Google has tweaked its search algorithm to give a slight priority to Web sites that use HTTPS encryption for improved security. Google has been doing more to promote the use of "HTTPS everywhere" since June, when the enhanced security strategy was discussed at length during the company's annual I/O developer conference in San Francisco.
Zineb Ait Bahajji and Gary Illyes, Google webmaster trends analysts, described the change in a post Wednesday in Google's Online Security Blog on "HTTPS as a ranking signal."
"Over the past few months we've been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms," Bahajji and Illyes said. "We've seen positive results, so we're starting to use HTTPS as a ranking signal."
HTTPS layers the standard HTTP (for "hypertext transfer protocol") Web protocol on top of a TLS ("transport layer security") protocol to help authenticate a Web site's identity. It also enables encryption of content going back and forth between the user and the site server, which can help prevent eavesdropping and "man in the middle" attacks.
Great News for the Internet
The Electronic Frontier Foundation, a nonprofit advocacy organization that promotes digital privacy and civil rights, has been leading an "HTTPS Everywhere" campaign since 2010. Working in cooperation with the Tor Project for online privacy, the EFF encourages Internet users to use its HTTPS Everywhere browser extension, which switches Web sites from HTTP to HTTPS "whenever possible" for enhanced online security.
We reached out to Peter Eckersley, EFF technology projects director, to ask for his reaction to the latest HTTPS announcement from Google.
"Google has done great work at our side in promoting HTTPS, and we're glad that they're continuing to do that," Eckersley wrote in an e-mail. "There are a lot of Web site operators out there who don't care at all about security and privacy, but they do care about where (they) sit in Google's search results. This change is going to give those sites an incentive they were lacking to turn on encryption."
While Google itself has been criticized for scanning users' Gmail content for illegal content such as child pornography, its stance on HTTPS is welcome, Eckersley said.
"Having HTTPS does massively reduce the number of threats that could get access to your messages: It should stop eavesdroppers on a wireless network, or dragnet collection by intelligence agencies, even if it couldn't protect you against a court order sent to Google," he said. "Stronger incentives for HTTPS deployment are great news for the Internet, and for all of its users." (continued...)