Google Now Using HTTPS As A (Very Slight) Ranking Signal In Search To Encourage More Encryption
from the pros-and-cons dept
Back in April, we wrote about claims that Google was considering giving a boost in its search rankings to sites that are encrypted. Today, it officially announced the policy, noting that the company has been testing it for a little while and thinks that it works well. The weighting is very tiny, but the company makes it clear that it will likely increase that over time, and the current low ranking is more of a “grace period” to encourage more sites to encrypt. Google also makes clear that its reason for doing this is to encourage greater encryption to make the entire web more safe and secure:
For these reasons, over the past few months we?ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We?ve seen positive results, so we?re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal?affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content?while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we?d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
When we wrote about it back in April, I found it a bit surprising that Google would do this, given that, historically, it has always said its search rankings were entirely focused on quality. You could, perhaps, make an argument that a site that uses SSL is more likely to be a high quality site, but Google doesn’t even appear to be making that argument. As a site that has already strongly moved to SSL, this might (marginally) help our Google rankings (not that we actually get much traffic from Google in the first place), and getting much more of the web encrypted is a good thing in general.
It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of “nudging” behavior by Google. For years, the legacy entertainment industry has pushed Google to better rank “good” sites and to downrank “pirate” sites — which the industry still seems to think is a simple black and white calculation (it’s not). Google can point out that SSL v. non-SSL is obvious, but I fully expect those who seem to think Google should be designed in their own interests, as opposed to those of Google’s users, to jump on this as proof that Google can solve other problems.
This still is a good move, though. Encouraging more encryption on the web is always the right move. I’m just still a bit surprised that Google would take this step, and wonder how others will react to it.
Filed Under: encrypt everything, encryption, https, search ranking, ssl
Comments on “Google Now Using HTTPS As A (Very Slight) Ranking Signal In Search To Encourage More Encryption”
So when is the EU going to make this illegal?
Fly-by-night copy sites...
Fly-by-night copy sites can’t afford $100 a year for a certificate because that eats up their profits. Which is exactly why Google is doing this.
Re: Fly-by-night copy sites...
If you are paying $100 for a cert you are getting ripped off.
I regularly purchase certs for less than $8/year.
If that’s too much there are even free certs
No one has a valid excuse to avoid SSL.
“It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of “nudging” behavior by Google.”
I am at a loss to think of an argument by any industry that couldn’t be answered by Google with: “This issue is bigger than you … or your financial interests. Go talk to Bing.”
Re: Re:
To which Bing responds with: “What are you hassling us for, you know we get our results from Google, take it up with them!”
Re: Re:
Go talk to Bing.
On this part they’d look puzzled at each other and ask:
“What is Bing? Aren’t you the Internet?”
[quote] You could, perhaps, make an argument that a site that uses SSL is more likely to be a high quality site, but Google doesn’t even appear to be making that argument. [/quote]
Could you though? I’ve seen a lot of very bad websites created of entirely scraped contents that use SSL. That Google would even consider these as being able to rank even slightly higher in search results due to the use of SSL would be ludicrous.
A bad website is a bad website, whether it uses SSL or not. That being true, then one would hope that Google is smart enough to rank a higher quality site that doesn’t use SSL higher than it would rank a bad site that does use SSL.
If their algorithm doesn’t do that, then using SSL as even a very minor ranking factor would be a very bad step in my opinion. It needs to be and and/if situation as opposed to “oh, they use SSL so they get a better rank”.
I’d assume there is more to it than that, but assumptions often get one in a place they don’t want to be.
Re: Re:
Lots of bad sites use HTTPS, so you have a good point. However in this day and age, nearly all sites that don’t use HTTPS are bad sites — so the correlation does hold, just in an inverse way.
Re: Re:
I really think Google feels they are onto something here, but they may be fooling themselves.
I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated. It will certainly create another layer of work for those running parking pages.
