It has been no secret that Google has been pushing hard to see more websites go secure, complete with the HTTPS ranking boost to encourage more sites to do so. Jimmy Wales was recently interviewed and contributed some of his own thoughts on why encryption is so important, and gives insight into why more webmasters should go secure. And in fact, he also wants to see every site encrypted.
Newspapers
He feels it is crucial for newspapers to go secure in order to support freedom of speech and freedom of expression.
“If you’re a newspaper that cares about freedom of expression and freedom of speech, it’s probably not good to allow the government of the Maldives to be profiling people in their communities based on what news stories they’re reading, and if you aren’t secure you’re allowing that to happen – it’s a really important point,” he says.
New York Times also published an opinion piece last year urging news sites to go secure, although ironically, they are not yet secure themselves.
Controversial topics
Along with news, going secure means governments cannot know what news articles people are reading within their country, and target them because of it. This was actually a driving force behind Wikipedia’s decision to switch to SSL.
It’s a common misconception that SSL is only important when websites are handling private data, however this was not the reason Wikipedia was transitioned.Instead, it was the ability for governments with poor human rights records to tell when citizens were reading articles covering controversial or anti-government topics, and arresting them as a result. It may seem like something out of dystopian fiction, but Wales is adamant that this situation occurs, and says he is aware of particular Wikipedia editors being affected.
Pages Cannot Be Selectively Blocked
Another aspect people might not be aware of is that HTTPS means that specific pages on a site cannot be blocked. So a country would be unable to censor specific results on a page.
This is also the reason Wales believes that China blocked Wikipedia again, since they could no longer censor citizens from specific pages on the site.
The reason for this sudden re-blocking is likely to be that under SSL, China wouldn’t have the option to selectively block particular Wikipedia entries: it forces the country to take an all-or-nothing approach.
Going secure means that while someone could see that a person is on Wikipedia, they are unable to determine which pages they are actually visiting.
“With https, the only thing that the Chinese authorities can see today is if you’re talking to Wikipedia or not, they can’t see which pages you’re joining, which means they no longer have the ability to filter on a page-by-page basis, so they can’t block just Tiananmen Square,” says Wales. “They now have a very stark choice: the entire country of China can do without Wikipedia, or they can accept all of Wikipedia.”
The article is a fascinating read and raises some interesting points about why websites need to be going secure.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
- Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
- Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
- New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
- Google Updates Experiment Statistics for Quality Raters - October 6, 2020
MamboMan says
This really doesn’t convince ME to go full SSL.
Oh, it’s on the project list, but not even prioritized.
Stefan Misaras says
I’ve been contemplating going secure on my website, which is also a blog, but I’m wondering if it’s worth it. Question for you, Jennifer: would you go secure on this website? Do you think it is beneficial? Also, would you consider it is a good investment (because it actually costs money + renewing it yearly)?
Jennifer Slegg says
Yes, I plan on switching this site over, just hasn’t been a priority with conference travel the last few months. We definitely are seeing more and more in this industry go secure, even after the initial “OMG, rank boost, do it now!” I do think it is also important for super competitive market areas, as Google has said that it acts like a tie-breaker, which can be all a site needs to edge out another site for a top spot.
Bruce says
Something here “does not compute.”
In April, 2015, the PCI Security Standards Council instructed all who conducted financial transactions online to refrain from implementing SSL and Early TLS on new sites and for old sites to migrate to TLS 1.2 by the end of June 2016.
I’ve been given to understand by our Webmaster that provided websites are going through a financial provider, such as WorldPay or PayPal, that they won’t need to be concerned with making this change. But from your post, it sounds like SSL is unrelated to online sales.
What’s going on?
Jennifer Slegg says
Google wants to see all sites go secure, so that is why they implemented the ranking boost for switching to HTTPS. It is not just about financial information, such as credit cards, but about security for the user.
From Google’s support docs on why:
1. Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
2. Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
3. Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.