HTTPS everywhere to use it or not?

[claymonet112]

My understanding is HTTPS everywhere encrypts connection between computer and website. But why would I need to care if google news site connection is encrypted? Besides I am already using VPN which encrypts all of my traffic.
To use it or not then?

 

[arnydnxluk]

But why would I need to care if google news site connection is encrypted?

There are many reasons.

The biggest overlooked reason is to prevent "man-in-the-middle" attacks. If Google News runs over plain HTTP, then anyone between your system and the website can intercept that connection. This could be used to change the content you're seeing (perhaps feed you "fake news"), or inject malware, ads etc into a website.

As a website owner, you want to ensure the content you publish is exactly the content your visitors download. As a website user, you want to ensure the content you're downloading is exactly what the website owner published. HTTPS helps to ensure this, it's good for all parties.

Besides I am already using VPN which encrypts all of my traffic.

The VPN encrypts the traffic between your computer and the VPN server. This is really helpful to stop your ISP or wifi provider from being able to intercept your connections. It doesn't stop your VPN provider or any party "after" the VPN provider (i.e. between the VPN server and the website) from being able to intercept your traffic. HTTPS is still very important.

To use it or not then?

Always use HTTPS where possible, use a VPN too.

 

[KM-Tiger]

Your question makes no sense.

You using a VPN has nothing to do with visitors to your website connecting via https.

 

[HostXNow]

In short, use a VPN as much as you can and make sure all pages on all your websites load via https. Doing so can increase security and performance.

 

[claymonet112]

Thank you guys. I researched about this problem and now I totally understood the problem.

 

[Calvin Crane]

If you are looking for new hosts then always check that you can get https often free, free options now exist and run very well, the letsencrypt project should be awarded as group of people helping the web become 'https everywhere'. Before letsencrypt the cost of buying a certificate was something.

I think the other main issue with non https (http) is that forms sent sometimes people send credit card data can be intercepted.

The other benefit of https is that it often comes with http2 opportunities which have a speed benefit among others. It's just really good to get https.

 

[astutiumRob]

But why would I need to care if

It (theoretically) prevents the "naughty people" from seeing the data, so limiting access to those gov'ts and hackers with the deliberate backdoors and other exploits - hopefully reducing MITM< attacks

There are other side-effects (which is why google pushes it so much) like you getting little-to-no useful data in server logs, so you have to install their spyware onto your sites to get details about how your clients are finding you.

There are lots of pros and cons, but the "forcing" of it by browser authors is about revenue/control rather than safety (and may be an issue as 2/3rds of sites/servers/systems cant do SNI or similar) - sadly this'll mean so many sites you go to will popup a message in chrome, you'll just get "trained" to ignore it, which ultimately will weaken security overall.

 

[kevinof]

Just to add to the really good comments above , also bear in mind that if you don't have HTTPS enabled on your website, Google will not think kindly of you and it will impact your ranking in search results.

 

[Breffni Potter]

You know that there are some VPN providers who are happily stealing your data and selling it on right? Who are you using for a VPN and do you trust them.

In short, use a VPN as much as you can. Doing so can increase security and performance.

Yes, VPNs are good but which VPN provider are you using? Who has access to your traffic? Who is running a HTTPs intercept to de-crypt your details as it passes through their servers?

 

[arnydnxluk]

You know that there are some VPN providers who are happily stealing your data and selling it on right? Who are you using for a VPN and do you trust them.

Absolutely agree on this, I have never been one to trust those commercial VPN providers, although that's another good reason to *always* use HTTPS and other secure means of communication.

Who is running a HTTPs intercept to de-crypt your details as it passes through their servers?

Well hopefully you haven't fiddled with your trusted root certs... if you have then I guess you're in trouble VPN or not!

 

[Breffni Potter]

I actually went and wrote a blog post on this topic because I could not believe the insanity reccomendations flying around to just use any VPN for privacy. I can't post links yet, click my profile, then look at the blog post.