Google Will Give a Search Edge To Websites That Use Encryption

As TechCrunch reports, Google will begin using website encryption, or HTTPS, as a ranking signal – a move which should prompt website developers who have dragged their heels on increased security measures, or who debated whether their website was “important” enough to require encryption, to make a change. Initially, HTTPS will only be a lightweight signal, affecting fewer than 1% of global queries, says Google. ... Over time, however, encryption’s effect on search ranking [may] strengthen, as the company places more importance on website security. ... While HTTPS and site encryption have been a best practice in the security community for years, the revelation that the NSA has been tapping the cables, so to speak, to mine user information directly has prompted many technology companies to consider increasing their own security measures, too. Yahoo, for example, also announced in November its plans to encrypt its data center traffic.

Great step!

[satuon]

That's a really great step from Google, I had never thought that it can be done in such a neat way. What's next? Can they also do it for IPv6?

It's about time!

[mcrbids]

Expensive advertising campaigns engender trust because it shows that the advertiser has the resources to carry out the campaign. It's why online ads are so commonly ignored - people want to do business with "reputable" companies and expensive advertising is a way of establishing repute.

Similarly, putting out the modicum of effort to perform basic security like SSL is a signal that the website is reputable. I mean, if you can't be bothered to buy a $50 SSL certificate and install it, are you *really* trustworthy?

SSL should be a basic signal of trustworthiness.

Re:It's about time!

[WaffleMonster]

Similarly, putting out the modicum of effort to perform basic security like SSL is a signal that the website is reputable. I mean, if you can't be bothered to buy a $50 SSL certificate and install it, are you *really* trustworthy?

LOL and here I thought all this time the Internet was supposed to reduce costs and barriers to competition... yet here we go "the higher the fewer".

When your making the big bucks off Google by operating industrial scale link farms $50/year is a small price to pay for success.

Someone please remind me again why we are even contemplating enriching the clusterfuck that is the CA industry which sees no problem with use of completely automated systems and non-existent documentation requirements prior to issuing certificates?

Thanks to Google and the NSA !

Thanks to Google for making the web a little bit more secure by promoting secure websites!
Thanks to the NSA for tapping the web so blindly and boldly than we should react!

If the NSA was not so bold and had tapped only these who were under suspicion of bad behavior, the status-quo would have been kept. Now the privacy of everyone is a little bit more secure and the NSA will have a little bit harder times managing MITM attacks on every netizens.

An EU Citizen who like its privacy.

Re:So now Google establishes Internet standards

[bill_mcgonigle]

Google has been using dozens of quality metrics for years to adjust its rankings. This isn't a new concept.

It's not clear to me which HTTPS configurations it's favoring, though. Is Strict Transport Security a requirement? People with high-longevity system needs are going to need to upgrade to EL7 to make good HTTPS feasible, so there will be a transition period.

As far as standards - look, W3C, IETF, et. al. have completely failed to keep up. From 1993 to 1997 we went from HTTP 0.9 to to HTTP 1.1, which is where we are today. HTTP 2.0 will have been languishing for two decades by time there's a standard and any significant adoption. That's not Internet-time.

Google has made some mistakes with SPDY and QIC but at least they're actually trying to move the ball down the field instead of just arguing on the sidelines. It used to be that lots of players would do the same thing and fairly quickly a concensus would emerge. We have a serious breakage problem in the current community process. Google is doing it right - it's everybody else that's not.