Google’s Advocacy of HTTPS a Soaring Success

[Megalith]

Google has released a new blog post celebrating the success in adoption of secure web connections. A year ago, the search giant announced that it would start giving preferential treatment to secured websites, and now, it seems to have all worked out amazingly: 71 out of 100 of the most popular websites in the world now use HTTPS, an impressive increase of 37% in just one year.

We wanted to help people understand when the site they're on is not secure, and at the same time, provide motivation to that site's owner to improve the security of their site. We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the “not secure” warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

 

[zkostik]

Of course Google is a big advocate for HTTPS as it's difficult to filter if you have a common firewall in your router or some such. This includes all of their advertising too. I really don't see why else they would be pushing for this, everyone knows that Google's "do no evil" has been long gone.

 

[Wolfkin]

This can't be, Google actually doing a good thing, must be a catch in there somewhere.

 

[JosiahBradley]

That's actually pathetic that some of the top 100 websites can't figure out TLS.

 

[Semantics]

https://transparencyreport.google.com/https/top-sites?hl=en
It's interesting that they list microsoft websites as not a modern TLS configuration in that paper, for what reason? None that I can tell

 

[/dev/null]

https doesn't mean safe websites. It just means the transport is secure, nothing more. It also only means that if the correct ciphers are used along with a modern/secure version of tls (not ssl 3, 2, etc..)

99% of the browsing public doesn't understand any of this.

I'm not sure having 15k fake paypal sites with "lock icons" helps anyone.

 

[MrDeaf]

https://transparencyreport.google.com/https/top-sites?hl=en
It's interesting that they list microsoft websites as not a modern TLS configuration in that paper, for what reason? None that I can tell

Wasn't Microsoft long known for creating coding/scripting standards for Internet Explorer and then not adhering to it themselves?

Of course, they could have changed their non-adherence by now... but... it is Microsoft after all.

 

[MV75]

Of course Google is a big advocate for HTTPS as it's difficult to filter if you have a common firewall in your router or some such. This includes all of their advertising too. I really don't see why else they would be pushing for this, everyone knows that Google's "do no evil" has been long gone.

Yep, just means the ads bypass consumer firewalls.

Does anyone know of a consumer grade router that you can filter https by site instead of only all or none?

 

[Snowdensjacket]

Google's celebrating something. How am I being fucked over now?

 

[risc]

I don't agree with the hate, this is a good thing.
All traffic should be securely encrypted so you can have private communications.

 

[M76]

Someone please tell me what is the point of https for a basic website? It's not like you're transferring confidential data. What do I care if someone intercepts the data I download from a blog, that is publicly available anyway?

 

[risc]

Someone please tell me what is the point of https for a basic website? It's not like you're transferring confidential data. What do I care if someone intercepts the data I download from a blog, that is publicly available anyway?

When you speak in public, you know that your voice/words aren't being manipulated, it's an important part of our society.
Encryption must do that for our online lives as well.

 

[Luke M]

Some ISPs have experimented with inserting ads in http traffic...that's probably the business reason for google's push. It does increase security even when nothing confidential is involved because browser malware can't be inserted.

 

[CacaSapo]

Ar least Let's Encrypt is mentioned in the article. It's due to its adoption that these results were achieved.

 

[M76]

When you speak in public, you know that your voice/words aren't being manipulated, it's an important part of our society.
Encryption must do that for our online lives as well.

Makes sense, haven't thought of it that way.

 

[BloodyIron]

An angle you might not have considered. Since the Google search service is now HTTPS, it's actually harder for Google analytics to give keywords people used to find you. So, the privacy has increased drastically, even though it was very hard to turn a keyword search into a specific person or IP before anyways...

This might be actually a way for them to push Google AdWords. At least that's what I'm seeing for my biz.

 

[RealBeast]

At least my most important sites use HTTPS, for example (hint look above). Kyle that you out there?