Lazy quick explanation targetted at… well someone who would ask this question.
Basically http is unencrypted, meaning it’s transmitted in plain text. Imagine it like mailing a letter, in a clear plastic envelope. Meaning that should they care to, every single postal worker that the letter passes hands to between the destination and source, could read anything they want, and you’d be none the wiser. Hell they even have enough information that if one was actually malicious they could open your letter, change what you wrote, and no one could tell the difference.
HTTPS, basically does 2 very important things. 1. it basically turns it into a language that only the intended person can read, meaning no one between the source and destination has any potential to read what is being transmitted. 2. it allows both sides to prove who sent everything.
You mentioned it, but I want to re-iterate this. The most important part of HTTPS isn’t that it’s hidden from anyone else, it’s that you can prove that data was actually sent by the website you expected, and it wasn’t altered in transit.
With HTTP, someone in-between can change the data, or hijack the whole session and you’ll never know. With HTTPS, anyone in-between must pass along the data (mostly) unaltered (except in very specific situations).
Lazy quick explanation targetted at… well someone who would ask this question.
Basically http is unencrypted, meaning it’s transmitted in plain text. Imagine it like mailing a letter, in a clear plastic envelope. Meaning that should they care to, every single postal worker that the letter passes hands to between the destination and source, could read anything they want, and you’d be none the wiser. Hell they even have enough information that if one was actually malicious they could open your letter, change what you wrote, and no one could tell the difference.
HTTPS, basically does 2 very important things. 1. it basically turns it into a language that only the intended person can read, meaning no one between the source and destination has any potential to read what is being transmitted. 2. it allows both sides to prove who sent everything.
You mentioned it, but I want to re-iterate this. The most important part of HTTPS isn’t that it’s hidden from anyone else, it’s that you can prove that data was actually sent by the website you expected, and it wasn’t altered in transit.
With HTTP, someone in-between can change the data, or hijack the whole session and you’ll never know. With HTTPS, anyone in-between must pass along the data (mostly) unaltered (except in very specific situations).