Is there any security benefit to be connected over HTTPS if certificate isn't valid?
Generally speaking, you are corrct. You are still connecting via HTTPS, as you surmised. Authentication, however, is indeed a critical part of TLS and HTTPS security. Even though the data is protected by TLS, without a valid and correct certificate, you can't be certain who you're actually talking to on the other end. It may be a server for the site you expect. It's very hard to know, however, if in fact there may be a man-in-the-middle instead, decrypting and examining (and possibly tampering with) the traffic in the clear before re-encypting it to forward back and forth between you and the site you think you're talking to.
So while there is a certainly a possibility that an unauthenticated connection might still be secure, it's quite difficult to know, and in most cases a certificate errors is indeed going to be an indication that something is amiss with the connection.
Yes. Even though someone could be MitMing you, other people on the line still can't see what you're doing. You can also manually check the public key for self-issued certificates for example.
So, if you choose to continue, are you actually browsing with the http protocol ? Or the https protocol?
Indeed you are browsing the website using https, it is just the issuer of the SSL certificate that the browser doesn't trust.
I was asking myself this question following a test I had today where we was asked if it was better to be on a secured website or on an authentificated website when browsing on a shopping website. That made me wonder if there was any difference between secured and authentificated.
My guess this is a 'trap' question. The two address two different purposes:
"authentificated website" : The website knows that the right user is shopping.
"secured website" : The user knows that he is shopping on the right website.
Update:
In my humble opinion the term "authentic website" is not commonly used in Information Security, unless you put it in a specific context.
That being said the only difference between 'authentic' website and a secured website, is that the first one has the SSL certificate issued from a trusted Certificate Authority (CA), CA