WEBVTT 00:00:00.000 --> 00:00:07.360 Most web addresses these days start with HTTPS, which implies that your 00:00:04.920 --> 00:00:10.880 connection to the website is secure in some way. You know, the S, that's what 00:00:08.800 --> 00:00:16.880 the S stands for. But, what exactly is HTTPS, and how safe is it really keeping 00:00:14.160 --> 00:00:20.200 you? HTTPS is a protocol that encrypts information sent over the internet. 00:00:18.680 --> 00:00:24.240 Specifically, the content that's traveling between your PC or phone and 00:00:22.800 --> 00:00:28.400 the server for the website you're viewing. Without HTTPS, any of that 00:00:26.560 --> 00:00:32.080 content, such as private messages, payment info, or the videos you're 00:00:29.880 --> 00:00:36.280 watching, could be intercepted by an attacker or snoop, such as someone with 00:00:34.520 --> 00:00:40.520 a packet sniffing program connected to the same Wi-Fi network, or by an IT 00:00:38.400 --> 00:00:44.880 administrator monitoring traffic at your office. And yes, there are ways that 00:00:43.240 --> 00:00:49.040 your employer could still look at your web traffic, such as through a proxy, 00:00:46.920 --> 00:00:52.840 but I'm sure all of you are on your best behavior on the job. 00:00:50.920 --> 00:00:57.600 Although most websites these days use HTTPS, this wasn't always the case. But, 00:00:55.880 --> 00:01:02.200 why? Well, it had to do with how security certificates worked. That's the 00:00:59.920 --> 00:01:06.480 electronic document used to generate the HTTPS encryption. Not only does it 00:01:04.519 --> 00:01:10.920 contain a public key, but it also enables another important function of 00:01:08.160 --> 00:01:15.440 HTTPS. It lets a user know the site that they're accessing is indeed what the URL 00:01:13.400 --> 00:01:19.680 says it is. Although anyone can make a certificate, it needs to be signed by an 00:01:17.520 --> 00:01:23.920 organization called a certificate authority in order for your browser to 00:01:21.840 --> 00:01:27.720 recognize it as valid and give you that nice little padlock icon up in the 00:01:25.760 --> 00:01:31.680 corner. It makes me feel so nice. For a certificate authority to sign a 00:01:29.320 --> 00:01:36.000 certificate, the website owner needs to show that they actually control the 00:01:33.480 --> 00:01:39.800 domain name on the certificate. Without a certificate authority signature, the 00:01:37.680 --> 00:01:45.200 encryption will still technically work if the certificate owner self-signs it, 00:01:42.760 --> 00:01:49.560 but the issue is that you, the user at home, won't know who's on the other end 00:01:47.680 --> 00:01:53.600 of the connection. It could very well be an attacker ready to steal your data. 00:01:51.920 --> 00:01:57.880 The problem for a long time was that certificate authorities charged money 00:01:55.760 --> 00:02:01.640 for this service, up to several hundred dollars a year, which many site owners 00:02:00.080 --> 00:02:07.000 just didn't want to bother with, especially if they were running smaller websites. But nowadays, it's easy to get 00:02:05.000 --> 00:02:12.120 certificates signed for free, in large part due to a nonprofit authority called 00:02:09.600 --> 00:02:15.920 Let's Encrypt, backed by the Electronic Frontier Foundation, as well as several 00:02:14.040 --> 00:02:19.240 large tech companies. And there's the fact that Chrome started displaying 00:02:17.480 --> 00:02:22.680 aggressive-looking warnings whenever you visited a site without a certificate 00:02:20.720 --> 00:02:27.720 signed by a recognized authority. That got HTTPS adopted rolling a bit quicker, 00:02:25.480 --> 00:02:32.080 but do keep in mind you won't see this warning if a site doesn't use HTTPS at 00:02:30.280 --> 00:02:37.040 all, so be sure to glance up at the address bar to see if the site is just 00:02:33.880 --> 00:02:39.320 using plain HTTP. So, HTTPS is now 00:02:37.040 --> 00:02:43.000 widespread and clearly plays a vital role, but there are also lots of 00:02:41.200 --> 00:02:46.720 misconceptions about it that have led some folks to believe more of their 00:02:44.840 --> 00:02:51.960 browsing activity is private than it actually is. We'll tell