Understanding the "Not Secure"

Before clicking "Advance and proceed" for any such websites with "Not Secure" in the address bar, just give it a second thought..!! Through this article, I want our readers to be aware of the risks involved in accessing such websites or URLs to enable them to make more secure web choices.

Many times while browsing any website we all must have come across an error stating "Your connection is not private". This error simply signifies the absence of any security protocol or measures being followed while making a connection to this website's server. In plain words, it simply means your communication with the server is totally transparent or accessible to any hacker who can intercept your network traffic and can read or modify your messages easily.

To avoid this scenario, there are certain security protocols like SSL/TLS (Secure Sockets Layer/Transport Layer Security) which enables encryption for a website's network traffic. To enable these, the website owners need to purchase a certificate that comes at a decent cost and requires timely renewals. Most of the trusted websites understand the risks and bear this cost, for example, any banking, insurance, or financial services-related websites. Your interaction with these websites is completely encrypted by using private and public keys (as part of SSL/TLS protocol) and hence it is secured. Any hackers trying to intercept your network messages, won't be able to comprehend your messages as they do not have the private key, which is lying solely on the server.

When a client tries to access a secured website by TLS protocol, as a first response from the server, they are given the certificate and public key. Then the client browser uses this public key to encrypt all further outgoing messages to the server which can only be decrypted by the server's private key. Similarly, the server's responses are encrypted by its private key which is decrypted by the client's public key. This ensures that all communications are secured and are not vulnerable to any malicious attacks.

Sometimes, we come across certain situations or websites and it's almost inevitable to click on "Advance and proceed" to access their content. Some genuine businesses might not be willing to bear the excess hosting cost and their website hostings might not be equipped with SSL/TLS certificates. We just need to be extra careful while interacting with such websites not to provide any sensitive data like personal Id details, bank account details, credit card details, passwords, etc. The next time you come across any such websites, just take a pause and think, "do I really need to access the content of this website?". Also, evaluate how well you trust the business or organization whose website you are trying to access. If you feel it's not trustworthy or you smell something fishy about it, you should better refrain from going any further.

I hope this article could help you understand the risks involved in accessing "Not secure" URLs and can enable you to make safer browsing decisions.