data-ad-format="horizontal">

On HTTPs, and Google’s “Not Secure” Markings

Recent news of how Google will mark web pages that are not HTTPS as “Not Secure” had me returning a subject that has held my interest for some time. I have commented on the idea (I’m pro HTTPs), and even switch my site to support this. Given that, you clearly know where I stand, but I also feel my view on this could be changed given a reasonable argument.

If those points came from anywhere, it would be Dave Winer. I respect what he does immensely. While reading Winer’s blog post about this subject, You might think he’s suffering from a “Get off my lawn” grumpy phase. And yes, he is being grumpy, but he brings up many good points about why not to switch. His three perceived¬† “challenges” as far as switching appear to be:

1. Google is going to warn people about my site being “not secure.”
2. Something bad could happen to my pages in transit from a HTTP server to the user’s web browser.
3. It’s not hard to convert and it doesn’t cost a lot.

And, let’s face it, these are weak. In the case of (1), who gives a shit what Google says. I’ll get into that more later. (2) Something bad can always happen. It is perhaps worthwhile to encrypt if you can, but if you don’t ok; and (3) It is hard. Let’s face it, in technology, not much is easy. It is getting easier, but Dave seems to have lots of domains. That makes it hard enough for him.

Some other reasonable points might also be a bump in SEO rankings, a perception from others that you’re playing nice, or even a sense that you’ve tamed something nebulous. None of these are really legitimate reasons for him to change. Dave then starts into his theories about bad Google.

While I think Dave tends to focus on the wrong things, there are some good reasons for him to switch. First off, Google doesn’t make encryption, they’re just a search engine. Encryption may perhaps be seen as an evolution of the web, thus worthwhile. Clearly Google thinks that, but encryption is why you change, not Google. Technology is all about change and thinking of this one as such is what we’ve all been doing for years in this industry. To think you can just stay the same and ‘Keep on truckin” is bonkers. Also, Encryption encrypts stuff, and that’s good. That is useful in some cases, perhaps less useful in others, and in select situations (such as logins), essential. You’re mileage may vary.

A little about the “Not Secure” marking of an HTTP site by Google. You can be guaranteed this will either be rolled back, changed or removed altogether sometimes in the near future. Google really does love to put out crap and change it later because it’s wrong, and this one is up there. Marking a site’s security status based on whether traffic is encrypted is perhaps like saying a auto shop with a debit card machine (that securely communicates with the bank) is safe and won’t rip you off. Sites that use encryption are, and will be in the future VERY¬† insecure. Stupid Google. Maybe, they’ll just walk it back to saying “Encrypted”.

The web is changing so rapidly and there are fights to be had. Just look at how Facebook and others are creating “walled gardens” of data we can’t easy get to. The fight over encrypting the web seems just like a waste of energy since it’s pretty clear what it’s good for and why you ought to do it (or not). Who cares what Google says (right now).