The World Wide Web is built on HTTP, a relatively young protocol (language) that is built on top of the Internet Protocol (IP). HTTP stands for HyperText Transfer Protocol, and was designed to download so-called hypertext documents (what are now known as ‘web pages’) and to send some basic information back to the web server
Web pages are created using the formatting language HTML, (Hyper Text Markup Language). The rules of this language are set by the World Wide Web Consortium (W3C), and specify special markers to indicate typograhy and layout properties. For example, text in bold will have before it and </b> after it
While there are several versions of the specification (HTML5 being the most recent), the HTML development process is continuous and open to participation. Once the standards have been set, there is no licence or fee for using HTML. The advantage is that all available computer systems understand the instructions in HTML in the same way – so anyone can use the language (for free) and be sure that every device will display the web page in the same way. The Web (and the world) would be far poorer if people had to pay to develop pages in the languages of different types of computer.
This open and free character of HTML is essential to ensure compatibility of web pages across all sorts of devices: desktop computers, mobile phones, tablets, laptops and more. Proper application of the HTML specification to format webpages also ensures accessibility for people who are visually impaired – otherwise text reading systems will not be able to understand the pages being accessed.
Webpages are published on machines known as ‘web servers’. A web server is a computer that can be found by its unique IP address. Usually many domain names can be found at the same IP Address
because they are stored (‘hosted’) on the same server.
Thus, a single web server with a unique IP address can host numerous websites. In the case of commercial web hosting companies, there can be hundreds of unrelated websites on one single web server. Attempts to “block” individual websites on the basis of their IP address have therefore always had disastrous consequences for the unrelated pages on the same server.
In addition to HTTP, there is also a secure variant called HTTPS. HTTP connections (and, therefore, uploaded and downloaded information) are not encrypted, and anyone with access to the network cables or equipment between the computer of the end-user and the web server can gain access to all information going back and forth.
HTTPS adds encryption to this connection, so that (in theory) only the end-user and the web server can decipher the information that is going back-and-forth. This is based on trust: the web page publisher asks a trusted party to give them a strictly personal certificate, digitally signed to confirm the identity of the publisher; much like a wax seal used in previous centuries to seal documents.
When a user buys a new computer or installs a new web browser, it comes with a standard set of trusted certificate authorities, a secure list of entities from which the user will trust the certificates given out to web page publishers. The weakness in this system is a result of this default list: there are dozens on this list.
If just one of these entities turns out not to be trustworthy, users will be putting their trust in an unreliable service.