HTTPS as a ranking signal

[Zeiss]

What the...... is wrong with Google now?

http://googlewebmastercentral.blogsp...ng-signal.html

[suesheboy]

Well that sucks monkey balls.

So what will that cost me for every site I have?

At least I can make money on clients updates.

[Zeiss]

Google has to be destroyed... Too much crap from them this year.

[aka123]

Quote:

Originally Posted by Zeiss

What the...... is wrong with Google now?

http://googlewebmastercentral.blogsp...ng-signal.html

Nothing wrong in here, unless it means that every fucking page has to be https, or use it on sites, those really don't need it (well, you can always secure admin area with it).


EDIT: They mean securing every fucking page online. What about the famous "speed"? SSL makes pages slow down inevitably and seriously.

[Zeiss]

Quote:

Originally Posted by aka123

unless it means that every fucking page has to be https

[aka123]

This is actually quite funny. Who could potentially gather data from your internet behaviour? There is not much entities: Google, government, some ad networks. Does this HTTPS prevent them from gathering data: no.

[Zeiss]

Good point, aka123...

[seeandsee]

Google algo on steroids

[martinsc]

they keep surprising me...

[potter]

And another thread that highlights just how out of touch with the web most GFYers are.

[Bladewire]

The internet is controlled by business & crime really, not by government. The new world order is allowing this, because they know business will inevitably fuck it up by getting greedy and fucking to many people over for to much. The masses will be BEGGING for one world governmental entity to control the internet.

In the end, probably 10-20 years from now, lose your SSL certificate and be taken off the internet.

[PornDiscounts-V]

Soon certificates will cost $5.

[aka123]

Quote:

Originally Posted by Squirtit

The internet is controlled by business & crime really, not by government. The new world order is allowing this, because they know business will inevitably fuck it up by getting greedy and fucking to many people over for to much. The masses will be BEGGING for one world governmental entity to control the internet.

In the end, probably 10-20 years from now, lose your SSL certificate and be taken off the internet.

LOL. Internet is already controlled with numerous laws and with means to enforce those laws. There is no need for some "world government" to start doing that, as it's already being done. But if you mean "controlling" like mommy holding child from the hand, I don't think so, unless they "upgrade" you to robot.

Maybe you should be worried about the fact that you have very good chances of having a parasite, that really does control your behaviour (not robot like). About 30-60 % of world population has it.

[Bladewire]

Quote:

Originally Posted by aka123

LOL. Internet is already controlled with numerous laws and with means to enforce those laws. There is no need for some "world government" to start doing that, as it's already being done. But if you mean "controlling" like mommy holding child from the hand, I don't think so, unless they "upgrade" you to robot.

Maybe you should be worried about the fact that you have very good chances of having a parasite, that really does control your behaviour (not robot like). About 30-60 % of world population has it.

I'm not worried. Things are always changing. This is an indication of us heading in a particular direction at a slightly accelerated pace.

.

[Barry-xlovecam]

If you use a signed certificate that is recognised by all browsers by default it is easy for a governmental agency to subpoena the encryption key.

Cybercriminals could not subpoena that key but that would only prevent man-in-the-middle packet snooping. SSL/HTTP over TLS, or Transport Layer Security, is smoke and mirrors for normal web use.

Google encrypted its search to prevent black hat/ borderline SEO and unauthorised government snooping on their searches. The NSA probably already has Pwnage of the 'Big G'

[signupdamnit]

Quote:

Originally Posted by Google

But over time, we may decide to strengthen it, because we?d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

And this is where they are crossing the line. Now they are openly admitting to penalizing pages arbitrarily to advance their own agendas unrelated to quality factors. It's not Google's position to FORCE people to adopt a certain technology under the threat of penalizing them with financial implications. What's next? In two years will they be pushing their own proprietary technologies?

[aka123]

Quote:

Originally Posted by signupdamnit

What's next? In two years will they be pushing their own proprietary technologies?

They already do: Google plus for example.

Although Google explains these actions as a means to provide the most value for user (like the speed thing). And they are at least partially correct in that, but maybe they should ask from the users what brings value to them, instead of deciding for them.

[Zyber]

Google forcefully creating extra demand for the SSL certificate issuing business.

