Well, that’s one way to bend the Internet to your will. Google on Thursday applied its not-inconsiderable leverage as Search King of the Universe to “encourage” websites to encrypt their traffic, thus protecting themselves and their users from hackers and other spies (hello, NSA!)
What Google is doing here is an unquestionably good thing. The decentralized Web has been remarkably lax in adopting simple security measures that safeguard your email, conversations, reading habits, and all other manner of personal details you’d rather not share with strangers.
Still, given the flexing involved, you could be forgiven for having a qualm or two about Google’s power.
An Offer You Can Refuse, If You’re Not Fond Of Breathing
What Google announced, specifically, is that it will begin favoring sites that encrypt their traffic in its search results. As offers go, this seems eminently reasonable and optional. Adopting Web encryption—technically, the HTTPS standard, also known as HTTP over TLS—is pretty straightforward; lots of sites (banks, many email services, Facebook, etc.) use it already. (ReadWrite, alas, does not.)
And no site really needs to be ranked highly in Google search results, right?
OK, scratch that. Google’s offer here is perhaps more akin to telling the folks running websites that they can continue breathing oxygen so long as they adopt the encryption standards that Google favors. Because, of course, sites that don’t adopt HTTPS will, over time, lose traffic to those that do.
And Yet, It’s An Offer You Really Shouldn’t Refuse
I’ll stress again that this is a fine and proper thing for Google to do in this case. Web traffic is really only protected when all intended parties to a communication are encrypting it, so there’s a collective benefit to expanding the use of encryption. Yet there’s a collective-action problem in getting everyone to act together—which is why Google is applying the arm here.
See also: Understanding Encryption—Here’s The Key
Email is a classic example. You may think it’s great that Gmail uses HTTPS to protect your connection when you log in to read your email. But if you send a message to your friend whose account is on the unencrypted service BrandXmail, your message won’t be encrypted in transit. And thus it’s fair game for anyone who happens to be spying—or even who’s just scooping up large amounts of passing data for later analysis.
(A technical aside: HTTPS only protects the security of messages as they transit the Internet. It has nothing to do with whether data stored on cloud servers is locked up against snoops. That’s an entirely different use of encryption, and how that’s enabled is solely up to whoever is storing your data—unless, of course, you’ve encrypted it yourself before storing it.)
Here’s how Google explains what it’s up to:
For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
You can read this as Google starting off with a few light taps on the kneecap before breaking out the lead pipes. Just remember: It’s for our own good.
Lead image courtesy of Shutterstock