Google Now Using HTTPS As A (Very Slight) Ranking Signal In Search To Encourage More Encryption

from the pros-and-cons dept

Back in April, we wrote about claims that Google was considering giving a boost in its search rankings to sites that are encrypted. Today, it officially announced the policy, noting that the company has been testing it for a little while and thinks that it works well. The weighting is very tiny, but the company makes it clear that it will likely increase that over time, and the current low ranking is more of a "grace period" to encourage more sites to encrypt. Google also makes clear that its reason for doing this is to encourage greater encryption to make the entire web more safe and secure:
For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
When we wrote about it back in April, I found it a bit surprising that Google would do this, given that, historically, it has always said its search rankings were entirely focused on quality. You could, perhaps, make an argument that a site that uses SSL is more likely to be a high quality site, but Google doesn't even appear to be making that argument. As a site that has already strongly moved to SSL, this might (marginally) help our Google rankings (not that we actually get much traffic from Google in the first place), and getting much more of the web encrypted is a good thing in general.

It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of "nudging" behavior by Google. For years, the legacy entertainment industry has pushed Google to better rank "good" sites and to downrank "pirate" sites -- which the industry still seems to think is a simple black and white calculation (it's not). Google can point out that SSL v. non-SSL is obvious, but I fully expect those who seem to think Google should be designed in their own interests, as opposed to those of Google's users, to jump on this as proof that Google can solve other problems.

This still is a good move, though. Encouraging more encryption on the web is always the right move. I'm just still a bit surprised that Google would take this step, and wonder how others will react to it.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Lord_Unseen (profile), Aug 7th, 2014 @ 2:41pm

    So when is the EU going to make this illegal?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    PRMan, Aug 7th, 2014 @ 2:56pm

    Fly-by-night copy sites...

    Fly-by-night copy sites can't afford $100 a year for a certificate because that eats up their profits. Which is exactly why Google is doing this.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    GMacGuffin (profile), Aug 7th, 2014 @ 3:43pm

    "It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of "nudging" behavior by Google."

    I am at a loss to think of an argument by any industry that couldn't be answered by Google with: "This issue is bigger than you ... or your financial interests. Go talk to Bing."

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Gracey (profile), Aug 7th, 2014 @ 3:47pm

    [quote] You could, perhaps, make an argument that a site that uses SSL is more likely to be a high quality site, but Google doesn't even appear to be making that argument. [/quote]

    Could you though? I've seen a lot of very bad websites created of entirely scraped contents that use SSL. That Google would even consider these as being able to rank even slightly higher in search results due to the use of SSL would be ludicrous.

    A bad website is a bad website, whether it uses SSL or not. That being true, then one would hope that Google is smart enough to rank a higher quality site that doesn't use SSL higher than it would rank a bad site that does use SSL.

    If their algorithm doesn't do that, then using SSL as even a very minor ranking factor would be a very bad step in my opinion. It needs to be and and/if situation as opposed to "oh, they use SSL so they get a better rank".

    I'd assume there is more to it than that, but assumptions often get one in a place they don't want to be.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Jeffrey Nonken (profile), Aug 7th, 2014 @ 4:23pm

    My take is that rather than SSL being an indicator of possible quality of the underlying web site, they may be thinking of it being a quality in and of itself. IOW, all other things being equal, an encrypted site is of higher quality than an non-encrypted site because it's encrypted.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 7th, 2014 @ 4:30pm

    Re: Fly-by-night copy sites...

    If you are paying $100 for a cert you are getting ripped off.

    I regularly purchase certs for less than $8/year.
    If that's too much there are even free certs

    No one has a valid excuse to avoid SSL.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    John Fenderson (profile), Aug 7th, 2014 @ 4:48pm

    Re:

    Lots of bad sites use HTTPS, so you have a good point. However in this day and age, nearly all sites that don't use HTTPS are bad sites -- so the correlation does hold, just in an inverse way.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    That One Guy (profile), Aug 7th, 2014 @ 5:28pm

    Re:

    To which Bing responds with: "What are you hassling us for, you know we get our results from Google, take it up with them!"

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Whatever (profile), Aug 7th, 2014 @ 11:00pm

    Re:

    I really think Google feels they are onto something here, but they may be fooling themselves.

    I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated. It will certainly create another layer of work for those running parking pages.

    If there is a massive increase in sites using SSL after this announcement, Google will have shown themselves to be perhaps a little too powerful in the marketplace. If everyone is rushing to adjust to Google, do they hold what is essentially a overly dominant position over the web? Anti trust, perhaps?

