is why HTTP is unencrypted. It’s more secure equivalent - HTTPS - was then created way later when the web became mainstream and it became apparent that HTTP would not cut the mustard.

Related Terms

Do you want to contribute to this page?