[Bladewire]

Quote:

Originally Posted by signupdamnit

And this is where they are crossing the line. Now they are openly admitting to penalizing pages arbitrarily to advance their own agendas unrelated to quality factors. It's not Google's position to FORCE people to adopt a certain technology under the threat of penalizing them with financial implications. What's next? In two years will they be pushing their own proprietary technologies?

In John Mueller's replies to his blog post linked by the OP he gives a clear indication of the particular path they are going to take, and the particular type of high end encryption they will require at some point. Google acquires an average of 10 patents a day (source)

"Google says it now controls more than 51,000 patents and patents pending." (source)

Find the ones related to SSL & beyond, that's where it's headed.

[Bladewire]

Quote:

Originally Posted by John Mueller-6 hours ago (edited) +Jean Phillips

the type of certificate doesn't play a role at the moment. AFAIK new certificates have 2048 bit or more keys anyway. If you have something with a shorter key, I'd recommend replacing that regardless of this.

Just a hint

[Panty Snatcher]

and of course a self signed certificate wont work

[dicknipples]

Quote:

Originally Posted by potter

And another thread that highlights just how out of touch with the web most GFYers are.

Quote:

Originally Posted by Barry-xlovecam

The NSA probably already has Pwnage of the 'Big G'

No they don't. They were actually caught trying to snoop Google's data as it was transferring from network to network, so they also encrypted that.

Quote:

Originally Posted by signupdamnit

And this is where they are crossing the line. Now they are openly admitting to penalizing pages arbitrarily to advance their own agendas unrelated to quality factors. It's not Google's position to FORCE people to adopt a certain technology under the threat of penalizing them with financial implications. What's next? In two years will they be pushing their own proprietary technologies?

HTTPS is good. Stop being a fucking cheap ass and spend and extra $10/yr on your fucking business.

[signupdamnit]

Quote:

Originally Posted by Bowser Koopa

HTTPS is good. Stop being a fucking cheap ass and spend and extra $10/yr on your fucking business.

You're being ignorant. The costs can be far higher than $10. There are many technologies which do not work with https. For example my varnishd set up does not work with it. Getting rid of it means at least 70% more resources and higher costs for server fees in my case. And for what? There is nothing on the sites which require this degree of privacy or security.

[Zeiss]

Sure, MR. Cheap, Browser-shrowser. What if you run hundreds of sites? What then? It's not $10... add some zeros and then come back and talk again... As signupdamnit said, especially on sites which do not even require it.

[dicknipples]

Quote:

Originally Posted by signupdamnit

You're being ignorant. The costs can be far higher than $10. There are many technologies which do not work with https. For example my varnishd set up does not work with it. Getting rid of it means at least 70% more resources and higher costs for server fees in my case. And for what? There is nothing on the sites which require this degree of privacy or security.

You can get Varnish and HTTPS to work nicely together. Hire someone who knows what they're doing if you can't.

Quote:

Originally Posted by Zeiss

Sure, MR. Cheap, Browser-shrowser. What if you run hundreds of sites? What then? It's not $10... add some zeros and then come back and talk again... As signupdamnit said, especially on sites which do not even require it.

Then you fail to understand the usefulness of HTTPS.

[Bladewire]

Quote:

Originally Posted by Bowser Koopa

Then you fail to understand the usefulness of HTTPS.

It's good to know when one is being handed their hat

[Zeiss]

Quote:

Originally Posted by Bowser Koopa

Then you fail to understand the usefulness of HTTPS.

Sure...

[Zyber]

Quote:

Originally Posted by Bowser Koopa

Then you fail to understand the usefulness of HTTPS.

HTTPS is overhyped. It relies on the SSL certificate system which is flawed by design.

Let me explain.
The browsers have a list of root certificates which it trust. These root certificates are from certificate authorities.

Many people believe that they are safe - as long as they buy an expensive certificate from a costly high-end certificate authority with a good reputation.

The problem is that the browsers will trust the authenticity of a certificate as long as it is verified by any root authority. It means that if only one root certificate is compromised - then all certificates are compromised, also those certificates which were issued by other root authorities.

For example if some malware adds a fake root certificate to your browser, then all communication with HTTPS-protected sites is vulnerable to man-in-the-middle attacks.

So the "security" in SSL is way overhyped.

I think the real motivation behind Google's move is to force website owners to use certificates. That would give more turnover for the certificate authorities and it would also reduce privacy for website owners.

