HTTP vs HTTPS
When you learned about safety on the internet, one of the primary lessons was about HTTPS. It has become clear that many people still haven't yet come to grips with the changes that took place in 2018 on how browsers display HTTP sites, and I must confess the new change in how Google's Chrome browser is handling HTTPS on the PC made me think that my browser was infected infected with some kind of malware. It is time for us to update our notions about HTTP and HTTPS.
BROWSER
A browser is the program or app that you are using to navigate your way around the internet. Edge, Firefox, Google Chrome, Google, Opera, Safari, Samsung Internet, and Silk are some of the better known browsers.
URL
Uniform Resource Locator refers to the web address and the box on the browser that displays the web address. A website name is registered with a domain service, and it points to a specific address. So instead of having to remember a complicated address like 2706:f8b0:4008:80a::200e you just type in google.com into the URL box.
google.com [2607:f8b0:4008:80a::200e]
mail.google.com [2607:f8b0:4002:c03::11]
vrcc.info [199.34.228.74]
google.com [2607:f8b0:4008:80a::200e]
mail.google.com [2607:f8b0:4002:c03::11]
vrcc.info [199.34.228.74]
HTTP
HTTP stands for Hyper Text Transfer Protocol. Up until recently HTTP had an open lock preceding the http:// in the URL box. In recent years mostbrowsers have been replacing that open lock with the words “Not Secure”, "Unsecure" or simply a triangle with an exclamation mark in the center. The way the URL is displayed varies depending on the browser and the type of device being used. When the computer clubs website, VRCC.INFO started displaying “Not Secure” in the URL box, many of our members were sure that this meant unsafe. You never want to enter any kind of personal information on a site that displayed “Not Secure” because the information is transmitted in plain text and could be intercepted and you are not absolutely sure you are on the site displayed in the address. The computer clubs website doesn't ask for any information, it is purely to provide you information. Because of the fear that Unsecure engendered, I went about getting a security certificate for VRCC.INFO. I was dreading it, because 25 years ago when I was involved in getting a security certificate from Verisign, it involved a credit checks, background checks, huge fees and satisfactory completion of 40 hours of computer based training. Imagine my surprise when, 25 years later, all I had to have was the ability to upload a file to our website that was sent to me via a gmail account.
HTTPS
HTTPS stands for Hyper Text Transfer Protocol Secure. Secure does not mean the site is safe or trustworthy. Although the S stands for Secure I have always preferred to use Scrambled instead of secure, to indicate that the data is encrypted while it travels to and from your computer to the website to protect it from eavesdropping. These days most phishing sites that are trying to steal your data also have an HTTPS designation.
The other thing HTTPS does is the certificate authority to ensures that you that you are on the website displayed in the URL box. Back in the day malware would change some settings in the user's PC to change a DNS table that would cause you to go to a different site than the one you had entered. It was very common for people to come in to the lab, and the Google.com page, was a fake. All of their searches were through a malicious site.
A closed lock icon has been the visual indicator that an HTTPS connection has been made. Since September of 2023, Chrome no the desktop longer displays the lock, nor the words HTTPS:// in the URL box, it just displays the web address if an HTTPS connection has been established. Google's study has shown that people think secure means safe. In the olden days, when HTTPS was rare, expensive and computing power was limited, you only saw HTTPS on financial institutions, checkout sites where you had to enter your credentials, login pages, so it is not surprising that people that learned about HTTPS thought it meant safe. Now a days HTTPS is everywhere. Your entire session with a website is encrypted, not just the page where you login or checkout.
The other thing HTTPS does is the certificate authority to ensures that you that you are on the website displayed in the URL box. Back in the day malware would change some settings in the user's PC to change a DNS table that would cause you to go to a different site than the one you had entered. It was very common for people to come in to the lab, and the Google.com page, was a fake. All of their searches were through a malicious site.
A closed lock icon has been the visual indicator that an HTTPS connection has been made. Since September of 2023, Chrome no the desktop longer displays the lock, nor the words HTTPS:// in the URL box, it just displays the web address if an HTTPS connection has been established. Google's study has shown that people think secure means safe. In the olden days, when HTTPS was rare, expensive and computing power was limited, you only saw HTTPS on financial institutions, checkout sites where you had to enter your credentials, login pages, so it is not surprising that people that learned about HTTPS thought it meant safe. Now a days HTTPS is everywhere. Your entire session with a website is encrypted, not just the page where you login or checkout.
