Say you want to use the internet to do e-commerce, such as buy something from amazon.  In order to do this, you need to send your credit card number and other sensitive information across the Internet.  Over a normal HTTP connection, this data can be easily intercepted by an attacker.  This kind of attack is known as a Man-In-The-Middle attack.  There are many examples of things people do on the Internet in which some form of encryption should be used to protect that person.  The current solution to this problem is to encrypt the data before sending it in such a way that only the intended recipient will be able to decrypt it.  It’s called HTTPS (the ‘s’ stands for secure) and you’ve probably used it without even knowing it.

What I’d like to teach you is how to determine whether or not your connection is HTTP or HTTPS.  When you are using HTTPS, you can be sure that your personal information will safely and securely reach the destination*.

the difference is in the url that you type in to your internet browser. HTTP links are prefixed with “http://”, like the following example:

http://mail.google.com

On the other hand, HTTPS links are prefixed with “https://”, like the following example:

https://mail.google.com

Luckily, sites which would like to ensure their users connect securely, can re-direct you to HTTPS if you try to access HTTP.  Some sites like the example above, Gmail, will force secure communication.  This means if you manually type in http://mail.google.com and your browser fails to redirect you, Gmail will refuse your connection.

An easy way to tell the site you’re currently viewing is using HTTPS, click the lock icon in the left of the url bar:

If you click on “Certificate Information”, you can find out more about the certificate the website is using.

* This is not entirely true.  HTTPS traffic can be sniffed and decrypted by certain entities.  Many governments have the ability to intercept secure http traffic.  Also there have been several recent breaches of so-called “Certificate Authorities”, which have led to a handfull of rogue counterfeit certificates.  There are also tactics which one can use on a local area network to steal secure http traffic.  However, these methods are much less practical, and much less prevalent.  The fundamental difference comes down to http traffic traveling across the internet in plaintext, where as http secure traffic is encrypted and only readable by the intended receiver.