Chapter Five · How the Web Is Secured

Chapter 5: How the Web Is Secured

Every time Olivia opens a web page, her browser talks to a computer she will never see, often thousands of miles away. This chapter follows that conversation and asks two plain questions: can anyone in between read it, and is she really talking to who she thinks she is? The answers are the padlock, HTTPS, and the certificate behind it — and, just as important, the things they do not promise.

4 topics

Chapter 4 built the tools — encryption, keys, signatures, and trust. This chapter puts them to work in the one place every reader already lives: the web. You will see how the same ideas keep a page private as it crosses the network, and how they prove that the bank Olivia thinks she is talking to really is the bank.

Four topics, in order. First, the difference between HTTP and HTTPS and what that little padlock actually claims. Then certificates, and why trusting a website really means trusting a short list of authorities you have never heard of. Then the honest limits — what HTTPS protects and, crucially, what it does not. And finally cookies: the small notes that keep you logged in, and the same notes that let companies follow you around.

A secure web request: the contents are sealed, and the server proves who it is

Olivia opens a website

encrypted (HTTPS) — no one on the path can read or change the page

BrowserOlivia's device

Websiteproven identity (certificate)

The padlock is shorthand for both: the link is encrypted, and the site showed a valid certificate — but it does not say the site is honest.