HTTP is vulnerable to being eavesdropped / decoded while in transit. HTTPS is not
If you are explaining HTTPS to non-technical people, this is the real point you want to hit home. HTTPS at its core, still uses HTTP but as you mentioned takes advantage of TLS to encrypt the HTTP requests in between servers and browsers.
This achieves an effect two fold. Privacy and Validity. With normal HTTP traffic, ISPs and any public router, whether that be corporate proxies or public hot-spots, are able to read and intercept all the Web traffic that passes through them. So imagine if someone who visited your site, something you spent countless hours designing and crafting the experience for is all of a sudden replaced with something else, or gets ads and crypto-miners injected into it. Just because they were on public Wi-Fi.
HTTPS prevents this and ensures that the users of your site actually receive your site, and only your site.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If you are explaining HTTPS to non-technical people, this is the real point you want to hit home. HTTPS at its core, still uses HTTP but as you mentioned takes advantage of TLS to encrypt the HTTP requests in between servers and browsers.
This achieves an effect two fold. Privacy and Validity. With normal HTTP traffic, ISPs and any public router, whether that be corporate proxies or public hot-spots, are able to read and intercept all the Web traffic that passes through them. So imagine if someone who visited your site, something you spent countless hours designing and crafting the experience for is all of a sudden replaced with something else, or gets ads and crypto-miners injected into it. Just because they were on public Wi-Fi.
HTTPS prevents this and ensures that the users of your site actually receive your site, and only your site.