Bob |
8th October 2020 11:30 PM |
Browsers used to just show an unlocked padlock for a site not using HTTPS, but then a year or so ago most of them decided to be more vocal when you connect to a site using HTTP. They have subsequently dialled-back a little on the "the world will end if you visit this site" rhetoric as they got a lot of complaints and a lot of confused users who thought there was something wrong when it's just a case of using HTTP (un-encrypted) instead of HTTPS (encrypted). As FADU does not ask you for any personal details, it's a moot point. For sure, if you are on a site that is asking you for personal details, credit cards etc then you want to be on an encrypted connection (HTTPS).
The main thing using HTTPS prevents is a man-in-the-middle attack where you think you have logged into say, Starbucks WiFi, but you have really logged into the bloke sitting in the corner's laptop where he has a WiFi access point pretending to be Starbucks WiFi. An encrypted connection (which all banks and online shops etc will definitely use) means the data you send and receive is completely unreadable by any other computer sitting between you. All they can see is the URL you are talking to (barclays.com or whatever) - everything else will be complete gibberish.
To use HTTP a site needs a digitally signed certificate obtained from a 3rd-party trusted source (more than one which have themselves been hacked...) that identifies the site as being THAT site and no other. Maintaining, renewing and generally dealing with these certificates is a pain - especially when something goes wrong (as it inevitably does).
|