Looking for more SEO? Turn on HTTPS

By | August 7, 2014

This is an interesting little tip: Google is planning to increase the weight of websites running HTTPS in their search ranking algorithm.

The reason they cite is security. Even if a website is not hosting any personal or private data, HTTPS makes it harder for attackers to take down the site.

At the same time, it raises another question: who would you pick as a certificate issuing authority? Who is going to pick up the role of the 'free, validated, good-guy certificates that are widely-accepted'? Hm.. maybe a new business idea!

/via +John Hardy

HTTPS as a ranking signal

7 thoughts on “Looking for more SEO? Turn on HTTPS

  1. Valdis Kletnieks

    +Tom T Walker Right, but a self-signed cert (or even saying "screw the certs" and just do Diffie-Hellman) is sufficient to prevent eavesdropping. Validating the owner is indeed a different problem, but the current PKI with 600 "trusted" CAs is a crock – you're basically gambling on all 600 being neither pwned like Diginotar, or knowingly being complicit in generating bogus certs for MITM, like another CA. Moxie Marlinspike's Convergence system may be the way out there, I need to find some time and research that more….

    Reply
  2. Tom T Walker

    One of the purposes of certs is to validate the owner of the server, and the issues you're describing compromise that functionality, but just as important is that when connecting via SSL, the traffic is encrypted — which addresses the issue of being spied on. The site you're connected to might not be who they say they are — a serious issue that needs to be resolved, but having the traffic encrypted at least keeps other parties from collecting all the cleartext data that is currently flowing all over the place. That is the part of the equation I think +Larry Page is trying to improve at present — reducing the cleartext traffic.

    Reply
  3. Sophie Wrobel

    +Valdis Kletnieks that was my thought too. If you can simply buy a certificate, as is the case now, https does nothing for authenticity. It only ensures that the 600 or so providers get a cartel position on websites and source of revenue. On the other hand, organizations with actual authenticity requirements but no charge for issuing certifhcates, like CA Cert, can't seem to make it onto that whitelist.

    Reply
  4. Tom T Walker

    Google has always believed that everything should be SSL, and with good reasons. This is a great way to reward the responsible who take the time to implement security. +Valdis Kletnieks — DigiCert is great inexpensive certificate authority. I am in no way associated with them, but +Steve Gibson, a monster in the security space, a few years ago switched to them from a high cost brand, and has nothing but good things to say about them.

    Reply
  5. Valdis Kletnieks

    Who is going to pick up the role of the 'free, validated, good-guy certificates that are widely-accepted'?

    Actually, due to the snake oil that is the SSL PKI system, that's the only sort of certificate that actually exists. Just some CA's charge more than others. 😉

    (Seriously – your browser probably trust more than 600 CA's. And a security issue at any one of them can result in a certificate you shouldn't be trusting. It's really not much more secure than a self-signed cert)

    Reply

Leave a Reply

Your email address will not be published.