Most internet traffic is now sent over an HTTPS connection, making it "secure". After all, Google warns that unencrypted HTTP sites are "insecure". So why is there still so much malware, phishing and other dangerous online activities?
When you visit a website using HTTPS, Chrome used to say the word "Safe". Now it shows you a green padlock in the address bar. Conversely if you enter an HTTP address the padlock is lost, in its place there is an exclamation mark in a circle, and the word "Unsafe" is written.
This is partly because HTTPS is now considered the new core standard. However, the word "Secure" has left Chrome because it was a bit misleading. It looks like Chrome guarantees the contents of the site, and that everything is safe on that page. But this is not true. A "secure" HTTPS site could contain malware or be a fake phishing site.
HTTPS is a data transfer protocol and it does a great job, but it does not do everything securely. It's like the standard HTTP protocol for linking to websites, but with an extra level of secure encryption.
This encryption prevents malicious users from stealing your data during transit and stops attacks during the communication process. For example, no one can track the payment details you send to an HTTPS site. Ή you can not interfere in your communication with a site and deliver to you that site modified at will.
In short, HTTPS ensures that the connection between you and this particular site is secure. No one can steal it or violate it. But that does not really mean that a website is "safe".
HTTPS alone does not mean that you are using a secure connection to a particular site. The word "Safe" says nothing about the content of this site. It only means that the site administrator has purchased a certificate and has created encryption to secure the connection.
For example, a dangerous site full of malicious downloads may be delivered over HTTPS. This means that the site and the files you receive are sent over a secure connection, but may not be secure.
Likewise, one criminal could to buy a domain like “aticabank.gr”, to get an SSL encryption certificate for it and to imitate the real website of Attica Bank. It would be phishing to have a "secure" padlock, but that would mean having a secure connection to a phishing site.
Although browsers have been using phrasing for years, HTTPS sites are not really "secure". Sites that change protocol from HTTP to HTTPS help solve some problems, but they do not end the scourge of malware, phishing, spam, and other scams on the Internet.
The shift to HTTPS is still great on the Internet. According to Google statistics , 80% of web pages uploaded via Chrome to Windows are handled via HTTPS. And Chrome users on Windows spend 88% of their browsing time on HTTPS sites.
This transition makes it more difficult for criminals to track your personal data, especially on public Wi-Fi or other public networks. It also greatly eliminates the chances of being attacked when you are on a public Wi-Fi network.
For example, suppose you are downloading an .exe file of a program from a website while you are connected to a public Wi-Fi network. If you are connected via HTTP, the Wi-Fi provider could violate the download and send you a different, malicious .exe file. If you are connected to HTTPS, the connection is secure and no one can violate the software download.
This is a huge victory in terms of internet security! But it is not a panacea. You should continue to use basic safety practices to protect yourself from malware and phishing sites