Every URL starts with a protocol, a name which identifies how it should be processed. The name is followed by “://”. On the Web, it’s almost always either HTTP or HTTPS. The protocol name is followed by the character sequence “://”, to the annoyance of people entering it on a phone or tablet. The browser may let you leave it out when typing, but it has to guess it for you. When you create a link in an HTML page, you always have to include the protocol, e.g., https://www.example.com.

The difference between the two is that HTTPS provides security and HTTP doesn’t. An HTTPS link uses the TLS (transport layer security) communication protocol, which often goes under the obsolete name of SSL. In common usage, SSL and TLS mean the same thing. It gives you three advantages over plain HTTP:

1. It encrypts the data in transit in both directions. Anyone intercepting the data will find it effectively impossible to tell what information is being sent back and forth. They can, however, tell what domain you’re communicating with.
2. It verifies the identity of the domain you’re getting data from. With an HTTP connection, someone in the middle (e.g., a public Wi-Fi hotspot) can impersonate the domain.
3. It prevents alteration of data in transit. Only the holder of the TLS certificate can encrypt the data correctly. Any attempt to alter it will only turn it into gibberish.

(more…)