Take a look at the URL bar in your browser window.
See the locked padlock icon?
That means you’re connected to us over a secure HTTPS connection. In other words, anything you share with us is encrypted so no-one spying on your connection can see or steal your data.
However, not all websites use HTTPS. Some continue to use the HTTP connection despite the higher risk of fraud, spying, and other cyberthreats.
Using open-source technology from HTTPS Everywhere, Brave forces HTTP connections (wherever possible) to upgrade to HTTPS without you lifting a finger.
What is HTTPS?
HTTPS is a secure version of HTTP (Hyper Text Transfer Protocol), the technology that allows you to establish a connection with a website and view its content.
HTTP sends and receives data in plain text (meaning anyone can read it), but HTTPS encrypts the data so no-one with access can read it. If you sent your name over HTTPS, for example, it would appear as a random sequence of letters, numbers, and other symbols.
HTTPS is especially important when exchanging sensitive information, such as credit card details or your home address, which is why you should always look for the little locked padlock icon in the URL (address) bar before entering sensitive or personal information.
HTTPS connections can also help prove a website is legitimate. Websites with HTTPS connections are secured using a digital certificate called an SSL (Secure Sockets Layer). SSL certificates come in three different types:
- Domain SSL
This is the most basic certificate, and to get one all the website needs to do is prove it owns the domain (the web address or URL). You’ll see a locked padlock and HTTPS in the URL bar.
- Organisation SSL
This is a little more involved, as the organisation has to prove it’s the owner of the domain and that it’s the legal owner of the business. Again, you’ll see a locked padlock and HTTPS in the URL bar.
- Extended Validation SSL
This is the most advanced certificate. Not only will you see a locked padlock and HTTPS in the URL bar.
To find out more about the SSL certificate on a website, click the locked padlock in the URL bar and you’ll discover the type of certificate they have, when it expires, the encryption used to protect your data, and lots more.
Why is HTTPS important?
HTTPS protects you in three different ways:
- It stops anyone from stealing your data and defrauding you.
- It stops anyone from spying on you.
- It ensures you only access genuine websites (assuming you only send data to sites with an Organisation or Extended Validation SSL certificate).
Your wifi or wired internet connection might be protected, but this layer of security isn’t 100% foolproof. A determined hacker might break this barrier, and if you share data over HTTP, they’ll see everything in plain text, making it easy to exploit.
Public wifi spots, such as those found in cafes, restaurants, and airports, put you at even greater risk. Anyone with basic hacker know-how can break an open connection, so if you’re sending sensitive information to HTTP sites in your local coffee shop, you could become a victim of cybercrime.
But if you access your favourite websites over HTTPS, the data you share is encrypted. No-one can read the data except for your browser and the website with which you have the connection. This gives you peace of mind knowing your data is both private (your ISP or the government will have a hard time knowing what data you share) and secure (no-one can steal your data and defraud you).
How does Brave upgrade sites to HTTPS?
When you visit a site over HTTP, Brave first checks if that site has an HTTPS version of the page you’re trying to visit. If one exists, Brave will display the HTTPS version, ensuring you’re not exposing your data in any way.
As discussed above, HTTPS sites are validated by their SSL certificate. If they don’t have an SSL certificate, then Brave won’t force the upgrade (doing so might result in problems displaying the page).
Are all HTTP connections bad?
Not really. It only matters if you’re going to send personal information. A lot of websites only use HTTPS on payment or registration pages, for example.
But HTTP does make browsing more complicated than it should be. Why should you have to check each webpage you visit to see if it has the little locked padlock? What if you forget? Wouldn’t it be easier if the whole web was HTTPS?
The answer is yes, but it won’t happen soon. Although the number is growing, so far only 43.7% of websites use HTTPS by default. Until then, download and install Brave so you can spend more time enjoying the web than worrying if your connection is secure. And to be extra safe, always check for the locked padlock before entering any personal information.