This article was written by Don VanSyckel, the club president, as a part of "The President's Pen". This article appeared in the April 2018 WYSIWYG newsletter.
HTTP versus HTTPS
by Don VanSyckel
As you surf the web have you noticed some web sites switch the address from http: to https:? Do you know what this means? When the web started there were no spies, personal information wasn't being transferred, and no banking information was being used. The web uses HTTP to transfer data. This stands for hypertext transfer protocol. The 'HT' in HTML is hypertext, the 'ML' is markup language. So HTTP moves or transfers HTML. This worked so good that over the years more and more items and processes have moved to the web.
Unfortunately there's always devious and dishonest people lurking about and as the web became more popular the bad guys moved in. To keep things private security was added to the transfer process making it HTTPS, where the 'S' stands for secure. Web sites requiring transfer of sensitive or private information started using the HTTPS protocol to protect their users from thief of information such as user IDs, passwords, account numbers, and other information of this type.
Your web browser when using HTTPS uses a certificate from the web site to encrypt the data being sent to the site and to decrypt data received from the site. This way no one can spy on you by 'watching' your web traffic and then use that information to drain your bank account or order products to be delivered to them.
The people at Google, the same people who spy on your web searches and gmail message, got it into their heads that everybody should be using HTTPS for everything. They are currently pushing this and lobbying for web browsers to label any web site not using HTTPS as insecure. For instance, the SHCC web site information transferred isn't too secretive because anyone can go to the site and see everything themselves directly. So in this case adding security isn't going to do very much. This is the case with many web site but every site is being squeezed to deploy certificates and move to HTTPS.
I don't know if there are any open source (free) sources of certificate but I do know there are pay sites that will supply them. So at some point in the next year or so we'll have to switch our web site over to HTTPS. Oh, I forgot to mention, HTTPS sites will get higher priority in search engines. This means sites using HTTPS will be listed first. Or sites not using HTTPS will be penalized and be listed last or not at all.
Don't get me wrong, I'm not against using HTTPS but I believe it's not needed for every site and it's being pushed in a rather heavy handed manner by a handful of companies that believe they know what's best for all of us. This leaves me with a much less than favorable opinion of the entire process.
End of Article