HTTP is like a conversation with someone wearing a “Hello my name is X” sticker at a public party, HTTPS is like a conversation with someone proving their identity with a government issued passport in a private room. Anyone can write anything they want on the former, and anyone happening to listen to the conversation can overhear everything. On the other hand, the latter requires basic identity verification and can’t be easily overheard.
With that being said, anyone can also obtain a passport. That means you can be sure that you are interacting with a John Doe, but that doesn’t necessarily mean that you are interacting with the John Doe you were expecting. For example, John A Doe (e.g. Google.com) is different, but maybe difficult to notice from John E Doe (e.g. Goggle.com), especially at a glance.
HTTP is like a conversation with someone wearing a “Hello my name is X” sticker at a public party, HTTPS is like a conversation with someone proving their identity with a government issued passport in a private room. Anyone can write anything they want on the former, and anyone happening to listen to the conversation can overhear everything. On the other hand, the latter requires basic identity verification and can’t be easily overheard.
With that being said, anyone can also obtain a passport. That means you can be sure that you are interacting with a John Doe, but that doesn’t necessarily mean that you are interacting with the John Doe you were expecting. For example, John A Doe (e.g. Google.com) is different, but maybe difficult to notice from John E Doe (e.g. Goggle.com), especially at a glance.
I hope that helps.