Google Now Using HTTPS As A (Very Slight) Ranking Signal In Search To Encourage More Encryption

from the pros-and-cons dept

Thu, Aug 7th 2014 2:25pm — Mike Masnick

Back in April, we wrote about claims that Google was considering giving a boost in its search rankings to sites that are encrypted. Today, it officially announced the policy, noting that the company has been testing it for a little while and thinks that it works well. The weighting is very tiny, but the company makes it clear that it will likely increase that over time, and the current low ranking is more of a "grace period" to encourage more sites to encrypt. Google also makes clear that its reason for doing this is to encourage greater encryption to make the entire web more safe and secure:

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

When we wrote about it back in April, I found it a bit surprising that Google would do this, given that, historically, it has always said its search rankings were entirely focused on quality. You could, perhaps, make an argument that a site that uses SSL is more likely to be a high quality site, but Google doesn't even appear to be making that argument. As a site that has already strongly moved to SSL, this might (marginally) help our Google rankings (not that we actually get much traffic from Google in the first place), and getting much more of the web encrypted is a good thing in general.

It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of "nudging" behavior by Google. For years, the legacy entertainment industry has pushed Google to better rank "good" sites and to downrank "pirate" sites -- which the industry still seems to think is a simple black and white calculation (it's not). Google can point out that SSL v. non-SSL is obvious, but I fully expect those who seem to think Google should be designed in their own interests, as opposed to those of Google's users, to jump on this as proof that Google can solve other problems.

This still is a good move, though. Encouraging more encryption on the web is always the right move. I'm just still a bit surprised that Google would take this step, and wonder how others will react to it.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encrypt everything, encryption, https, search ranking, ssl

24 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Lord_Unseen (profile), 7 Aug 2014 @ 2:41pm

So when is the EU going to make this illegal?
[ link to this | view in chronology ]
PRMan, 7 Aug 2014 @ 2:56pm

Fly-by-night copy sites...
Fly-by-night copy sites can't afford $100 a year for a certificate because that eats up their profits. Which is exactly why Google is doing this.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Aug 2014 @ 4:30pm
  
  Re: Fly-by-night copy sites...
  If you are paying $100 for a cert you are getting ripped off.
  
  I regularly purchase certs for less than $8/year.
  If that's too much there are even free certs
  
  No one has a valid excuse to avoid SSL.
  [ link to this | view in chronology ]
GMacGuffin (profile), 7 Aug 2014 @ 3:43pm

"It still seems, though, that for all the good this does, others will now make use of this as an argument for other kinds of "nudging" behavior by Google."

I am at a loss to think of an argument by any industry that couldn't be answered by Google with: "This issue is bigger than you ... or your financial interests. Go talk to Bing."
[ link to this | view in chronology ]
- That One Guy (profile), 7 Aug 2014 @ 5:28pm
  
  Re:
  To which Bing responds with: "What are you hassling us for, you know we get our results from Google, take it up with them!"
  [ link to this | view in chronology ]
- Ninja (profile), 8 Aug 2014 @ 5:07am
  
  Re:
  Go talk to Bing.
  
  On this part they'd look puzzled at each other and ask:
  
  "What is Bing? Aren't you the Internet?"
  [ link to this | view in chronology ]
Gracey (profile), 7 Aug 2014 @ 3:47pm

[quote] You could, perhaps, make an argument that a site that uses SSL is more likely to be a high quality site, but Google doesn't even appear to be making that argument. [/quote]

Could you though? I've seen a lot of very bad websites created of entirely scraped contents that use SSL. That Google would even consider these as being able to rank even slightly higher in search results due to the use of SSL would be ludicrous.

A bad website is a bad website, whether it uses SSL or not. That being true, then one would hope that Google is smart enough to rank a higher quality site that doesn't use SSL higher than it would rank a bad site that does use SSL.

If their algorithm doesn't do that, then using SSL as even a very minor ranking factor would be a very bad step in my opinion. It needs to be and and/if situation as opposed to "oh, they use SSL so they get a better rank".

I'd assume there is more to it than that, but assumptions often get one in a place they don't want to be.
[ link to this | view in chronology ]
- John Fenderson (profile), 7 Aug 2014 @ 4:48pm
  
  Re:
  Lots of bad sites use HTTPS, so you have a good point. However in this day and age, nearly all sites that don't use HTTPS are bad sites -- so the correlation does hold, just in an inverse way.
  [ link to this | view in chronology ]
- Whatever (profile), 7 Aug 2014 @ 11:00pm
  
  Re:
  I really think Google feels they are onto something here, but they may be fooling themselves.
  
  I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated. It will certainly create another layer of work for those running parking pages.
  
  If there is a massive increase in sites using SSL after this announcement, Google will have shown themselves to be perhaps a little too powerful in the marketplace. If everyone is rushing to adjust to Google, do they hold what is essentially a overly dominant position over the web? Anti trust, perhaps?
  
