Sites that have no TLS and SSL certificates.

[Oshosondy]

I have noticed some sites do not have TLS and SSL certificate, instead of the site to be https, it will be http. The sites are said to not be secure, we should not click on such sites. But I want to know more about it with this question. I will like your answers.

On the browser I used, I saw a padlock closed for the sites that are secure (https sites), I clicked on the padlock, and it states Connection is secure.Your information (for example, passwords, credit card numbers) is private when it is sent to this site

I want to know if I click on http (non secure sites), if I do not share my password or any information that can get me in trouble on the http sites, can the unsecure site access my files on my device?

This is just to know more about secure and unsecure sites using TLS and SSL certificate as the security. Also know that sites that are secure can have attackers, that only the connection is secure not the site itself. But unsecure (http) connections are deadly, they can be set up by attackers to steal from people.

[mindrust]

I want to know if I click on http (non secure sites), if I do not share my password or any information that can get me in trouble on the http sites, can the unsecure site access my files on my device?

No they cannot harm you like that just because they use http instead of https. There are many famous websites with high traffic that don't use https.

As long as you don't give your cc number or don't use a bullshit password to register/login, you are fine. (you should use a different passw for every website anyway)

[CryptocurencyKing]

As long as you don't give your cc number or don't use a bullshit password to register/login, you are fine. (you should use a different passw for every website anyway)

Using different password for different sites could be so over whelming though secured but then, some times the platforms we access can turn out to be just okay and perhaps it was just a test in progress for you then, you virtually forget and what ever it is, it's validity could be gone. Just like that and possibly you can't run a second reg.
I'll just suggest you have a second of what ever detail for any registration and always use it when your not sure.

On the padlock thing that comes up, as rightly said in OP, it's a security enhanced field hence, your activities on the platform is end-to-end, and can't be easily tapped. In contrast to the other one which is more contrary being that, the security on the system is not end to end which is, relatively low and as such, you have to take due diligence on the activities you perform on their system. Not like you can be tapped so easily as well but could be watched by a team of maybe themselves.

[pooya87]

As long as you don't give your cc number or don't use a bullshit password to register/login, you are fine. (you should use a different passw for every website anyway)

any site that doesn't use SSL encryption also doesn't have any login feature. for example preev.com is simply using http since it just reports the price.
if you saw some website that had login features and didn't use any encryption then you shouldn't create an account there in first place because it is trivial for an attacker to see your password through MITM attack since there is no encryption.

[DdmrDdmr]

<…> I want to know if I click on http (non secure sites), if I do not share my password or any information that can get me in trouble on the http sites, can the unsecure site access my files on my device? <…>

The "s" part of https means secure, and implies that the data going over the internet to and fro, between your device and the site, is encrypted. The encryption is to avoid any network sniffer from being able to read the data being sent, and potentially getting hold of it, exposing yourself to a large risk when credentials, personal or financial information is been sent/received.

From there on, having a SSL certificate brings no additional comfort nor guarantees over the site you interact with: almost three-quarters of all phishing sites now use SSL protection. Wrongdoing can happen whether the site has SSL or not.

[akirasendo17]

I have noticed some sites do not have TLS and SSL certificate, instead of the site to be https, it will be http. The sites are said to not be secure, we should not click on such sites. But I want to know more about it with this question. I will like your answers.

On the browser I used, I saw a padlock closed for the sites that are secure (https sites), I clicked on the padlock, and it states Connection is secure.Your information (for example, passwords, credit card numbers) is private when it is sent to this site

I want to know if I click on http (non secure sites), if I do not share my password or any information that can get me in trouble on the http sites, can the unsecure site access my files on my device?

This is just to know more about secure and unsecure sites using TLS and SSL certificate as the security. Also know that sites that are secure can have attackers, that only the connection is secure not the site itself. But unsecure (http) connections are deadly, they can be set up by attackers to steal from people.

TLS SSL , this secures the connection so that others wont able to see, more like encrypted that only the reciever and sender can see the message
so that it won't leak in the internet, if you don't have this you may be hack , if you are sending critical information specially bank codes, keys , password
although it doesnt mean you are 100% secure but you're sure , its only you and the sender knows your transaction being done

[lovesmayfamilis]

Almost all sites today support HTTPS protocols. And as it was rightly said, it is highly discouraging to enter the site without such support. Namely, enter your data there.
But in order to be more secure, and by mistake, do not accidentally go to such sites, we can recommend that you install the HTTPS Everywhere extension.
I will not describe all its properties now, all of this can be found on the site for review.
https://www.eff.org/https-everywhere

[Jawhead999]

The solution you can use this extension https://www.eff.org/https-everywhere and https://ublock.org/ (to block ads)

Anyway even though the site using SSL certificates (https) only the connection is secure, but the website aren't 100% secure. Getting SSL certificates is easy since many service offering free certificates. You shouldn't only believe about the certificates, pay more attention about the website too.

I'll give an example :

Code:

https://einvestment.com/

This site have SSL certificates (https) but the site offering ponzi scheme, while we're know ponzi scheme is scam.

[virasog]

I have noticed some sites do not have TLS and SSL certificate, instead of the site to be https, it will be http. The sites are said to not be secure, we should not click on such sites. But I want to know more about it with this question. I will like your answers.

On the browser I used, I saw a padlock closed for the sites that are secure (https sites), I clicked on the padlock, and it states Connection is secure.Your information (for example, passwords, credit card numbers) is private when it is sent to this site

I want to know if I click on http (non secure sites), if I do not share my password or any information that can get me in trouble on the http sites, can the unsecure site access my files on my device?

This is just to know more about secure and unsecure sites using TLS and SSL certificate as the security. Also know that sites that are secure can have attackers, that only the connection is secure not the site itself. But unsecure (http) connections are deadly, they can be set up by attackers to steal from people.

Although there is no harm in visiting "only http" sites but these days you will find very few sites which do not use Https. Personally, i feel that every good site should have "HTTPS" and if a site cannot implement secure channel, i will prefer not to visit them.

[mocacinno]

I made a big post about mixing services using cloudflare's SSL, but part of this post also describes the non-ssl situation with some graphics... Maybe it can clear things up for you?
https://bitcointalk.org/index.php?topic=5247838.msg54414844#msg54414844

It's pretty simple actually... When visiting a http site, you have to realise your traffic passes trough a lot of network nodes. Each node operator has the ability to log each and every package you send and receive.
Since you're visiting a http site, these packages are unencrypted.

Basically, if you enter a password, and e-mailadress, send a copy of your driver's licence,... loads of people can *potentially* log AND READ this information.

Like others have already said: if you request a page containing the latest exchange rate from preev.com, this doesn't matter... But going as far as saying somebody can log in on an unsecured site is not ok for me.

BTW: if you read the rest of the post i linked to above, you'll realise that the "padlock" symbol isn't a % guarantee either, in case the website owner is using cloudflare...

[joniboini]

Just to keep in mind that HTTPS Everywhere is only forcing your browser to request the secure version of the website (if it exist). If the website doesn't has such thing, the extension will not encrypt your traffic at all. Which means you'll still at risk if you ignore the warning and visit the non-secure website. CMIIW.

[boyptc]

There were times that when I watch Youtube, it says "not secure".

But I know that it could be a glitch by the browser or youtube themselves. Having that said, visiting another website that I'm not familiar with, I'm more careful browsing with them and won't be giving out details of mine.

If nothing is important to look on that not secured website, I'll close them immediately.