The SEM Post

Latest News About SEO, SEM, PPC & Search Engines

You are here: Home / State of the Industry / Is SSL a Blackhole? Or is it the Event Horizon?

Is SSL a Blackhole? Or is it the Event Horizon?

at PST By

state of the industry headerBlack holes are arguably one of the most inaccurately-named phenomena in the universe (barring government intelligence, at least). A “hole” is a region that is devoid of anything, whether it’s a hole in your shirt, your garden or your logic. Black holes, on the contrary, are so full, that their density creates a gravity so intense that even light can’t escape. That blackness is what gives them the appearance of a hole, hence the name. NASA has determined that our galaxy has a massive black hole at its center, and perhaps many millions more.

Humor me… there’s a point to all this. Really.

So, at the center of our galaxy, we have this huge, black hole, that refuses to allow any light to reach us from its gaping maw.

Maybe you’re still not seeing the parallel… for clarity, I’ll spell it out. Google is our industry’s black hole. For many of us in digital marketing, it is, unfortunately, often at the center of our working galaxy. And its density is certainly increasing, as is evidenced by the diminishing light it allows to reach us.

Enter: https

The downside

With Google’s announcement that sites boasting https could expect a rankings boost, cries of anguish were heard from SEOs around the world. A variety of complaints surfaced:

  • Cost

SSL certificates aren’t cheap. For someone with a single site, a certificate from a reputable provider can run around $100 per year – not an astronomical figure, but still enough to drive a lot of bloggers and hobbyists away. For a wildcard certificate, costs can be up around $600+ per year. That’s enough to turn away a good number of multi-site owners. I have 7 sites…that means I’ll probably have to have at least 3 wildcard certificates. I’m not fond of the idea of shelling out that kind of extra cash every year, since none of my sites receive any PII (personally identifiable information).

Granted, a few low-cost certificate providers have surfaced. But Google has already singled out some that they won’t recognize. I would expect that as demand increases, prices will probably drop, but time will tell.

  • Data

Most of us have gotten accustomed to not provided, since Google pulled that rug out from under us. Will we now lose even more data from our Analytics? Will the sites linking to us become invisible to us? Will people be forced to subscribe to tools like Majestic in order to monitor even minuscule link profiles? If so, that will chase off still more entry-level webmasters.

  • Adoption

I can envision a fair amount of resistance from webmasters who are inclined to neither shoulder the expense nor assist Google in further expanding its self-assumed authority to police the web. In fact, I can see that their attempt to force the issue could lead to serious repercussions for the company.

  • Enforcement

Google’s position that https will cause a slight rankings boost is one thing. I think it would be pretty difficult to make a case against them for only that. But displaying warnings for sites that aren’t SSL/TLS is something else – I think that crosses a line. Thought needs to be given to how such a warning would be perceived by the average user.

Given that US regulators have never really taken their sights off of Google, the last thing the company should want to do is attract undue attention. And actually losing a class-action suit could be a lot more costly, operationally, to the company than the paltry few hundred million in payout that such a loss could cost them. They’re already getting squeezed in the EU… but that’s the EU, not their home turf. “Choose your battles” is sound advice.

The upside

There’s more than just encryption involved in Google’s position, though. There are really three major considerations in SSL/TLS certificates. Each plays an important role in making online connections safer for the parties at both ends of any data transaction.

  • Authentication

Authentication is simply being able to ensure that the connection is actually with whom a party claims to be. That’s important for more than just knowing who you’re dealing with before giving out your credit card data or downloading a file.

  •  Data Integrity

When you download a file, you want to be sure that you’re getting what you bargained for. SSL/TLS is a means of ensuring that nobody is tampering with the data you’re receiving. That has obvious benefits.

  • Encryption

This is the aspect that seems to be getting the most attention with the general public. It’s basically just ensuring that only the sender and the intended recipient of data can interpret the transferred data (sort of a digital Dick Tracy Encoder Ring).

