“Does HTTPS matter?” a friend of a friend asked. “I heard it does. Is that still true?” Yes, yes, and yes. Here’s why.
HTTP connections are unencrypted. HTTPS connections are encrypted. You can tell when you’re using HTTPS because the URLs start with https:// instead of http://, and your location bar will have a lock in it. Encryption is good.
Encryption is a complex subject, but there’s an everyday, real-world example of it. If you’re old enough, you may remember a time when it was easy to steal cable television. You could just run a cable from your neighbor’s connection over to your house and enjoy cable for free until someone noticed.
Cable companies started scambling their signals to put an end to that. Today, if you plug your neighbor’s cable line straight into your TV, you see snow. If you have a cable box, it has the code in it to descramble the snow into a viewable picture.
Cable box scrambling is a form of encryption.
So why does encryption matter online? Two reasons.
Protecting sensitive data
First, it keeps things like your credit card numbers and your passwords private. Without encryption, a guy with my skills can get in between you and the web site and siphon off all the credit card numbers and passwords. Without encryption, Amazon.com couldn’t stay in business.
Safety in numbers
Second, the more things that we encrypt, the safer your credit cards and passwords will be. When you only encrypt the really important stuff, it has a kick me sign on it. Granted, it’s a guy in a suit of armor with a kick me sign, but still, it stands out. If we encrypt mundane stuff like muffin recipes and pictures of cats, then the passwords and credit card numbers don’t stand out as much. If someone tries long enough, they can break the encryption. The greater their chances of getting a cat photo instead of a password, the less likely they’ll bother. If you run a blog, here are some tips for enabling https in WordPress so you can help.
Encrypting also reduces the amount of metadata governments and corporations can collect on you. Metadata is data about data, but that also means it’s data without context. Data without context is dangerous. If you have nothing to hide, I’m happy for you. But metadata can obscure the fact you have nothing to hide and make it look like you’re guilty of something you’re not. In the example I linked above, metadata can make me look like I’m having an affair when I was just getting a turkey sandwich. Without context, innocence looks like whatever you’re looking for.
That’s why HTTPS does matter. If anything, it matters more every day.