http://www.bbc.com/news/technology-28687513
I think it’s silly. To me all it does is increase the cost of homegrown apps/sites and increases complexity… all for what? So people can’t eavesdrop on you reading about a blog about cats?
Yeah there are ways to get cheap/free SSL Certs, but why? What’s the point? Honestly, if you’re not transmitting personal information in some way or another, I don’t think TLS matters at all. All this is going to do is push homebrew down for no benefit.
The first link wouldn’t allow me to see the web content unless I sign up. I did skim the other two.
I wasn’t able to ascertain whether the certificate had to be signed by one of the trusted (elite) root signing authorities or whether we could do it ourselves and whether the “DIY” approach would send a weaker ranking signal or not. Does anyone else know?
Sent from my XT316 using Tapatalk 2
Sorry, I forget The WSJ does that. They are all the same thing, I just provided multiple sources.
I HATE Google. So what, I’m supposed to pay for a dedicated IP address (which are in limited supply) and an SSL cert so I can encrypt something that does not need to be encrypted? Because that stupid Google decides that SSL which the government can easily break is a way to keep the U.S. government from eavesdropping? And that’s all this is, a reaction to the revelation a while ago that the U.S. government can crack https. There is server overhead to encryption. Google sucks.
Google does more spying on people than the U.S. government. Google Analytics, Adsense, DoubleClick, Fonts, and of course the wonderful free jQuery repository, all are tracking vectors to monitor which sites people visit on the web.
As soon as a saw this news I thought “Time to buy shares in verisgin”. because the SSL certificate market just increased tenfold.
However, with SSL being considered as a mandatory part of the HTTP2 spec and the fact that there are no drawbacks for the end-user I actually think it’s a step in the right direction. What we do need is a better way of managing it, they should bundle SSL Certs with domain names for a couple of dollars to really help push people over to SSL.
. So what, I’m supposed to pay for a dedicated IP address
You do not need a dedicated IP for an SSL Cert. Apache (I’m not sure about IIS) supports SNI (Server Name Indication) which allows you to have an SSL certificate for a domain without a dedicated IP.
Let’s keep this in proportion. Google is not forcing anyone to use HTTPS. And it’s not saying that non-HTTPS sites will be penalised in any way. It is only using this as “a very lightweight signal” - one of hundreds of factors they take into account when serving search results.
That said, I agree with the above comments. For the vast majority of websites, encryption would be absurd. In most of the sites that most people visit every day, there is no personal or sensitive information involved, and no risk to anyone’s privacy.
I suspect that Google only intend to apply this signal for searches where the resulting sites do involve sending personal information to the server. For example, if you search for free email services, they might tend to place those that have HTTPS addresses higher than the others. But it would make no sense to do that if you were searching for a carrot cake recipe, for example.
Mike
SEO aside, HTTPS as a default for all internet traffic is a good thing and google giving everyone a little push towards that isn’t going to hurt.
In the age of the NSA and creepy ISP snooping wouldn’t you rather have an internet where only the sender and receiver know the content of each message?
SSL is far from perfect, but it’s a step in the right direction for a better web.
I actually can’t think of how this mitigates NSA involvement. They can access the same web pages. They can probably subpoenas the web logs and find all the ip addresses. I am a bit confused to think what kind of NSA snooping this initiative prevents.
Sent from my XT316 using Tapatalk 2
Honestly, this news about https as priority has never been good news to most websites owners. I wonder what if most websites that run http doesn’t want to migrate at https. What will Google do? Maybe for small business, migrating might be easy. How about others. Well, seems Google plan this five months ago.
I suspect that the vast majority of websites won’t do anything. Most websites are run by small and medium businesses, very small web design companies, private individuals, amateur bloggers, book groups, sewing circles, amateur dramatic societies, and the like. Only a tiny percentage of them will have heard this announcement. The vast majority wouldn’t have a clue what it means, or how to go about implementing it. Most probably don’t even understand what encryption is for - let alone what the difference is between HTTP and HTTPS.
What’s more, for most users most of the time, encryption is irelevant. If you are looking for a carrot cake recipe, you want a recipe with easy-to-follow instructions, that uses common ingredients, that doesn’t involve hours of work, and has a reasonable chance of producing an edible cake. The last thing you care about is whether the recipe was encrypted between the server and your computer. Someone is eavesdropping on the recipe? Who cares?
My bet is that, in six months time, this announcement will be completely forgotten. It won’t change anything, either in Google’s search results or the security measures that most website operators take.
Mike
The basic purpose of adding https in website is to protect your website from unwanted hacking and data theft and it is mostly used and necessary in transaction and data protection. So adding https in transaction page is good.
But I don`t understand what a blog, news, article or service based website will do by adding the https in there pages. This algorithm is totally crap. Google will give priority to those website who are spending extra bucks https no matter their website are user friendly or not.