Browsing the web using password-less public Wi-Fi is much safer than it has been in previous years.
This is according to the Electronic Frontier Foundation, which said that the prevalence of HTTPS encryption has made using the Internet on public Wi-Fi connections far more secure.
In the earlier days of the Web, many HTTP websites were exposed to “sniffing”, whereby malicious actors could intercept and read data packets to view the contents of communication such as emails.
These unsecured sites further allowed hackers to steal user passwords and login details.
Firesheep and Google convince site owners
The Foundation said the rise in HTTPS adoption can be attributed to the 2010 release of Firesheep, an easy-to-use demonstration of “sniffing” over insecure HTTP in which security researcher Eric Butler showed how an attacker could take over people’s accounts.
The demonstration persuaded many site owners and administrators to encrypt all the web pages on their sites with HTTPS.
Additionally, Google implemented HTTPS by default for Gmail in that same year and said that the costs involved were relatively low.
To deploy HTTPS, however, still required the purchase and installation of a certificate file needed to set up HTTPS.
The Foundation helped launch the Let’s Encrypt platform and wrote the Certbot client, which provided webmasters and administrators with free certificates.
Today, 92% of web page loads in the US use HTTPS, while in less-developed countries, like India, the rate is at about 80%, the Foundation said.
Visited sites still open
It is important to note that although HTTPS guards the content of your browsing activity, metadata could still be open to parties along the communication line.
The applicable ISP, Internet backbone provider or the site’s host can still see which domains you visit, although they will not be able to see the particular content you view.
Other individuals who are within range of the Wi-Fi connection could also be privy to this information.
The Foundation added that it is important to keep the software on your computer or phone up to date, as security bugs could also be exploited over a network connection.
To confirm whether the site you are visiting is HTTPS-encrypted, check the address bar for the lock logo or click on the URL to see if it is prefaced with “https”.