The padlock doesn't mean what you think it means

Everyone knows the padlock in the browser address bar means the site is "secure". But secure in what sense? Most people assume it means the site is trustworthy. It doesn't. It means the connection is encrypted. Those are very different things.

A phishing site can have a padlock. A site stealing your credit card details can have a padlock. The padlock tells you nobody is intercepting the traffic between your browser and the server - it says nothing about what the server itself does with your data.

So what does HTTPS actually do?

It wraps HTTP traffic in TLS (Transport Layer Security), encrypting everything in both directions. Your request, the response, the cookies, the headers - all of it. Without HTTPS, anyone on the same network can read it in plain text.

Three things HTTPS gives you:

So what does HTTPS actually do?

Three things HTTPS gives you:

The padlock doesn't mean what you think it means

The padlock doesn't mean what you think it means

Other newsrooms on this story

Related reading

How HTTPS Authenticates Websites Using SSL/TLS 🔐

Security Is Not Privacy, Part 2: The Guard Tower PC

Search This New Password Hack List Now — If You Find Yours, Delete It

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open…

Address bar shows hp.com. Browser displays scammers’ malicious text anyway.

Password managers' promise that they can't see your vaults isn't always true

Other newsrooms on this story

Related reading

How HTTPS Authenticates Websites Using SSL/TLS 🔐

Security Is Not Privacy, Part 2: The Guard Tower PC

Search This New Password Hack List Now — If You Find Yours, Delete It

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open…

Address bar shows hp.com. Browser displays scammers’ malicious text anyway.

Password managers' promise that they can't see your vaults isn't always true