Today, Google reminded us it runs the Internet by making a Very Big Announcement on a gradually increasing search rank preference for websites with a secure connection, causing much wailing and gnashing of teeth. While the change probably won’t be evident for awhile, it does affect everyone who runs a website and in every job that is part of building, marketing, or maintaining content on a site.
Security In a Nutshell
Hypertext Transfer Protocol—or “http://” as you’re probably used to seeing it—is the bus that ships your webpage from point A (the server) to point B (your computer). As you may remember from my hotlinking post, webpages are rendered on your screen through a series of information requests from your computer to the server, which responds by sending along the information requested as possible. HTTP alone is a unencrypted method of requesting and receiving information on the Internet—potentially, anyone on a network you’re using (home, work, Starbucks WiFi) can also see where you’re going and what you’re looking at.
HTTPS means “Hypertext Transfer Protocol Secure” which, as the name suggests, is HTTP but secure in that prying eyes no longer see your activity even when they’re on the same network. The sites you visit add “Transport Layer Security” or TLS along with the HTTP requests—like changing that bus shipping information to an armored truck. Financial and e-commerce sites are already required to do this by independent consensus, business laws, and people who don’t like having their credit cards stolen. Any videogame site that handles sensitive information already uses HTTPS (mostly because they also handle credit cards and there’s that “not stolen” thing again).
What Does This Mean for Us?
Google is a big proponent of secure surfing; the theories on reasoning range between “Oh, they want more monopoly of data of user habits” or “maybe they’re really not evil and want us to be safe”. Whatever the reason, Google wants to incentivize a web-wide switch to HTTPS by giving an SEO ranking boost to sites that use HTTPS. Whether or not you deal directly with Google in any way, there’s no denying that Google search results make or sink websites every day and many webmasters would give their eyeteeth to increase their Google PageRank (again, named for Larry Page and not a web page).
This will become a certifiably big deal when HTTP websites can’t hit the front page of search results anymore, or—if you really want hyperbole—are dropped from Google indexing altogether.
Holy Crap What Do I Do?
Nothing, yet. Chances are you’re aren’t going to notice any changes for awhile—and by that I mean possibly years. Google’s blog post says this is a very light weight change in ranking algorithms and currently affects less than 1% of Google searches. You may never really be worried about it, actually.
Good Guy Google
Honestly, securing your website for those who visit may not be necessary but is just a nice thing to do. As the Electronic Frontier Foundation puts it, HTTPS “is essential in order to defend Internet users against surveillance of the content of their communications; cookie theft, account hijacking and other web security flaws; and some forms of Internet censorship.” For small, non-commercial sites it’s free to get a certificate and more hosting providers have stepped up today to say they’ll provide certificates and all server changes free for their customers.
If you’re concerned about what changes you need to make, you can always check with Google for ideas and instructions. I’ll be switching my site over in the coming…whenevers…just because HTTPS is something I’ve wanted to try from the server root upwards. When I do, I’ll blog my work, checklists, and results.