Solution
That ‘Not Secure’ text is simply a notification from your browser that the webpage or website is using HTTP, rather than HTTPS. This is also reflected in the URL prefix of a website, for example https://osxdaily.com vs http://osxdaily.com
The “Not Secure” message is not an indication of any change in device security. In other words, the device and website is no more or no less secure than it was before you started to see the 'Not Secure' message. By seeing the 'Not Secure' message you are simply being informed by your browser that the website or webpage being visited is using HTTP rather than HTTPS, or perhaps that HTTPS is misconfigured at some technical level.
HTTP stands for HyperText Transfer Protocol and has been the standard web protocol since the beginning of the web. By default, HTTP does not encrypt communication to and from the website.
HTTPS stands for HyperText Transfer Protocol Secure, and until recently was mostly reserved for websites where encryption matters, like with an online banking website, or anything where submitting sensitive data to and from a web site should be encrypted. When a website is using HTTPS properly it means the communication to and from the website is encrypted.
Because browsers now show the 'Not Secure' text in the address bar of HTTP pages, it’s likely that more and more webpages will start moving to HTTPS simply to avoid any confusion for site visitors. Moving to HTTPS from HTTP is a technical process, so while many websites will have moved to HTTPS already others have not yet done so and remain on HTTP.
'https' is vitally important for sites handling financial information, such as banks, because the 'https' protocol encrypts passwords all the way from your keyboard right through to the server. So if you're on a coffee shop WiFi, for example, a crook or hacker could read the bank password you send to the bank to sign-on if your bank used 'http', because 'http' does not encrypt the original password message you send from your computer to the WiFi station: once you are signed on to the bank, then your traffic is encrypted and you're safe, but the initial password is sent before encryption begins. With your username and password, the hacker can therefore sign on to your bank pretending to be you (but only if your bank has not implemented a secondary check).
'https' solves this problem by encrypting your password every time you send it, and thus with 'https' a hacker can't read the password you send to the coffee shop's WiFi, so the hacker has no way of pretending to be you, other than by guessing your password.
We're not in this business. There are no cases where you need a password to interact with our site, so there are no vulnerabilities that are even remotely in the same league as with a bank. All a hacker would see if he intercepted your traffic is that you're looking at our site.
We will move our site to 'https' in time, just to be at the leading edge when it comes to security. But the process takes time and money. As an all-volunteer group, we have an excess of neither.
Was this article helpful?
yes /
no