Most internet traffic is now sent over an HTTPS connection, making it "secure". After all, Google warns that unencrypted HTTP sites are "insecure". So why is there still so much malware, phishing and other dangerous online activities?
When you visit a website using HTTPS, Chrome used to say the word "Safe". Now it shows you a green padlock in the address bar. Conversely if you enter an HTTP address the padlock is lost, in its place there is an exclamation mark in a circle, and the word "Unsafe" is written.
This is partly because HTTPS is now considered the new core standard. However, the word "Secure" has left Chrome because it was a bit misleading. It looks like Chrome guarantees the contents of the site, and that everything is safe on that page. But this is not true. A "secure" HTTPS site could contain malware or be a fake phishing site.
HTTPS is a data transfer protocol and it does a great job, but it does not do everything securely. It's like the standard HTTP protocol for linking to websites, but with an extra level of secure encryption.
This encryption prevents malicious users from intercepting the data in transit and stops attacks during the communication process. For example, no one can track the payment details you send to an HTTPS website. Or you can't interfere with your communication with a website and deliver that website to you modified at will.
In short, HTTPS ensures that the connection between you and this particular site is secure. No one can steal it or violate it. But that does not really mean that a website is "safe".
HTTPS by itself, all it means is that you are using a secure connection to a particular website. The word "Safe" says nothing about the content of this site. All it means is that the Admin of the site has purchased a certificate and generated encryption to secure the connection.
For example, a dangerous site full of malicious downloads may be delivered over HTTPS. This means that the site and the files you receive are sent over a secure connection, but may not be secure.
Likewise, one criminal could to buy a domain like “aticabank.gr”, to get an SSL encryption certificate for it and to imitate the real website of Attica Bank. It would be phishing to have a "secure" padlock, but that would mean having a secure connection to a phishing site.
Although browsers have been using phrasing for years, HTTPS sites are not really "secure". Sites that change protocol from HTTP to HTTPS help solve some problems, but they do not end the scourge of malware, phishing, spam, and other scams on the Internet.
The shift to HTTPS is still great on the Internet. According to Google statistics , 80% of web pages loaded through Chrome on Windows, is trafficked over HTTPS. And Chrome users on Windows spend 88% of their browsing time on HTTPS sites.
This transition makes it more difficult for criminals to track your personal data, especially on public Wi-Fi or other public networks. It also greatly eliminates the chances of being attacked when you are on a public Wi-Fi network.
For example, suppose you are downloading an .exe file of a program from a website while you are connected to a public Wi-Fi network. If you are connected via HTTP, the Wi-Fi provider could violate the download and send you a different, malicious .exe file. If you are connected to HTTPS, the connection is secure and no one can violate the software download.
This in terms of better safetys of the internet is a huge win! But it's not a panacea. You should still use basic safety practices to protect yourself from malware and phishing sites
Right! However, this with the "bank" made me happy as much as I can not describe since all banks are just as dangerous (for the masses).
Honestly, my respect for you.