    Google very likely sees this as a populist theme they can work, hoping that you will forget that they didn't secure their own internal networks in the past.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Mr. Oizo, Aug 7th, 2014 @ 11:20pm

    Another PR stunt by the NSA/Google

    Another PR stunt by Google. They don't give a flying fuck about security. To know that look at Android. They are only interested in identity, which is of course part of SSL and their NSA mission. The time is coming and it is coming very quickly that Google will find itself suddenly without the support they once had. They will crawl back to the customer and beg them for more information, yet those people will no longer trust Google to be anything else but a self-promoted American company that is only there to spy.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Mr. Oizo, Aug 7th, 2014 @ 11:40pm

    Identity platform

    To show what a joke their own SSL is, go to Googles' identity platform G+, hover over the security certificate and behold. The connection is only partially encrypted. So in the end, it does not help with privacy nor with security.

    How would/could this Secure Layer solve the gaping wound you Americans inflicted ? Is there really anyone who still thinks it is a safe bet to believe in anything what Googles claims ?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Steve, Aug 8th, 2014 @ 12:49am

    Perhaps if http a actually worked better this would be a good idea. Chrome on iOS on your own site often needs a refresh on every page to get it to load, a problem that doesn't happen on any none https sites.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Tom, Aug 8th, 2014 @ 1:08am

    I consider to ban google

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Aug 8th, 2014 @ 4:11am

    Re: Re:

    Google have been "a little too powerful in the marketplace" for a long time, everybody knows it. The issue (and what could trigger anti-trust) is whether they are abusing their powerful position. From what I have seen, so far they've avoided abusing their position.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Ninja (profile), Aug 8th, 2014 @ 5:07am

    Re:

    Go talk to Bing.

    On this part they'd look puzzled at each other and ask:

    "What is Bing? Aren't you the Internet?"

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Ninja (profile), Aug 8th, 2014 @ 5:09am

    Re:

    A bad site will remain bad and badly ranked even if you give it a slight bump. I think it's a good move generally speaking and won't harm most of the net. Plus adding HTTPS isn't hard at all nowadays (although doing it PROPERLY may be somewhat challenging).

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Ninja (profile), Aug 8th, 2014 @ 5:19am

    Re: Re: Re:

    That. He doesn't know what he's talking about, obviously.

    I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated.

    See, he THINKS. But it doesn't change the fact that it's bullshit. Where the heck was this written anyway?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    DaveHowe (profile), Aug 8th, 2014 @ 6:33am

    Sadly,...

    I don't see this as a good idea. Lets say you have a site that is competing with other similar sites on content; it is purely a provider of info (so no user submissions or logins to worry about) but has lost pagerank to another site that has better content.

    To improve your google rankings, you can either:
    a) add or update content to improve the quality of your site
    b) buy a worthless https certificate (for $150/year or so)

    While I am a strong believer that https should be applied wherever appropriate, I am not sure "everywhere" is appropriate.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    John Fenderson (profile), Aug 8th, 2014 @ 8:22am

    Re: Re:

    "I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated."

    Google has said why they're doing this: because it's good for everyone if all sites used HTTPS as a matter of standard practice, and they want to encourage it.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Phoenix84 (profile), Aug 8th, 2014 @ 10:01am

    Google Now

    Seeing as how Google actually has a product called 'Google Now', a verb in the title might help.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Aug 8th, 2014 @ 2:34pm

    I'm torn on this. My first reaction was, "Awesome. We need better privacy and security," but then I thought about it some more and grew uncomfortable with the idea of Google filtering search results based on something other than relevance. Their goal is now no longer find the information the user is looking for and the end result is an inferior search engine. When I get a page of search results I don't skip past the http links to the https ones. The goals provide optimal search results and improve security on the web are in conflict.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    John Fenderson (profile), Aug 8th, 2014 @ 3:16pm

    Re:

    "uncomfortable with the idea of Google filtering search results based on something other than relevance"

    Google has always filtered on things other than relevance (site reputation as defined by the number of sites that link to it comes to mind.) This does seem in line with that.

    However, more recently, Google has been filtering more and more heavily on signals that don't relate to relevance. For instance, they down-rate or omit sites that are offensive to powerful interests (the most recent example being the RTBF, but there were many before that.)

    So, in a sense, the relevance ship has been out of port for a long time.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Aug 11th, 2014 @ 3:30am

    Re:

    Good point, I agree.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Aug 11th, 2014 @ 3:33am

    Re:

    I definitely disagree that the problems you're experiencing are attributable to https. I would start by trying another browser.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.