Root Domain Name

The ability to read a URL and pick out the DOMAIN is one of the most important skills you need for working on the internet. Having an HTTPS connection to the correct domain is crucial for any kind of financial transaction that requires credentials. Unfortunately more than half of the people in our community don’t know how to find the domain and are sitting ducks for cyber criminals. Heck none of the highly technical books I read back in the 90's and early 00's on how to create websites discussed URL's that contained subdomains or that ended in a folder name.
The Root Domain appears immediately before the FIRST SINGLE SLASH ( / ) in the URL.
The complete URL for this page is https://www.vrcc.info/http_vs_https.html
After finding the first single slash, you start reading backwards. Our top domain level is .info for an informational site. Our root domain name is vrcc.info.
Typically in the U.S. we will see .com, .net, .info, .org, .gov, .edu. A big company usually pays to register their domain name in several top level domain registrars, to avoid the type of problems that arrises with Vista Royale Computer Club (vrcc.info), the VRCC Veterinary Clinic (vrcc.com) , and the Valkyrie Riders Crusiers Club (vrcc.org). This is not really feasible now that there are close to 2000 top level domain names.
Sometimes you will encounter a 2 letter country code right before that first slash (/) in the URL. In that case the root domain will have 3 parts and you will need to go back one more period (.) to dig out the root domain. For example this is amazon in the United Kingdom.
https://www.amazon.co.uk/
The Root Domain appears immediately before the FIRST SINGLE SLASH ( / ) in the URL.
The complete URL for this page is https://www.vrcc.info/http_vs_https.html
After finding the first single slash, you start reading backwards. Our top domain level is .info for an informational site. Our root domain name is vrcc.info.
Typically in the U.S. we will see .com, .net, .info, .org, .gov, .edu. A big company usually pays to register their domain name in several top level domain registrars, to avoid the type of problems that arrises with Vista Royale Computer Club (vrcc.info), the VRCC Veterinary Clinic (vrcc.com) , and the Valkyrie Riders Crusiers Club (vrcc.org). This is not really feasible now that there are close to 2000 top level domain names.
Sometimes you will encounter a 2 letter country code right before that first slash (/) in the URL. In that case the root domain will have 3 parts and you will need to go back one more period (.) to dig out the root domain. For example this is amazon in the United Kingdom.
https://www.amazon.co.uk/
SUBDOMAIN
https://amazon.fakesite.com/
https://amazon.fakesite.com/
Because we are trained to read left to right, criminals will often use a familiar domain name as a subdomain, relying on you not realizing that you need to read the first single slash and start reading working your way back to the left.
FOLDER
https://fakesite.com/amazon/
https://fakesite.com/amazon/
As mentioned before, anything after the first single slash is totally unregulated. Anything to the right of the first single slash are just folders and documents. In the example above, amazon is just a folder name taking you to the server's default document type.
HYPERLINKS
Hyperlinks (links) make it easy to navigate the web. Hyperlinks in emails can be especially dangerous. We often caution people not to click on links in emails from unrecognized senders. The problem is that scammers impersonate your friends or companies you do business with to trick you into clicking.
Navigation links are made up of display text and a target URL. The text portion that is displayed may have nothing what so ever to do with where the link is actually going to take you. If you make a habit of viewing the URL in links and understanding where it is taking you it will help you stay out of trouble.
On a PC when the mouse pointer is over a hyperlink, the hyperlink hand appears and the PC to display the destination URL. The location of that URL varies by application on a PC. On any browser the standard place to display this information is in the lower left hand corner. In other PC applications like an email client, the application will display a text box close to the hypertext hand.
On a mobile device there is no hover, the way to get the destination to display by doing a long press on the link.
Navigation links are made up of display text and a target URL. The text portion that is displayed may have nothing what so ever to do with where the link is actually going to take you. If you make a habit of viewing the URL in links and understanding where it is taking you it will help you stay out of trouble.
On a PC when the mouse pointer is over a hyperlink, the hyperlink hand appears and the PC to display the destination URL. The location of that URL varies by application on a PC. On any browser the standard place to display this information is in the lower left hand corner. In other PC applications like an email client, the application will display a text box close to the hypertext hand.
On a mobile device there is no hover, the way to get the destination to display by doing a long press on the link.