Google lowers search ranking of websites that don't use encryption

The move is intended to promote better security practices across the Web

Websites that aren't encrypting connections with their visitors may get a lower ranking on Google's search engine, a step the company said it is taking to promote better online security practices.

The move is designed to spur developers to implement TLS (Transport Layer Security), which uses a digital certificate to encrypt traffic, signified by a padlock in most browsers and "https" at the beginning of a URL.

As Google scans Web pages, it takes into account certain attributes, such as whether a Web page has unique content, to determine where it will appear in search rankings. It has added the use of https into those signals, although it will be a "lightweight" one and applies to about 1 percent of search queries now, wrote Zineb Ait Bahajji and Gary Illyes, both Google webmaster trends analysts, in a blog post.

All reputable websites use encryption when a person submits their login credentials, but some websites downgrade the connection to an unencrypted one. That means content is susceptible to a so-called man-in-the-middle attack. Content that is not encrypted could be read.

Rolling out https is fairly straightforward for small websites but can be complex for large organizations that run lots of servers, with challenges such as increased latency, support issues with content delivery networks and scaling issues.

LinkedIn said in June it was still upgrading its entire network to https after Zimperium, a security company, found it was possible in some cases to hijack a person's account. People using LinkedIn in some regions are flipped to an unencrypted connection after they log in, making it possible for a hacker to collect their authentication credentials.

Facebook's Instagram was found to have the same problem last month. Instagram's API (application programming interface) makes unencrypted requests to some parts of its network, which could allow a hacker on the same Wi-Fi network to steal a "session cookie," a data file that reminds Instagram a person has logged in but which grants access to an account.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags Googlesecurityencryption

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?