Last Year, Google announced something that made Web Designers and more importantly Website Hosting Companies lives a bit tougher by making some changes to its algorithm. It is now programmed to consider whether a site is HTTPS or HTTP.
However, it does not necessarily mean that everyone should switch to HTTPS. This is what Google says on HTTPS:
“You can make your site secure with HTTPS (Hypertext Transport Protocol Secure), which protects the integrity and confidentiality of your users’ data. For example, when a user enters data into a form on your site to subscribe to updates or purchase a product, a secure site protects that user’s personal information and ensures that the user communicates with the authorized owner of the site.”
HTTP vs HTTPS
HTTPS is useful for sites that collect and transmit personal information. Banks, e-commerce sites, social networks and online schools need to have HTTPS in place to make sure any 1 visiting the site, that all their information is protected.
Now, everyone understands when security is involved, especially when it comes to sensitive information there is no compromise, it should be secured, but lately, this is not what is happening. There is a sense of urgency among people to get their sites completely on HTTPS for the sake of getting improved rankings on the search engine, which is crazy.
HTTPS only protects against a very limited number of site vulnerabilities. It makes the Police’s job of tracking and spying on internet users more difficult. HTTPS does not protect against hackers, brute force attacks, DDOS attacks, cross site scripting, server or other database exploits.
In HTTP, your data travels in clear text format. So, if I am reading a post or a news blog and that data is attacked, then there is no harm in it as the attacker will only be reading the same news.
Rather than switching your whole site to HTTPS, you need to understand which parts of a website needs to be switched to SSL and which parts carry important user data that we would not want to be compromised. For that, we first need to understand what actually HTTPS is.
What is HTTPS?
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to prevent wiretapping and man-in-the-middle attacks. [Source: Wikipedia]
We use HTTPS when there is data transmission of a sensitive nature, for e.g. credit card numbers, security credentials banking details. But if you are visiting a news site or a blog in which there is NO classified information, then potentially its a waste of resources to put it under HTTPS.
HTTPS is slower than HTTP and takes more resources.
SSL communication is a 5-step process and on 6th step data transmission occurs. While on the http protocol, the request completes in just 2 easy steps.
Turning your complete traffic over to https will have more bad effects rather than good. Network latency can also be a factor here as a router which transmits 2 million requests would now have to transmit 6 Million requests because the search engines are providing more benefits to HTTPS sites. For us, that is not a good way of using resources.
To HTTPS or not to HTTPS?
This in no way means we are against SSL. But the point is that if you have confidential information, only then should you deploy the HTTPS protocol. However, security comes at a compromise of slowing down by a few seconds. Therefore, pick wisely when you are implementing SSL on your website.
But, in any case, you want HTTPS for your website then deploying one is a headache unless you are a Seventeen Digital Customer.