Google is pushing sites that use HTTPS higher in its search results

Google regularly attracts criticism for the obscure way that it manages rankings on its search results - particularly from those who accuse it of downgrading companies which offer services that rival its own. But its latest move may well draw praise for helping to boost online security. 

As ZDNet reports, Google has adjusted its search ranking algorithms to list sites which use HTTPS higher on its search results than those that do not. So far, this has been implemented as part of a months-long trial, and only in a limited capacity, but the company has much broader plans. 

"We've seen positive results, so we're starting to use HTTPS as a ranking signal," said Google's Zineb Ait Bahajji and Gary Illyes, on the company's Online Security Blog. "For now it's only a very lightweight signal - affecting fewer than one percent of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS." 

The company hopes to extend this practice further though: "...Over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web." In the weeks ahead, Google will be detailing 'best practice' guidance on implementing HTTPS. 

Source: Google Online Security Blog via ZDNet

Report a problem with article
Previous Story

Microsoft announces Xbox One Digital TV Tuner for European markets

Next Story

Nokia rolls out "fresher maps for your Windows Phone"

29 Comments

Commenting is disabled on this article.

I love how people are trying to tell Google how to operate their own product.

Either get with it or use a different site.

I think Google should be doing something to educate the user as to what benefits https has. Hopefully this will push more sites to use encryption, be good to see how this plays out...

Based on the comments here alone, no amount of education will start the retarded haters from spewing their usual nonsense.

First of all, it's Google. We use Google because we want to. We don't like it, we have other options to search. Although I understand the criticism around it and agree (manipulating results in which the content may be more accurate but less well positioned for being http and not https), I don't think it's a bad step. We do need security and nowadays too much is still not enough.

By definition, in order to display you those results, they have to manipulate the matches that your search encounters in their databases.

Sure the search content is rated by HTTPS and then by the best matches. So shouldn't matter to much for most people. The most valid HTTPS sites are listed first.

And as always, there are other options for those who do not like this change.

This is excellent. I already employ the HTTPS-Everywhere Firefox addon, but this way I can avoid less secure random sites.

Yes this is a good thing, but as usual here it's Google so by default evil because they can't think for themselves and see the benefit this will bring

My8th said,
If all sites went HTTPS how would it affect mobile with limited battery and bandwidth?

Hardly. HTTPS barely slows down anything nowadays. In fact, if used in combination with new protocols such as SPDY it can lead to serious gains in both speed and battery life.

That is on the receiving end at least. Web servers with high usage and fairly static will see higher CPU usage. It is mainly only an issue for hosting companies (which is why they charge more for HTTPS). Most privet owned web servers are ether vastly under utilized, or most of their processing power is used running server-side scripts or CGI, making them more of application servers than web servers. Adding SSL only effect payload sent to the client.

good or bad intentions, this is google yet again using its search monopoly power to try to shape the net instead of letting content relevance rule. Just as they are trying to ram image and video formats nobody wants in addition to tons of non standard markup after years of bashing IE for it.

then again if you thought google was free of its own little agenda, then you haven't been paying attention.

The final sentence of their statements in this article sums it all up.
"while we give webmasters time to switch to HTTPS".

Thanks Google for making the web more secure and expensive for people wanting to host a site and get high in the results. *Me walks to Bing.*

The worst is that most public sites do not benefit from having a HTTPS connection, because you know, all the data on them is already publicly accessible, and because using HTTPS per se does not prevent neither exploiting security vulnerabilities, nor tracking of the users. It's also completely useless against state- or worldwide surveillance, because encryption stops at the perimeter of a subpoenable endpoint. Etc.

All it really does is raise the administration and compute burden on servers, and thus also raising the entry barrier for operating web sites in general.

neonspark said,
good or bad intentions, this is google yet again using its search monopoly power to try to shape the net instead of letting content relevance rule. Just as they are trying to ram image and video formats nobody wants in addition to tons of non standard markup after years of bashing IE for it.

Companies do this all the time. It isnt just Google. MS uses its monopoly with Windows to force changes towards its users and to shape how people use computers. Changes that many do not want.

techbeck said,
Companies do this all the time. It isnt just Google. MS uses its monopoly with Windows to force changes towards its users and to shape how people use computers. Changes that many do not want.

Shh... stop using silly facts and figures.

Goo "Do No Evil" gle is obviously unique here. First they stole rounded corners and bounce back. Now they are abusing monopoly powers to boost their "secure" content. Don't make excuses for them.

wernercd said,

Shh... stop using silly facts and figures.

Goo "Do No Evil" gle is obviously unique here. First they stole rounded corners and bounce back. Now they are abusing monopoly powers to boost their "secure" content. Don't make excuses for them.

Bounce back and rounded corners was Samsung. do your research

And from the comments I have been reading on the search change, and on Googles blog, more people are supportive of this change so far than against it.

techbeck said,

Bounce back and rounded corners was Samsung. do your research

And from the comments I have been reading on the search change, and on Googles blog, more people are supportive of this change so far than against it.


I don't think that comment was supposed to be taken at face value.

wernercd said,
Shh... stop using silly facts and figures.

Goo "Do No Evil" gle is obviously unique here. First they stole rounded corners and bounce back. Now they are abusing monopoly powers to boost their "secure" content. Don't make excuses for them.


I wanted to believe you were being facetious here, but now I'm unsure that you actually believe what you're saying. I suppose either way, it's up for a laugh. :p

felrefordit said,
using HTTPS per se does not prevent neither exploiting security vulnerabilities, nor tracking of the users. It's also completely useless against state- or worldwide surveillance, because encryption stops at the perimeter of a subpoenable endpoint. Etc.

That is not true. HTTPS requires the server to keep a certificate, which is validated against an authority by the client. If the certificate does not match the client warns the user not open the site, if they do so anyway, JavaScript and most other features typically exploited are disabled.

If the certificate does match, then you know who owns owns the server and who to prosecute if there is a exploit attempt. The certificate authority will also revoke a certificate if it is being used for fraud. It would be like someone attempting to scam you, and including a copy of their photo ID.

I do not understand your last statement, Encryption is maintained from end-to-end. In some cases encryption is handled by a network load balancing device instead of by the web server, but that device is still inside the company's datacenter/firewall

It is true. You're talking about completely different things than I did. HTTPS does not prevent exploiting security vulnerabilities (be that on the site you're visiting or in your browser), and the site you're communicating with will be still subpoenable and must hand over any data it has over and from you to the authorities. Period.

While I like the push for a more 'secure' web, I don't necessarily agree with this already affecting search results, be it less than a percent [today]. Nice way for webmasters to potentially boost their ranking a bit, but for users, relevant content is the most important aspect of search and as such this could actually lead to less relevant results. Though I have faith they're monitoring this very closely to make sure that doesn't happen...

I agree, I like the idea to push for HTTPS but not sure if this is the best approach. I think a green check next to HTTPS results might have worked better.