Google starts tracking, encourages worldwide HTTPS usage
Google has added a new section to its Transparency Report, which will allow users to keep an eye on Google’s use of HTTPS, and HTTPS use of the top 100 non-Google sites on the Internet.
“HTTPS is an encrypted HTTP connection,” Google explained for those who still don’t know. “HTTPS relies on encryption—SSL or TLS—to secure the connection. These web connections protect against eavesdroppers, man-in-the-middle attacks, and hijackers who attempt to spoof a trusted website. In other words, it thwarts interception of your information and ensures the integrity of information that you send and receive.”
With this new section, Google is hoping to spur more sites towards using HTTPS, as well as showing the progress of their own efforts.
So far, a little over 75 percent of requests sent to Google’s servers are sent via an encrypted connection.
Google Gmail and Drive traffic is executed completely over HTTPS, and the company is working on implementing HTTPS across the rest:
“Google Search shares serving infrastructure with several other products at Google. If we separated out Google Search into its own category, due to the sharing of serving infrastructure, we would not have confidence in the accuracy of that data,” they explained.
They also pointed out the obstacles to attaining full traffic encryption, such as:
- Older software’s and hardware’s inability to support modern encryption technologies (e.g. older mobile phones that are no longer updated)
- Certain organizations’ desire or inability to implement HTTPS
- Certain countries’ and organizations’ efforts to block or degrade HTTPS traffic.
“You should protect your website with HTTPS, even if it doesn’t handle sensitive communications. HTTPS protects the integrity of your website and the privacy and security of your users,” Google noted. “Also, powerful new web platform features are restricted to sites offering HTTPS.”
Not to mention that Google has been prioritising websites using HTTPS in Google Search since August 2014. This might not mean much to the most popular ones, but smaller sites might want to consider start using encryption.
The new section also shows how the top 100 non-Google sites on the Internet do on this front – whether they work on HTTPS, use modern TLS configurations, and whether they use HTTPS by default.
Their analysis showed that tech companies are great at adopting HTTPS – obviously, they consider it important – but that media sites (among others, including porn sites) are not. (By the by, Help Net Security has become “HTTPS only” earlier this year.)
Finally, Google has offered a Certificate Transparency tool, where users can look up certificates for specific sites and check whether they are valid and appropriately issued.