you what HTTPS 00:02:49.480 --> 00:02:55.480 doesn't do right after we thank Soylent for sponsoring this video. Soylent is 00:02:54.000 --> 00:02:59.360 where science meets taste, affordability, and sustainability. Their 00:02:57.640 --> 00:03:02.720 nutrient-complete formula is a great alternative to skipping a meal because 00:03:01.440 --> 00:03:07.080 you just don't have the time. It's affordable at $2 to $4 per serving, and 00:03:04.920 --> 00:03:11.440 it comes in convenient no-prep formats with a ton of flavors available. Our 00:03:09.040 --> 00:03:15.000 favorite is chocolate. It has everything you would look for in 00:03:12.880 --> 00:03:18.440 a ready-to-drink meal. Even better, they stand by their mission of providing 00:03:16.480 --> 00:03:22.360 access to good food by giving back nearly 6 million donated meals. Check 00:03:20.880 --> 00:03:27.080 them out at the link below today, and the first 500 people to use this link 00:03:24.200 --> 00:03:31.640 and code TechQuickie30 will get 30% off their first order. One common 00:03:28.800 --> 00:03:35.240 misconception is that the HTTPS padlock means that you're connected to a site 00:03:33.360 --> 00:03:40.280 that you can trust with your personal information. This is definitely not the 00:03:37.960 --> 00:03:44.040 case. There are plenty of phishing sites whose appearance imitates the legitimate 00:03:42.280 --> 00:03:48.240 site, but you often can see up in the address bar that the URL doesn't match 00:03:46.440 --> 00:03:52.920 the site that you want, so their certificates get signed because the 00:03:49.920 --> 00:03:54.680 attackers do own that URL. They aren't 00:03:52.920 --> 00:03:58.760 trying to get a certificate for the real site, so look at the URL very closely if 00:03:57.440 --> 00:04:04.720 you suspect you're the target of a phishing attack. If you want to be really careful, check the certificate, 00:04:02.640 --> 00:04:08.640 too, as another kind of attack called DNS poisoning can even return a 00:04:07.080 --> 00:04:12.560 malicious website with a legitimate-looking URL. Another very 00:04:10.960 --> 00:04:18.440 important thing to remember is that HTTPS does not encrypt metadata, which 00:04:16.079 --> 00:04:22.920 includes URLs. This means that an attacker, network administrator, or ISP 00:04:21.120 --> 00:04:27.200 can still determine which sites you were visiting, and in certain circumstances, 00:04:25.040 --> 00:04:31.280 even which specific web pages, depending on how the server is configured. So, if 00:04:29.080 --> 00:04:35.440 you're visiting a site that's CD inappropriate during work hours, or 00:04:33.640 --> 00:04:41.000 whose URL could give away something personal, HTTPS alone won't cover you. 00:04:39.040 --> 00:04:45.560 But, there is some good news here. Encrypted DNS is gaining popularity, 00:04:43.600 --> 00:04:50.240 which, in layman's terms, means that the host names of the pages you're visiting 00:04:47.560 --> 00:04:54.040 would be encrypted, as DNS is the system that looks up the actual numerical IP 00:04:52.240 --> 00:04:57.680 addresses of the site addresses you punch in. This makes it significantly 00:04:56.080 --> 00:05:02.000 harder for an attacker to figure out what sites you were using. Encrypted DNS 00:04:59.800 --> 00:05:06.160 can be enabled in Windows, but not all DNS services support it, and it can be 00:05:04.440 --> 00:05:10.120 possible to deduce what sites you're visiting by looking at the IP addresses 00:05:08.400 --> 00:05:15.280 you're connecting to. But, just like HTTPS itself, it's meant to make life 00:05:12.480 --> 00:05:19.000 more difficult for snoops, not as a silver bullet to stop every kind of 00:05:16.920 --> 00:05:22.640 attack. If that existed, someone out there would probably have a fortune that 00:05:20.400 --> 00:05:26.880 would put even Daddy Bezos to shame. But, whatever the opposite of shame is, 00:05:24.560 --> 00:05:30.880 I'm giving to you right now for watching the whole video. Hey, thanks. Like it if 00:05:29.080 --> 00:05:34.680 you liked it. Dislike it if you disliked it. Check out our other videos. Comment 00:05:32.560 --> 00:05:38.640 below with video suggestions, and don't forget to subscribe and follow.