Google plan to push sites to use HTTPS to prevent online surveillance

Google to prioritise sites using HTTPS in rankings - despite it being cracked by NSA and GCHQ

Search giant Google is to boost the rankings of websites that use Hypertext Transfer Protocol Secure (HTTPS) in a bid to make web browsing more secure against online surveillance.

It follows more than a year of revelations about the monitoring activities of government security agencies across the world, not to mention tightening web laws in places such as Russia.

HTTPS involves the layering of standard HTTP, used to deliver web pages, on top of the SSL/TLS security protocol, lending the security capabilities of Secure Sockets Layer (SSL) to communications that would otherwise be open to eavesdropping. The main motivation for HTTPS is to prevent wiretapping and man-in-the-middle attacks by encrypting the data.

HTTPS uses the underlying transport layer security (TLS) mechanism for long-term public and secret keys to exchange a short-term session key to encrypt the data flow between client and server.

Ilya Grigorik, a Google advocate for the Chrome team, speaking at a Google I/O developers' conference earlier this year, told developers that HTTPS ought to be used on all sites to prevent eavesdropping. "While it seems like individually the metadata you can gather by looking at these unencrypted sites is benign, when you actually put it all together it reveals a lot about my intent, it can actually compromise my privacy."

However, the shift to pushing HTTPS websites in Google's rankings has only just been announced - unveiled in a corporate blog posting.

"At Google I/O a few months ago, we called for 'HTTPS everywhere' on the web... over the past few months we've been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal.

"For now it's only a very lightweight signal - affecting fewer than one per cent of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web," explained the company.

As part of the push towards HTTPS, Google is planning to publish detailed best practice guides to help webmasters make the shift. It is also encouraging organisations that already use HTTPS as standard to test their configurations using the Qualys Lab testing tool.