VPN vs. HTTPS: Differences & Why You Need Them Both
VPN and HTTPS share a common trait, in that they both secure your data using encryption. However, the main difference between VPN and HTTPS is that the latter only covers your browser connections. And that’s if websites actually implement the technology to begin with. According to SERPWatch, 5% of all websites on Google still use unencrypted HTTP.
A VPN encrypts all your network traffic, including third party apps and HTTP traffic. Moreover, VPNs let you change your IP location to different parts of the world. Not only can you bypass censorship this way, but you also gain access to geo-blocked content. VPNs also mask your true IP address so services and other users can’t see your exact location.
In the end, you should be using VPN alongside HTTPS. They both complement each other in different ways, which we’ll explore in more detail down below.
What is HTTPS?
HTTPS stands for HyperText Transfer Protocol Secure. The protocol lets you transfer information securely between your browser and the websites you use on a daily basis.
This includes downloading website content, logging into services, making online payments, and more. HTTPS offers solid protection against hackers and other snoopers, so they can’t read your passwords, account, and payment data.
Early HTTPS used SSL (Secure Sockets Layer) to encrypt said data. Nowadays, the technology has been upgraded to use TLS (Transport Layer Security), which is faster and more secure.
How Do You Know if a Website Uses HTTPS?
It is easy to tell if the website uses HTTPS just by looking at the URL – it either starts with “http” or “https”. In all modern browsers such as Firefox, Chrome or Safari this is indicated by the lock symbol next to the address bar.
Some browsers also display a security warning before accessing HTTP-only websites. Otherwise, you might notice a crossed-off padlock symbol (or the text “Not secure”) in the address bar. That’s because any sensitive data you enter into such a site can be monitored by anyone, especially cyber attackers.
VPN stands for Virtual Private Network and has two primary functions. First, VPNs reroute all your traffic through an encrypted tunnel to (and from) a VPN server. It’s then decrypted and sent off to the website through TLS (or whichever protocol the service uses).
A VPN protects you from anyone that may be spying on your connection, such as hackers on public Wi-Fi. The same applies to ISP’s looking to sell your browsing and location data to ad networks. Better yet, a VPN can keep your browsing private from anyone else using the same network. Say, family members, co-workers, or guests using your home Wi-Fi.
Second of all, VPNs mask your true IP address and assign a different one based on the server you connect to. For example, a user in France can obtain a US IP address to watch American Netflix. Similarly, people living in more restrictive regions (such as China) can connect to a different region to evade censorship.
VPN vs. HTTPS: Differences and Similarities
First, let’s quickly get the few similarities out of the way:
- Both technologies use encryption (albeit different types).
- Both VPN and HTTPS transport your data securely over the Internet.
Now, the differences between the two are more substantial. Here they are:
- HTTPS only secures browser traffic. Meanwhile, a VPN encrypts all internet traffic from the device (torrents, apps, downloads, DNS requests). Moreover, a VPN adds encryption over HTTP connections up until your data reaches the VPN server.
- VPNs use more advanced forms of encryption for better security overall.
- HTTPS is set up server-side, meaning you have no control over whether your connection is encrypted or not. VPNs give you more choice. For example, you may choose not to encrypt your VoIP calls or gaming sessions for a slight speed boost.
- A VPN changes your IP, masks your location, can unblock content and circumvent censorship, while HTTPS can’t do any of that.
- HTTPS ensures the authenticity of a website with the help of an SSL (or TLS) certificate from a trusted authority.
- VPNs hide your browsing and other activities from third parties and your ISP. On the other hand, HTTPS lets your ISP see the domains you visit. For instance, they can see you’ve accessed yourbank.com, but not your account or password.
Now that we have more context into both technologies, here comes the question you’ve been waiting for. Which is better, a VPN or HTTPS? Well, overall we’d say VPNs are the clear winner here. Not only can they secure all your traffic, but they usually come with better encryption. Plus they have full unblocking capabilities, and can change your IP address.
The truth is, though, this shouldn’t be a competition in the first place. VPN and HTTPS go hand in hand very nicely, as we’ll see in the next section.
