Why is HTTPS such a big deal nowadays?

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
anotheri
Level 1
Level 1
Posts: 15
Joined: Mon Jan 22, 2018 11:34 pm

Why is HTTPS such a big deal nowadays?

Post by anotheri » Tue Mar 20, 2018 12:35 am

For the past maybe 5 years or so I've been hearing the constant harping about "HTTPS", recently the big players like Google, web browser makers, etc want to list sites that still use HTTP has "unsafe" or somehow blacklist them.

I get what HTTPS is, I use encryption everywhere myself, SSL/TLS connections to everything, Open VPN 256, HTTPS everywhere extensions on the browser, etc..

With that said, why is it such a big deal all of a sudden, especially in the past say 5-6 years?

We got along just fine with HTTP only sending stuff in the clear for 15-20 years before HTTPS starting taking over. I had no problem using ebay, doing online shopping, banking, e-trade securities, etc in the early 2k through HTTP, no digital certs, etc. Using unencrypted coms was considered acceptable for the majority of the internets life thus, what changed all of a sudden to make this such a security vulnerability? Like it would be considered blasphemy nowadays to conduct any kind of online transaction without at least HTTP.

I'm genuinely curious about what changed. About the only thing I can think of is the prevalence of wireless networks vs wired only networks since the late 90's/early 2k vs now. The whole point of HTTPS is preventing MITM attacks, which is stupid easy nowadays over wireless networks transmitting unencrypted information (like when you don't use HTTPS) but back in the day of wired only single point internet access (your desktop at home plugged into a modem), even with stuff being sent in the clear there wasn't really anywhere to Man-In-The-Middle attack from unless you tapped into the local ISP's physical network. Then again I don't know anything, that's just my educated non-computer guy guess.

Petermint
Level 4
Level 4
Posts: 436
Joined: Tue Feb 16, 2016 3:12 am

Re: Why is HTTPS such a big deal nowadays?

Post by Petermint » Tue Mar 20, 2018 1:14 am

With thousands of big companies and countries tracking your every visit to a Web site, HTTPS provides a little bit of privacy. All your private details are still published by Faceblab, Twit, and Tinder to anyone who has money. If you happen to not use Facebleak or Tweeker and prefer to meet humans instead of photoshopped images, HTTPS will help a tiny little bit.

User avatar
smurphos
Level 5
Level 5
Posts: 941
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: Why is HTTPS such a big deal nowadays?

Post by smurphos » Tue Mar 20, 2018 1:55 am

anotheri wrote:
Tue Mar 20, 2018 12:35 am
I'm genuinely curious about what changed. About the only thing I can think of is the prevalence of wireless networks vs wired only networks since the late 90's/early 2k vs now. The whole point of HTTPS is preventing MITM attacks, which is stupid easy nowadays over wireless networks transmitting unencrypted information (like when you don't use HTTPS) but back in the day of wired only single point internet access (your desktop at home plugged into a modem), even with stuff being sent in the clear there wasn't really anywhere to Man-In-The-Middle attack from unless you tapped into the local ISP's physical network. Then again I don't know anything, that's just my educated non-computer guy guess.
This - plus there is no control over who might sniff your data once it's left your ISP network (assuming you trust your ISP and it's staff - I wouldn't) on it's way to the destination IP. That has always been the case, but the industry has only cottoned on recently. In these days of state sponsored mass surveillance HTTP is a privacy no-no.

rene
Level 7
Level 7
Posts: 1809
Joined: Sun Mar 27, 2016 6:58 pm

Re: Why is HTTPS such a big deal nowadays?

Post by rene » Tue Mar 20, 2018 3:04 am

anotheri wrote:
Tue Mar 20, 2018 12:35 am
I'm genuinely curious about what changed.
The internet. Its usages and usage level and resulting attempts and level of attempts by relatively serious criminals to obtain your financial and/or identity data.

While, as you concentrate on, encryption between your computer and the website is in that sense already often advisable, the authentication offered by the SSL certificate may be of even more direct importance. That is, you being assured by "the green lock icon in your address bar" that it is in fact your bank's website you see in front of you; not a spoofed version you were directed to by (email) link, or even by malicious DNS, so as to obtain your login data. It is also important said "green lock icon" gets to be the by users expected situation: it's only after a sufficient percentage of sites offer it that browsers can get serious about warning when it is not present.

So encryption good, authentication very good, expected authentication quite good. And progressively better while the internet penetrates ever deeper into lives -- and criminals ever deeper into the internet.
Last edited by karlchen on Sun Apr 08, 2018 3:36 pm, edited 1 time in total.
Reason: removed unproven assumption about geographical origin of cyber-criminals from the last sentnece

Post Reply

Return to “Other topics”