HTTP is the standard used for shuttling information around the Web. HTTPS is the secure version (S is for secure).

HTTPS (Hypertext Transfer Protocol Secure) is mostly used for payment transactions, but is increasingly being used for standard browsing as well.

When you’re browsing the internet over regular HTTP, it’s easy for people to peek in and see what’s going on. Between your browser and, for example, Amazon, there are dozens of connections, starting at your wireless router and ending at Amazon’s web server.

At any one of these stopover points a malicious user could intercept the information you are sending to Amazon and read it before passing it along. If all you did was search for a book, no big deal, but what if you put in your credit card information? No good at all!

HTTPS uses a security protocol called SSL to avoid this. Every time you’re connecting to Amazon via HTTPS, two things happen:

1) The web server verifies its identity using an SSL certificate, which is sort of like an ID card for a web server. Your web browser compares the SSL certificate to a list of SSL certificates it trusts, and only shares your information if it checks out.

2) Next, your browser and the web server agree on a secret code that they will use to encrypt all of your HTTPS transmissions. This protects you from eavesdroppers listening in. Because of the way HTTPS works, even if a malicious user listens in on web browser and the web server agreeing on the secret code, they still won’t be able to understand your HTTPS communications!

So HTTPS lets your computer confirm that the server it’s talking to is the right one (be it Amazon, Google, or Facebook), and then makes sure that neither hackers nor nosey folks can read the information being passed back and forth. So next time you see an https:// up in your URL bar, you’ll know you are in good hands!

Cocktail Party Fact

There’s a movement to encourage sites to use HTTPS for all communication. You might think that encrypting credit card information is enough, but why not make your Facebook updates and news-reading habits secure, too? The Electronic Frontier Foundation has developed a plugin called HTTPS Everywhere to help protect your privacy on the Web. It only works for Firefox and Chrome at the moment, but it’s a start!