Google to prioritise secure websites

  • Published
GoogleImage source, Getty Images
Image caption,

Google users will find pages beginning with HTTPS higher in their searches soon

Google has said it will give preference to more secure websites in its search rankings from now on.

The search engine has been testing highlighting pages that have HTTPS encryption by default, and will now roll out across its algorithms.

"We've seen positive results, so we're starting to use HTTPS as a ranking signal," Google said, external.

The decision could encourage more sites to turn on encryption, which makes them less vulnerable to hacking.

Encryption is used to digitally scramble data as it passes between a user's device and an online service in order to prevent others eavesdropping on the information.

It is used by many, but not all, sites that show a little padlock and use a web address beginning HTTPS. The "S" stands for secure.

But for many firms across the web, adding encryption has to this point been an additional burden in terms of time and costs.

'Best interest'

"Previously organisations have shied away from encryption due to cost concerns or fears of slowing website response times," said Jason Hart, of the data protection consultancy SafeNet.

"But there are now high-speed encryption technologies available that mean cost and speed need no longer be an issue.

"So there really is no excuse for any data to be transmitted or stored in plain text.

"Every company wants to rank favourably on Google, so it's in their best interest to ensure web pages are encrypted."

Google said that - for the time being - whether a site was encrypted or not would not be a crucial factor in how they ranked sites.

"For now it's only a very lightweight signal - affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS," Google's Zineb Ait Bahajji and Gary Illyes said in the blog post.

"But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

David Drummond, Google's chief legal officer, has previously said the US needed to change its approach to intelligence to restore trust in the internet.

In 2011, Google introduced HTTPS by default on its popular Gmail service.

Yahoo moved all its users' data to secure servers in March 2014, and Facebook committed to secure browsing by default since July 2013, external.

The move of larger tech companies to encourage encryption comes after the leaks from Edward Snowden alleged that the National Security Agency (NSA) and GCHQ used various technologies to spy on citizens, which prompted a global debate about cyber-security and privacy.