Browsers are suffering from paranoid or we..???
By MYBRANDBOOK
If, for any reason, you need to observe your tracks while you are browsing the web on your desktop, you have plenty of options to keep anonymous. Thanks to Mr. Orbot, Android users, too, have a splution to use the Tor network to anonymise their web browsing sessions and avoid being monitored. Now, thanks to Onion Browser ($0.99), iPhone and iPad users also finally get an easy option to tunnel their web traffic through the Tor network.
Now a days each and every browsers are trending to be equipped with exactly on demand features. There are bookmarks or easy access to search, and after all for advanced feature like remember password, block cookies etc. are driven by cookies (temporary storing data in a Virtual medium), enable user agent spoofing on the same IP and machine. As world wide web trafic is on action, and all these browsing activities should channelise through a secured transport layer, which is called secured socket Layer (SSL) and is a part of dedicated HTTPS mechanism, so that easily we can’t be monitored publicly.
At the same time, the security issues and challenges for Financial and Govt. transactional data including BIG-DATA/FAT-DATA has long been common practice online. More recently, all the browser applications are pushing to encrypt all World Wide Web traffic. Google search, Wikipedia, Facebook,Twitter etc. and are now using HTTPS default but practically migrating from HTTP to HTTPS can be experienced as a major technical and Financial challenge, an imposed concept for security of transformed data ....." A trend of paranoid approach of all major Browsers".
The web browser is an application software for retrieving and presenting web informations or resources from server on world wide web. The information resource is identified by a Uniform Resource Identifier/Locater (URI/URL) that may be a web page, image, video or other piece of content. Hyperlinks present in resources enable users easily to navigate their browsers to related resources.
In cyber world HTTP is an adaptation of the Hypertext Transfer Protocol (HTTP) for non- secure communication over a computer network. In HTTPS, the communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.And hence HTTPS = HTTP over TLS, or HTTP over SSL.
You may have noticed that when you visit certain sites, such as https://www.google.co.in, browsers like Google Chrome display a little green padlock and the words "Secure" next to the address. That icon means that the site uses the encrypted web protocol HTTPS instead of plain old unencrypted HTTP.You might also notice the words "Not Secure" next to an address in Chrome–typically when you're asked to enter a password or credit-card number on a site that doesn't use HTTPS to protect your information. Starting in October 2017, Google will display the "Not Secure" warning more often according to a blog post published today by Chrome security product manager Emily Schechter. Now a days when you visit a site that uses plain HTTP, Chrome displays an icon of the letter "i" in a circle.
(Clicking on the "i" reveals a warning, "Your connection to this site is not secure.") and hence Google is here notifying his users for its Search Console tool that a forthcoming version of Chrome will display warnings or error when users are asked to submit any information over an unencrypted HTTP connection–not just passwords and credit cards. That means if you enter search terms on a site that doesn't use HTTPS, or type your email into a newsletter subscription form that isn't encrypted, you'll see a "Not Secure" notice. Users of Chrome's Incognito mode will see the warning when visiting any website that doesn't use HTTPS, even if it doesn't have any forms or fields. And that's just the beginning.
"Eventually, we plan to show the 'Not secure' warning for all HTTP pages, even outside Incognito mode," Emily Schechter, a member of the Chrome security team, wrote in a blog post.For the most part, this is a good thing, because it will push more websites to adopt HTTPS. Now there are many question are getting raised on weather HTTPS is 100% secure and secondly, is it a conspiracy to earn extra dollar to the companies into the business of HTTPS ?
The major motivation behind HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data. It protects against middle-man attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication. But in practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor. As soon as connection is established, both parties can used agreed algorithm and keys securely to send messages, each other.
Technically we can summarise that : ( In Box)
- In HTTP, URL begins with “http://” whereas URL starts with “https://”
- HTTP uses port number 80 for communication and HTTPS uses 443
- HTTP is considered to be unsecure and HTTPS is secure
- HTTP Works at Application Layer and HTTPS works at Transport Layer
- In HTTP, Encryption is absent and Encryption is present in HTTPS as discussed above
- HTTP does not require any certificates and HTTPS needs SSL Certificates
The SSL layer serves for two main purpose :
- It is confirmed after using HTTPS you are connecting a Secured Server via a secured tranformation channel.
- It also ensures that only server reads the data you sent over network. No else can read it.(No concept of Middle-Man)
When an SSL connection between client and server is established then:
- It is sure that right-client is talking to right-server
- Both parties have agreed on a 'cipher' which includes which encryption they will use to exchange data.