If there is a massive increase in sites using SSL after this announcement, Google will have shown themselves to be perhaps a little too powerful in the marketplace. If everyone is rushing to adjust to Google, do they hold what is essentially a overly dominant position over the web? Anti trust, perhaps?
Google very likely sees this as a populist theme they can work, hoping that you will forget that they didn’t secure their own internal networks in the past.
Re: Re: Re:
Google have been “a little too powerful in the marketplace” for a long time, everybody knows it. The issue (and what could trigger anti-trust) is whether they are abusing their powerful position. From what I have seen, so far they’ve avoided abusing their position.
Re: Re: Re: Re:
That. He doesn’t know what he’s talking about, obviously.
I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated.
See, he THINKS. But it doesn’t change the fact that it’s bullshit. Where the heck was this written anyway?
Re: Re: Re:
“I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated.”
Google has said why they’re doing this: because it’s good for everyone if all sites used HTTPS as a matter of standard practice, and they want to encourage it.
Re: Re:
A bad site will remain bad and badly ranked even if you give it a slight bump. I think it’s a good move generally speaking and won’t harm most of the net. Plus adding HTTPS isn’t hard at all nowadays (although doing it PROPERLY may be somewhat challenging).
My take is that rather than SSL being an indicator of possible quality of the underlying web site, they may be thinking of it being a quality in and of itself. IOW, all other things being equal, an encrypted site is of higher quality than an non-encrypted site because it’s encrypted.
Re: Re:
Good point, I agree.
Another PR stunt by the NSA/Google
Another PR stunt by Google. They don’t give a flying fuck about security. To know that look at Android. They are only interested in identity, which is of course part of SSL and their NSA mission. The time is coming and it is coming very quickly that Google will find itself suddenly without the support they once had. They will crawl back to the customer and beg them for more information, yet those people will no longer trust Google to be anything else but a self-promoted American company that is only there to spy.
Identity platform
To show what a joke their own SSL is, go to Googles’ identity platform G+, hover over the security certificate and behold. The connection is only partially encrypted. So in the end, it does not help with privacy nor with security.
How would/could this Secure Layer solve the gaping wound you Americans inflicted ? Is there really anyone who still thinks it is a safe bet to believe in anything what Googles claims ?
Perhaps if http a actually worked better this would be a good idea. Chrome on iOS on your own site often needs a refresh on every page to get it to load, a problem that doesn’t happen on any none https sites.
Re: Re:
I definitely disagree that the problems you’re experiencing are attributable to https. I would start by trying another browser.
I consider to ban google
Sadly,...
I don’t see this as a good idea. Lets say you have a site that is competing with other similar sites on content; it is purely a provider of info (so no user submissions or logins to worry about) but has lost pagerank to another site that has better content.
To improve your google rankings, you can either:
a) add or update content to improve the quality of your site
b) buy a worthless https certificate (for $150/year or so)
While I am a strong believer that https should be applied wherever appropriate, I am not sure “everywhere” is appropriate.
Google Now
Seeing as how Google actually has a product called ‘Google Now’, a verb in the title might help.
I’m torn on this. My first reaction was, “Awesome. We need better privacy and security,” but then I thought about it some more and grew uncomfortable with the idea of Google filtering search results based on something other than relevance. Their goal is now no longer find the information the user is looking for and the end result is an inferior search engine. When I get a page of search results I don’t skip past the http links to the https ones. The goals provide optimal search results and improve security on the web are in conflict.
Re: Re:
“uncomfortable with the idea of Google filtering search results based on something other than relevance”
Google has always filtered on things other than relevance (site reputation as defined by the number of sites that link to it comes to mind.) This does seem in line with that.
However, more recently, Google has been filtering more and more heavily on signals that don’t relate to relevance. For instance, they down-rate or omit sites that are offensive to powerful interests (the most recent example being the RTBF, but there were many before that.)
So, in a sense, the relevance ship has been out of port for a long time.