Why HTTPS vs. VPN makes no sense

Tips & tricks
2 mins
A browser with an HTTPS green lock. VPN is written in the search bar.

HTTPS vs. VPN is a battle that makes very little sense. Both are important means of internet protection, and they can be used together. There is absolutely no conflict between the two.

HTTPS and VPN similarities and differences

HTTPS

HTTPS stands for Hypertext Transfer Protocol Secure, which ensures the data passing between your computer and a website is encrypted.

Importantly, HTTPS is set by the owner of the website, and the user has no control over it. Some sites are available via both HTTP and HTTPS; in these instances, always opt for HTTPS. To see if the site you are browsing has HTTPS enabled, look for a green lock on the left side of the browser (URL) bar.

https-vs-vpn

HTTPS provides authentication of the website and its associated web server, which protects against man-in-the-middle attacks. Additionally, it encrypts communications between a client and server, which ensures the communications between a user and website cannot be read or forged by any third-party reader.

With HTTPS, nobody between the website and the user can read the data, not even a VPN company.

VPN

A VPN is set up by the user and works on every website or application online. A VPN creates a secure tunnel between a computer and the internet.

This means nosy third parties can’t see your online activity. When you are connected to a VPN, your ISP only sees that encrypted traffic is passing through VPN servers, but it cannot decipher the data or know which websites you have visited.

A VPN also gives users the ability to appear to be anywhere they choose and can overcome location-based access restrictions, thereby defeating censorship.

HTTPS and VPN work well together

HTTPS will encrypt information you enter into a website, but it won’t disguise your location or offer any privacy protection. It will also not offer any defense against internet censorship.

A VPN will encrypt communications between your computer and the VPN servers, hide your IP address and location, and grant access to the whole web, but it won’t protect you from the information you share willingly, like a credit card number typed into an unsecured browser page.

Both VPN and HTTPS will likely use similar encryption techniques under the hood, namely TLS. ExpressVPN’s Lightway protocol, for example, uses TLS 1.2, which has become the standard for websites as well.

In short, HTTPS is a fantastic encryption protocol, and a VPN is a must for the privacy conscious and those who wish to view the whole internet without restrictions. It’s not a case of VPN over HTTPS. The two work well together—a marriage made in cyber heaven.

Read more: 5 ways to keep your browsing history hidden from ISPs

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.