Unfortunately, by itself, encryption provides a lot less protection than many people seem to think. Yes, encryption, when properly done, can afford a fair amount of protection. But skilled, determined efforts can break most encryption protocols… some that are thought to be very secure can be breached surprisingly easily.

The fact is, without effectively addressing all three facets, a site could still be vulnerable to more sophisticated exploits. Presumably, a weakness in any of these three areas could be Google’s justification in rejecting certain certificate providers.

The real question

For many, the real question is, ‘how does Google get off?” They’re a search engine, not the beat cop, right? I can certainly understand how certain aspects of user experience play a role in their popularity. And that popularity is obviously the basis for their ability to sell ads. But their involvement with user experience should be limited to the quality of the experience the user enjoys with Google. That should logically be tied to search results that match a query. End of story.

If Google is allowed to regulate (and that is precisely what they have set themselves up to do, folks… regulate the internet) the context, architecture, meta data… even the words and images we use on our websites, how long before their next leap?

Are your prices too high? Is your customer service inadequate? Maybe the color in those jeans you sell fades with the first wash. Or maybe your product is just deemed to be too controversial for their tastes. The point is, none of that is really Google’s concern, any more than it’s their concern whether you’re Christian or Muslim, Liberal or Conservative, white or black….

If you tend to agree that Google has gotten too big for their corporate britches, have you ever asked yourself who’s responsible for allowing it to happen? If so, run in the bathroom… I’m sure there’s a mirror there that will give you a clue. Because you and I, and a ton of other people let it happen. Worse than that – we helped them do it!

The event horizon

With black holes, there’s a point of no return, where a mass has approached so close that escape is no longer possible. That point is called the event horizon, and once you pass it, you will be consumed. (Nobody knows exactly how that plays out, but the general consensus is that it wouldn’t be a pleasant experience.)

I think we are dangerously close to the event horizon of this black hole called Google. Maybe it’s too little, too late, but I have no intention of converting to https just to please Google. I think it’s about time they concern themselves with pleasing us for a change.

The following two tabs change content below.
My Twitter profileMy Facebook profileMy Google+ profileMy LinkedIn profileMy Instagram profile

Doc Sheldon

Doc Sheldon began studying SEO in earnest in 2003 and began offering SEO services part-time a couple of years later. In 2008, he retired from his business management consulting firm and began practicing SEO full-time. He concentrates on staying abreast of new and upcoming developments in search and writes extensively on technical SEO and semantic search. He manages his SEO consultancy, Intrinsic Value SEO, and his content agency, Top Shelf Copy, from his San Diego office, with U.S satellite offices in Missouri and Pennsylvania as well as in Australia and Great Britain. He also has alliances with several other SEOs, from which they offer international marketing services. Doc's passions are combating online misinformation and the Semantic Web. Oh, and he dislikes both beets and blended Scotch - passionately. You can see more of Doc's writing and connect with him on various social media platforms via his Google+ account.

Sign up for our newsletter


Comments

  1. I have a satellite internet connection limited to 250MB/day. Go over that, and you get throttled down to a lower speed. Not really a problem with most sites, except SSL. SSL is impossible to load at low speeds. It’s naturally high-latency and any slow connection (such as satellite) will almost 100% fail to load it.

    This is why I love that Bing isn’t forcing it yet. It’s the only search engine I can use on those days when i needed the internet the most.

  2. This is a GREAT article.

    I agree, the depth of control that Google has acquired is frightening. I must wrestle with the fact that, because I embraced the shifts and turns that were more or less commanded to maintain a presence on Google’s index, I contributed to their reach.

    I think you forgot to mention something that I consider to be the most important aspect of implementing this across the internet. To install an SSL, the site has to be on a dedicated IP. The annual cost for a dedicated IP address is nominal but there is a shortage of IPv4 addresses already and IPv6 is coming but has not arrived yet.

    • Thanks, Marj. Glad you liked it.
      You’re absolutely right! I totally neglected to mention that! Given the number of http sites that might want to convert, IPv6 will be a necessity. And a significant portion of the web converting to https will eat up a significant part of its capacity. Thanks for mentioning that.