  Google very likely sees this as a populist theme they can work, hoping that you will forget that they didn't secure their own internal networks in the past.
  [ link to this | view in chronology ]
  - Anonymous Coward, 8 Aug 2014 @ 4:11am
    
    Re: Re:
    Google have been "a little too powerful in the marketplace" for a long time, everybody knows it. The issue (and what could trigger anti-trust) is whether they are abusing their powerful position. From what I have seen, so far they've avoided abusing their position.
    [ link to this | view in chronology ]
    - Ninja (profile), 8 Aug 2014 @ 5:19am
      
      Re: Re: Re:
      That. He doesn't know what he's talking about, obviously.
      
      I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated.
      
      See, he THINKS. But it doesn't change the fact that it's bullshit. Where the heck was this written anyway?
      [ link to this | view in chronology ]
  - John Fenderson (profile), 8 Aug 2014 @ 8:22am
    
    Re: Re:
    "I think Google wants to use this as a signal in part because it will help them filter out certain sites that are not being maintained or updated."
    
    Google has said why they're doing this: because it's good for everyone if all sites used HTTPS as a matter of standard practice, and they want to encourage it.
    [ link to this | view in chronology ]
- Ninja (profile), 8 Aug 2014 @ 5:09am
  
  Re:
  A bad site will remain bad and badly ranked even if you give it a slight bump. I think it's a good move generally speaking and won't harm most of the net. Plus adding HTTPS isn't hard at all nowadays (although doing it PROPERLY may be somewhat challenging).
  [ link to this | view in chronology ]
Jeffrey Nonken (profile), 7 Aug 2014 @ 4:23pm

My take is that rather than SSL being an indicator of possible quality of the underlying web site, they may be thinking of it being a quality in and of itself. IOW, all other things being equal, an encrypted site is of higher quality than an non-encrypted site because it's encrypted.
[ link to this | view in chronology ]
- Anonymous Coward, 11 Aug 2014 @ 3:30am
  
  Re:
  Good point, I agree.
  [ link to this | view in chronology ]
Mr. Oizo, 7 Aug 2014 @ 11:20pm

Another PR stunt by the NSA/Google
Another PR stunt by Google. They don't give a flying fuck about security. To know that look at Android. They are only interested in identity, which is of course part of SSL and their NSA mission. The time is coming and it is coming very quickly that Google will find itself suddenly without the support they once had. They will crawl back to the customer and beg them for more information, yet those people will no longer trust Google to be anything else but a self-promoted American company that is only there to spy.
[ link to this | view in chronology ]
Mr. Oizo, 7 Aug 2014 @ 11:40pm

Identity platform
To show what a joke their own SSL is, go to Googles' identity platform G+, hover over the security certificate and behold. The connection is only partially encrypted. So in the end, it does not help with privacy nor with security.

How would/could this Secure Layer solve the gaping wound you Americans inflicted ? Is there really anyone who still thinks it is a safe bet to believe in anything what Googles claims ?
[ link to this | view in chronology ]
Steve, 8 Aug 2014 @ 12:49am

Perhaps if http a actually worked better this would be a good idea. Chrome on iOS on your own site often needs a refresh on every page to get it to load, a problem that doesn't happen on any none https sites.
[ link to this | view in chronology ]
- Anonymous Coward, 11 Aug 2014 @ 3:33am
  
  Re:
  I definitely disagree that the problems you're experiencing are attributable to https. I would start by trying another browser.
  [ link to this | view in chronology ]
Tom, 8 Aug 2014 @ 1:08am

I consider to ban google
[ link to this | view in chronology ]
DaveHowe (profile), 8 Aug 2014 @ 6:33am

Sadly,...
I don't see this as a good idea. Lets say you have a site that is competing with other similar sites on content; it is purely a provider of info (so no user submissions or logins to worry about) but has lost pagerank to another site that has better content.

To improve your google rankings, you can either:
a) add or update content to improve the quality of your site
b) buy a worthless https certificate (for $150/year or so)

While I am a strong believer that https should be applied wherever appropriate, I am not sure "everywhere" is appropriate.
[ link to this | view in chronology ]
Phoenix84 (profile), 8 Aug 2014 @ 10:01am

Google Now
Seeing as how Google actually has a product called 'Google Now', a verb in the title might help.
[ link to this | view in chronology ]
Anonymous Coward, 8 Aug 2014 @ 2:34pm

I'm torn on this. My first reaction was, "Awesome. We need better privacy and security," but then I thought about it some more and grew uncomfortable with the idea of Google filtering search results based on something other than relevance. Their goal is now no longer find the information the user is looking for and the end result is an inferior search engine. When I get a page of search results I don't skip past the http links to the https ones. The goals provide optimal search results and improve security on the web are in conflict.
[ link to this | view in chronology ]
- John Fenderson (profile), 8 Aug 2014 @ 3:16pm
  
  Re:
  "uncomfortable with the idea of Google filtering search results based on something other than relevance"
  
  Google has always filtered on things other than relevance (site reputation as defined by the number of sites that link to it comes to mind.) This does seem in line with that.
  
  However, more recently, Google has been filtering more and more heavily on signals that don't relate to relevance. For instance, they down-rate or omit sites that are offensive to powerful interests (the most recent example being the RTBF, but there were many before that.)
  
  So, in a sense, the relevance ship has been out of port for a long time.
  [ link to this | view in chronology ]