How does adding ‘s’ to end of ‘http’ make it protected against hackers?


How does adding ‘s’ to end of ‘http’ make it protected against hackers?

In: Technology

Surely hacker have figured out about ‘s’…

The S stands for “secure”, specifically it means that the connection between your browser and the website is encrypted using the TLS protocol.

The TLS protocol does two things:

1. When you connect to the server, the server sends you a digitally signed certificate. The certificate is used by your browser to validate the server’s identity, i.e. make sure that the entity sending you the certificate is indeed reddit and not a hacker pretending to be reddit.

2. After validating the certificate, the client (your browser) and server set up an encrypted connection, so that all the data transmitted between them is encrypted. This means that it is hidden from anyone who intercepts the communication, and that it can’t be manipulated.

Adding the ‘s’ at the end of ‘http’ tells your computer to start doing a bunch of anti-hacker things without bothering you.
Namely, to start using encryption so the stuff sent is scrambled into a hacker unreadable mess, that both you and the other site can read.
Also it checks with another computer your computer really trusts called a Certificate Authority, to make sure the other guy really is who he says he is.

Adding “s” only tells your computer to use another method in connecting to site if the site set it up. The difference is the connection is encrypted so hackers can’t listen in and checks you’re connected to the real thing, not hacker sitting on the wire between you and the real thing.

There’s also an option to check you’re really you and not the hacker with your password connecting from another computer, but that is rarely used because it’s too much effort for everyone.

HTTP and HTTPS are two different protocols with HTTPS being newer and using a better security standard. HTTP doesnt encrypt while HTTPS does. This basically means if you have someone in your network that listens with a program like wireshark to what you’re doing , they’ll see in clear text whats being sent and received, unless theres another layer of encryption to the service.

This means they could potentially see your passwords, bank-account information or anything else you access using HTTP (no banks uses HTTP though)

For a site to support HTTPS it will however need an license and to have these validate will cost a bit of money for the company that owns the service you’re trying to access, most sites converted to HTTPS by now though and if it doesn’t set it as HTTPS as standard you should just avoid it