Google to favor encrypted websites in search results
Websites that are not encrypted will receive a lower ranking on Google’s search engine, in a move designed to push site owners towards adopting technology that protects users’ data against hackers.
READ MORE: Google admits scanning Gmail for kiddie porn after turning in pedophile
The step is the latest in a series that Google has made to
improve the security of the web – something it has focused on
since Edward Snowden's National Security Agency (NSA) spying
allegations broke last year, which detailed information about
mass government surveillance by the US and some of its allies,
including the UK.
All major websites use encryption when a person submits their
login details, but some sites then downgrade to an unencrypted
connection.
“We hope to see more websites using HTTPS in the
future,” Google said in a blog post.
Christopher Soghoian, a principal technologist from the American
Civil Liberties Union, told the Washington Post that “this is
a huge deal” and “the ultimate carrot for websites”
to use encryption.
Kevin Mahaffey, chief technology officer and co-founder of
mobile-security company Lookout Inc., said that users effectively
put their data into a more secure envelope when they deal with
encrypted websites.
“If you were sending a letter with your credit card
information and Social Security number, would you send it in a
secure envelope or a clear envelope?” he asked.
Google already uses a number of practices which directly relate
to a website's performance and affect its rankings – including
penalizing sites that load slowly.
Censorship war: Website unmasks links Google is blocking from search results
“This is a lot like Consumer Reports saying that the overall
rating of a car is higher because it has airbags,” said
Mahaffey.
Until now, the issue of whether a site was encrypted or
unencrypted affected less than one percent of Google searches.
In the past, websites have avoided encryption because of cost
concerns and a slower response time, but now the cost of
encryption has declined and the experiences of Google and
Facebook – which do use encryption – suggest that it doesn’t
necessarily have to slow a website down.
Google already encrypts user searches, as well as all emails sent
by Gmail. In June, Google published a new report disclosing
information about email providers that don’t encrypt emails.
Both Google and other major web companies have faced allegations
that they have been complicit with the NSA in their surveillance
and information gathering, and earlier this year set up the
“Reform Government Surveillance” coalition in an effort to
maintain credibility.
But LinkedIn said in June that it was still upgrading to https as
supposed to http – which is unencrypted – and people using
LinkedIn in some regions found they were being flipped to an
unencrypted connection after logging in.