Does HTTPS REALLY Keep You Safe?
0 up · 0 down · 0 ratings
Promos
Check out Soylent at the link below! And the first 500 people to use this link and code TECHQUICKIE30 to get 30% off your first order! bit.ly Learn about HTTPS - what it does, what it doesn't do, and whether it REALLY keeps you safe. Leave a reply with your requests for future episodes. ► GET MERCH: lttstore.com ► LTX 2023 TICKETS AVAILABLE NOW: lmg.gg ► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg ► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg FOLLOW US ELSEWHERE --------------------------------------------------- Twitter: twitter.com Facebook: @LinusTech Instagram: @linustech TikTok: @linustech Twitch: twitch.tv
HTTPS is a foundational web security protocol, and the video opens by framing what HTTPS does and does not protect. It explains that HTTPS encrypts the content between your device and the website server, safeguarding private messages, payment data, and the videos you watch from eavesdroppers on the same network or a monitored connection. The host then dives into how certificates and certificate authorities validate that you are talking to the intended site, highlighting the role of trusted authorities and the padlock icon as a cue, while noting that self-signed certificates can still encrypt traffic but lack a trustworthy verification chain. The discussion covers the historical cost barrier to certificates, the rise of free options like Let's Encrypt, and how browser warnings helped accelerate adoption, though users should still inspect the address bar for plain HTTP or mismatched URLs. A key part of the video focuses on common misconceptions, including the idea that a padlock means complete privacy, and it clarifies how phishing sites can mimic legitimate ones and how DNS and URL metadata can still leak information. The presenter also flags DNS poisoning as a separate attack vector and then transitions to emerging protections like Encrypted DNS (DNS over HTTPS) and the Encrypted Client Hello concept, noting that these measures are not universal or foolproof and that HTTPS is not a silver bullet. The host closes by acknowledging the complexity of the topic, and emphasizes ongoing improvements and careful verification, inviting viewer feedback and future topic requests. Overall, the video aims to balance an accessible explanation with practical cautions about what HTTPS can and cannot guarantee, while hinting at broader network-layer privacy improvements on the horizon.
Topics · cybersecurity · privacy · internet-security · encryption · networking
Questions answered
- What does HTTPS protect and what does it not protect in a typical web session?
- HTTPS primarily protects the content of the data transmitted between your device and the website by encrypting it, preventing eavesdropping on that content. It does not hide which websites you visit or the URLs you request in all cases, and it does not guarantee that the site you are connected to is legitimate if the certificate is issued to a different site or if phishing is involved.
- What role do certificate authorities play in HTTPS, and why are free certificates important?
- Certificate authorities sign certificates to prove that the website you are connecting to actually controls the domain, enabling the browser to trust the site and display the secure padlock. Free certificates, such as those from Let's Encrypt, lowered the barrier for adoption, helping HTTPS become widespread more quickly.