Google chrome in July 2018 started warning users with “not secure” warning when they visited non-https websites. Should you even proceed browsing a website that doesn’t start with https?
If you are not familiar with http or https, you can first read our primer on the same before you continue reading this post. Summarily https encrypts connection between your web browser and the remote server hosting a website such that intermediaries such as a hacker or your Internet Provider can’t intercept the connection and compromise contents shared.
So https gives you both security and privacy while browsing online. However, not all websites have moved to https and you have probably been forced to browser a non-https site even with “not secure” or “connection not secure” warning on browsers. Should you be concerned?
News sites, blogs and commercial websites
Not all information is treated equal, right? Browsing articles on this website for instance doesn’t have the same weight as you adding credit/debit credentials on an e-commerce site like Jumia or Amazon. If you are casually browsing a news site or reading Wikipedia, chances are that it doesn’t matter whether or not that site is secure.
You might however, be concerned if the government can criminalize you for accessing specific content online. This is particularly the case with Journalists who need to watch their online activities in-order to protect themselves or their sources. Also citizens in countries such as China where there’s heavy censorship have to take care of which content they access online. So this case, yes, you must access a website which is secure.
Related post: Why do website addresses start with http:// or https://
Take note however, that https doesn’t completely blind your online browsing activities from third parties. It only encrypts the content you are accessing. It doesn’t for instance hide DNS lookups because https and DNS are two different protocols. You can use DNS-over-HTTPS(DoH) apps such as Cloudflare’s 220.127.116.11 Android/iOS app to also hide your DNS lookups.
Major browsers like Firefox and Chrome already have support for DoH and this will rolling out in the coming months. But if you really want to go dark on preying eyes, then a VPN or Tor is the ultimate solution.
Passwords and Credit/Debit information
Browsing news, searching or social networking depending on the situation might not be that much mission critical to warrant secure https. But If you are however submitting critical data such as your username/password, credit/debit information, you must only do this with a website that’s on https. Without https, attackers can hijack your details without your knowledge and use them to their advantage. HTTPS will encrypt or turn into gibberish your credentials so that any intercepting party cant’t make sense of them.
In conclusion, to be safe, it’s always better to access a website that’s secured with an SSL certificate or https protocol. HTTPs guarantees content integrity such that attackers, ISPs or Governments can’t use your website to attack other sites or inject malicious scripts or unwanted Ads on a site’s pages that compromises users.
And if you’re a website owner yourself, you should install an SSL certificate to keep your visitors secure and even improve on your SEO ranking. You can get a free one from Lets encrypt or Cloudflare for starters or ask your web hosting provider to provide you with one.