HTTPS + VPN: Why You Need Them Both
Here’s why you need to use a VPN alongside HTTPS:
- You get double encryption when visiting HTTPS websites. Fortunately, VPN protocols (such as OpenVPN or WireGuard) do not clash with SSL / TLS encryption.
- HTTPS keeps your sensitive info secure as it travels to and from the VPN server. After all, your data is decrypted once it leaves the VPN server, so the receiving website can actually access the info you send in.
- HTTPS uses SSL / TLS certificates to prove a website is legitimate. For the most part, VPNs only encrypt your data and change your IP. Although, some providers (such as NordVPN) have built-in phishing and anti-malware protection.
- That said, malicious websites can use HTTPS too. According to APWG, almost 90% of phishing websites have an SSL certificate installed. As mentioned above, some VPNs can protect you from phishing attempts as well.
- You can encrypt way more with a VPN vs. HTTPS. Torrent clients, games, mobile app data, DNS requests (which your ISP can see over HTTPS), and so on.
- Not every website uses HTTPS. Improper SSL / TLS configurations may also expose your data to man-in-the-middle attacks and other threats. Fortunately, a VPN can pick up the slack where HTTPS slips up.
- VPNs hide your IP address and come with full unblocking capabilities. HTTPS has no control over your IP or what content you can access online.
Technologies That Provide Secure Access to Websites
HTTPS and VPN aren’t the only two ways to secure your access to the web. Here are some other methods that can boost your security:
Improper configurations of HTTPS are vulnerable to downgrade attacks. This means hackers could force your connection to use a weaker version of the TLS protocol, or even use HTTP. Naturally, that would allow attackers easier access to your sensitive data.
HSTS (HTTP Strict Transport Security) is a web policy that forces browsers to only use HTTPS when you interact with the website. As an added benefit, HSTS can protect against HTTP cookie hijacking attacks as well. Naturally, this policy needs to be correctly implemented, and comes with its own security flaws.
As always, using a VPN over HTTPS is the best course of action.
Setting a password on your Wi-Fi connection is a great way to keep out hackers (and freeloading neighbors). This process encrypts all traffic between your mobile device and the Wi-Fi router.
It works in tandem with both HTTPS and VPN, and is especially useful on hotspots for any public business. Hotels, airports, cafes, you name it. Otherwise, anyone with a packet sniffer (such as Wireshark) could harvest unencrypted data from hundreds of users..
The two current standards of Wi-Fi encryption are WPA2 and WPA3. The latter was built to resolve security exploits present in WPA2 (such as KRACK). Of course, many people still use WPA2 due to WPA3 being incompatible with older routers. What’s more, WPA3 has its own fair share of security issues. This includes the DragonBlood exploit that could allow an attacker to obtain your Wi-Fi password.
Fortunately, using a VPN provides an extra layer of encryption, allowing you to sidestep such exploits. Use VPN over HTTPS to create an extra safety net and prevent data leaks.
MAC Address Filtering
A MAC address is an identifier that’s unique to every device, and does not change (unlike an IP address). You can prevent unauthorized devices from accessing your Wi-Fi network by using MAC address filtering. Essentially, you’re telling the network that only devices X, Y, and Z can use your hotspot.
Note that MAC addresses can be faked. That said, filtering can still deter neighbors or more inexperienced hackers. It’s up to you to decide whether it’s worth the trouble of setting it up.
Best VPNs to Use with HTTPS
Now that you know VPNs and HTTPS go well together, you’ll need a VPN worth your time. Here’s a quick overview of the best VPNs on the market.
As you can see, VPN and HTTPS should not be considered separately. Instead, use them in tandem to boost your security. VPNs hide your browsing activity from your ISP, cover for various security exploits and attacks, and let you change your IP to unblock any content.
Meanwhile, HTTPS secures passwords, credit card details, and other sensitive info during the VPN decryption process. SSL certificates can also be used to ensure the website you’re logging into is legit. Although, you really have to pay attention, as even phishing sites use HTTPS nowadays. As a reminder, top VPN providers have anti-phishing features to help you out.