- Both parties should agree key for this encryption/decryption algorithms.
Customer informations, like credit card numbers, is encrypted and cannot be intercepted.Visitors can verify you are a registered business and that you own the domain as well as customers are more likely to trust and complete purchases from sites that use HTTPS but in realtime analysis it is clear that the protocol(HTTPS) itself not perfect and depending on a virtual transport layer, and hence though it does help to protect your privacy and helps ensure that you're viewing the page you intend, and it can never meant you to stop into downloading malware. Google's move will resonate because Chrome is the most popular browser.
Web security due to FireSheep network-sniffing tool made it easy for anyone to detect your login info over insecure networks - your local coffeeshop's hotspot or public Wi-Fi at the library. That prompted a number of large sites to begin offering encrypted versions of their services on HTTPS connections.
Lately, even sites with fat-data like Twitter are nevertheless offering HTTPS connections. You might not mind anyone sniffing and reading your Twitter messages en route to the server, but most people don't want someone also reading their username and password info. That's why Twitter recently announced a new option to force HTTPS connections.But the limitation is that Twitter's HTTPS option only works with a desktop browser, not the mobile site, which still requires manually entering the HTTPS address.
In BOX : Google also announced it will add HTTPS to many of the company's APIs. Firefox users can go a step further and use the HTTPS Everywhere add-on to force HTTPS connections to several dozen websites that offer HTTPS, but don't use it by default.
So, the cyber world is moving toward more HTTPS connections, why not just make everything HTTPS ??? This question remain unanswered.
That's the question !!!There are some practical issues most web developers are probably aware of, such as the high cost of secure certificates,high cost to be public(SEO Activities) but obviously that's not as much of an issue with large web services that have millions of dollars.
The real problem, is that with HTTPS you lose the ability of cache.The developers really love it and now a days all users are also very much comfortable for low loading time. When we assume any BIG-DATA or FAT-DATA web interfaces like Twiter, Facebook, Linked-In, then without cache....NO SERVICE OPTION FOR SORTER LOADING TIME. !!! Also concept of Ranking & SEO activities will be impacted with small performance hit when using HTTPS, since "the SSL initial key exchange adds to the latency."
In other words, a purely security-focused, HTTPS - only web is possible, with today's technology but will be slower and cost effective.
For sites that don't have any reason to encrypt anything – in other words,If i am a book seller I will always need that all of my data should be public (Must be on HTTP), so that each user can download my contents easily without log in.So there's nothing to protect – the overhead and loss of caching that comes with HTTPS just doesn't make sense. However, for big sites like Facebook, Google Apps or Twitter, many users might be willing to take the slight performance hit in exchange for a more-secure connection. And the fact that more and more websites are adding support of HTTPS shows that users do value security over speed, so long as the speed difference is minimal.
We can also assume the cost of operations owing to Requirement of a High speed server, and implementations of optimised SSL, it still costs more than doing plain HTTP,"
Perhaps the main reason most of us are not using HTTPS to serve our websites is simply that it doesn't work with virtualisation. Virtual hosts, which are what the most common cheap web-hosting providers offer, allow the web host to serve multiple websites from the same physical server – hundreds of websites all with the same IP address. That works just fine with regular HTTP connections, but it doesn't work at all with HTTPS. Although there is a way to make virtual hosting with HTTPS work together by using the TLS Extensions protocol – it's only partially implemented and hence, HTTPS isn't going to work for small, virtually hosted websites.
Then why browsers are forcing to adopt HTTPS over HTTP.....???
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
ZOHO CORPORATION PVT. LTD.
WIPRO LTD.
NUMERIC INDIA, A Group Brand Legrand
ALPHAMAX TECHNOLOGIES PVT. LTD.
Icons Of India : NEERAJ MITTAL
He started his career as an IAS Officer in 1992. He has held various a...
Icons Of India : ALOK OHRIE
Alok Ohrie leads Dell Technologies’ India business, overseeing Sales...
Icons Of India : PRATIVA MOHAPATRA
Prativa is a transformational leader with an incredible breadth of exp...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
CERT-IN - Indian Computer Emergency Response Team
CERT-In is a national nodal agency for responding to computer security...
Indian Tech Talent Excelling The Tech World - Vinod Dham, Founder & Executive Managing Partner, IndoUS Venture Partners
Vinod Dham, known as the “Father of the Pentium Chip,” has left an...
Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp
George Kurian, the CEO of global data storage and management services ...
Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems
Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...