If you use Chrome, you might have noticed today that you occasionally get security alerts when you visit certain sites. This is due to a new update (Chrome 68) which will tell you if a website you are visiting is not using HTTPS.
Google has been strongly advocating HTTPS for months now. Prior to the update Chrome would tell you if a site was 'secure' but now it flags up any site not using HTTPS.
So what's the big deal with HTTP vs HTTPS?
HTTP was developed by Tim Berners-Lee in 1989, and it is a protocol defining how data is transmitted over the internet. The problem with it is that when the data is transmitted between the server hosting the website, and the end user on their computer or mobile device, it is not encrypted. This means that the transmitted data is vulnerable to 'man-in-the-middle' attacks, where a third party can also access the data. HTTPS ensures that the data is encrypted when it travels between the two parties, and therefore cannot be monitored. The 'S' at the end of HTTPS stands for 'secure'.
There are many sites still not using HTTPS, as listed by Why No HTTPS?
Should I avoid using HTTP?
You should be aware that the data you transmit and receive to insecure websites could be vulnerable. In addition, hackers could redirect you to fake websites, insert adverts onto the pages you are viewing, or even use your resources to mine cryptocurrency. If you are inputting sensitive information, such as usernames / passwords, credit card details, or personal information, then you should always avoid doing it over an insecure connection.
Many websites, including this one, have already made the transition to HTTPS, but be on the look-out for sites that don't. There are many popular sites that have not yet made the transition to HTTPS, and the biggest UK site to be still using HTTP is The Daily Mail.
If you're a site owner or developer looking to move to HTTPS, Google have some useful information here: Why HTTPS Matters