Two months ago, during the 2014 Google I/O developers’ conference, Google made a call for “HTTPS everywhere” on the web. Now, it wants to go further. A recent post at Google’s official blog says it has started using HTTPS as a ranking signal for its search results pages. While now, it is only “a very lightweight signal,” over time, Google said it may decide to strengthen it.
All website owners are encouraged by Google to make the switch from HTTP to HTTPS “to keep everyone safe on the web.” One way of making the Internet safer that is by making sure that the websites people access from Google are secure. To get the ball rolling, it has started assigning a higher priority to secure websites in its search engine results pages. It has begun rewarding those who have already taken precautionary measures for keeping their own websites safe from hackers, hijackers and eavesdroppers. Besides Google, social media sites Twitter and Facebook have now also been using HTTPS as the default option for many of their services.
As of August 3, 2014, according to the Trustworthy Internet Movement, just about 28.3% or 43,173 of 152,733 popular websites have a secure implementation of HTTPS. Mashable, on the other hand, says, “secure websites with “https” in the URL (“s” stands for secure) make up about 56% of websites.” Whichever it is, the fact remains that many website owners have still been reluctant to switch from HTTP to HTTPS because it entails additional cost and it could slow down their websites. Shifting to HTTPS slows the loading time of web pages as well as take up more processing power from the server. As Mark Sparshott of security-as-a-service company Proofpoint observed: “Most websites were slow to enforce the use of HTTPS because the encryption it uses to secure the connection slows down the web experience which is anathema to the mantra of most web based services where latency can drive their users to a competitor’s service. As such some websites provided it as an option for many years but did not make it the default option until recent times.”
In recent times, there are already technical solutions for addressing such concerns according to Jason Hart of data protection firm SafeNet. He said there are now high speed encryption technologies available that could make the argument of higher cost and slower speed a non-issue. He maintains that there is now really no excuse “for any data to be transmitted or stored in plain text.” Actually, Google itself will be helping the website owners make the switch to HTTPS faster and more convenient. Aside from the encouragement of being given a higher ranking in the SERP, it promises that “in the coming weeks, we’ll publish detailed best practices (we’ll add a link to it from here) to make TLS adoption easier, and to avoid common mistakes.”
Google has now made web security its top priority. Complementing its efforts to persuade website owners to voluntarily go HTTPS, it has organized a team of security experts and researchers, under what it calls “Project Zero,” to find potentially harmful bugs and kinks that are going around on the Internet. As maintained by Google, “you should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications.” The objective of Project Zero, said researcher Chris Evans “is to significantly reduce the number of people harmed by targeted attacks.”