All HTTPS ensures is that your conversation stays private between you and whatever follows after the https – so, if you’re reaching out to https://reddit.whatever, only reddit should be able to read/hear/see whatever it is you want to share, and no other party can snoop on this conversation. What reddit chooses to do with this information is up to them, of course.

To give an analogy, it is the equivalent of writing in a coded language and passing notes to your friends. Anyone intercepting these notes will have no idea what it is you’re writing, but your friend can use the notes to build a profile of you and recommend the cool new jeans he’s heard a lot about that all the cool kids are wearing.

the connection is encrypted, so the traffic thats sent over it isnt altered or snooped on.

its not an anti tracking measure, nor does it prevent embedded functionality on the page you securely received from doing stuff.

Security is not the same as privacy.

Tracking your activity is not an security issue its a privacy issue.

Tracking literaly just means recording (aka logging) what websites you request and how you move your mouse and all that.

You can send that information over an encrypted channel like HTTPS.

HTTPS only encrypts what you send between you and the website. The website owner still gets to decrypt and see everything.

You’re talking to Taylor Swift at Starbucks. But you two know a language that no one else knows. So you and Tay Tay speak to each other, and can understand each other perfectly.

Anyone else in that Starbucks sees and knows exactly who you’re talking to, but they can’t understand what you are saying.

Security is very much a case of eating an elephant one bite at a time, and you need to be careful when describing something as secure: you have to be very specific about what it is that’s secure, and against what attackers. What bit of the elephant you’re biting off, sort of thing.

HTTPS is secure in the sense that, when you talk to a website using HTTPS, I can’t eavesdrop on that conversation. Anything running on your computer might be able to see the data before it’s sent, anything running on the website’s servers could potentially read the data after it’s received, the security guarantees are specifically about that step in between.

It’s like the difference between sending a postcard and a letter in an envelope. With a post card every one can see who it is going to and read your message. With an envelope every one can see where it is going but nobody can read it without opening the envelope.

HTTPS puts your letter in a sealed envelope.

One way social media tracks you is through “tracking pixels.”

Essentially:

* Facebook pays Wally’s Window Warehouse a lot of money.
* You visit Wally’s Window Warehouse in your browser.
* Your browser establishes a secure connection with the Wally’s Window Warehouse’s website.
* Wally’s Window Warehouse sends your browser a list of all the elements it wants to show on the web page (images, scripts, fonts, etc.)
* Your browser goes through the list and makes separate requests to download them. Some of them come from other sources, like fonts from google.
* On that list is a single 1×1 pixel image called “wally.gif” hosted on Facebook’s server.
* Your browser requests that image from Facebook.
* Facebook recognizes your browser when it sends the request, because it’s seen other requests from your browser before.
* Facebook now knows that you visited the website for Wally’s Window Warehouse.

HTTPS only protects you from MiM (man in the middle) attackers. It doesn’t protect either end of the conversation from the other.

Imagine conversing with someone trough post. Your envelopes are such that nobody can open them except you and that person can open or seal them. When you send a letter, you know only the intended recipient will be able to read it. When you receive a sealed letter, you know only that person could have sealed it. You know none is compromising or reading the conversation. This doesn’t prevent the person you are talking with (which would be mr. Facebook in this case) from keeping data about you (which you’re sending), or even trying to scam you in some way.

HTTPS protects from snooping. Say you’re in a busy restaurant – it prevents the waiter, the people at the table over, and passerbys from hearing… but keeping your secrets is a trust issue with the people you’re telling.

It just means the connection between the website and your device is encrypted. This doesn’t prevent the website from spying on you but it prevents other people from snooping on what you’re doing on the website. The site has legal permission to spy on you, you give them permission to collect an enormous variety of information about you including what you do on other websites. That’s how they make their money