[Zeiss]

Oh noes... My heart is bleeding...

[klinton]

probably they (Google) got angry after this slide and its smiley

[dicknipples]

Quote:

Originally Posted by Zyber

Many people believe that they are safe - as long as they buy an expensive certificate from a costly high-end certificate authority with a good reputation.

$7.99/yr is "expensive"? You're in the wrong business, kiddo.

[ideaworx]

That could be pricey for some large network owners (500+ blogs)

[xpimp]

[Zyber]

Quote:

Originally Posted by Bowser Koopa

$7.99/yr is "expensive"? You're in the wrong business, kiddo.

You conveniently forgot this part:

Quote:

Originally Posted by Zyber

The problem is that the browsers will trust the authenticity of a certificate as long as it is verified by any root authority. It means that if only one root certificate is compromised - then all certificates are compromised, also those certificates which were issued by other root authorities.

For example if some malware adds a fake root certificate to your browser, then all communication with HTTPS-protected sites is vulnerable to man-in-the-middle attacks.

[dicknipples]

Quote:

Originally Posted by Zyber

You conveniently forgot this part:

I ignored it because of how stupid it is.

[Zyber]

Quote:

Originally Posted by Bowser Koopa

I ignored it because of how stupid it is.

Please read a book about how SSL actually works before opening your ignorant mouth, "kiddo".

[aka123]

Quote:

Originally Posted by ideaworx

That could be pricey for some large network owners (500+ blogs)

Depends what is your income (relative cost), but the fixed sum doesn't change anyway.
But Google might actually try to smoke out these kind of networks, especially if the added value per blog is low (like it probably is). Of course you can decide not to get the SSL, there is no way how Google could force into that, as you are the webmaster, not Google.

[NewNick]

Quote:

Originally Posted by Squirtit

The internet is controlled by business & crime really, not by government. The new world order is allowing this, because they know business will inevitably fuck it up by getting greedy and fucking to many people over for to much. The masses will be BEGGING for one world governmental entity to control the internet.

In the end, probably 10-20 years from now, lose your SSL certificate and be taken off the internet.

Is that you JohnyClips ?

[dicknipples]

Quote:

Originally Posted by Zyber

Please read a book about how SSL actually works before opening your ignorant mouth, "kiddo".

I know how SSL works, doesn't make your sentence any less dumb.

[Zyber]

Quote:

Originally Posted by Bowser Koopa

I know how SSL works, doesn't make your sentence any less dumb.

It's never too late to learn something new. Here you go
http://nakedsecurity.sophos.com/2010...hoqp-verisign/

Also..
http://nakedsecurity.sophos.com/2011...-who-we-trust/

[signupdamnit]

Quote:

Originally Posted by Bowser Koopa

You can get Varnish and HTTPS to work nicely together. Hire someone who knows what they're doing if you can't.

https://www.varnish-cache.org/docs/trunk/phk/ssl.html

At best you forward it to Apache or to another server. Which defeats the purpose of running varnish in the first place.

[Bladewire]

Quote:

Originally Posted by Zyber

It's never too late to learn something new. Here you go
http://nakedsecurity.sophos.com/2010...hoqp-verisign/

Also..
http://nakedsecurity.sophos.com/2011...-who-we-trust/

2011 was a good year. Aaaaah back in the day

[dicknipples]

Quote:

Originally Posted by Zyber

It's never too late to learn something new. Here you go
http://nakedsecurity.sophos.com/2010...hoqp-verisign/

Also..
http://nakedsecurity.sophos.com/2011...-who-we-trust/

http://blog.cloudflare.com/google-no...-free-and-easy

[Bladewire]

Quote:

Originally Posted by Bowser Koopa

http://blog.cloudflare.com/google-no...-free-and-easy

Yeah and even if your server does support HTTPS performance will be slowed when streaming video. Handing off video and/or lots of images to the cloud will increase your performance. All part of the plan ;)

[Zyber]

Quote:

Originally Posted by Bowser Koopa

http://blog.cloudflare.com/google-no...-free-and-easy

Your article doesn't address the issue of root authorities - and their associated problems. Please read the 2 links I posted. They explain the problems with the SSL system.

[NewNick]

I smell google ssl certs on the horizon.

[Bladewire]

Quote:

Originally Posted by Zyber

Your article doesn't address the issue of root authorities - and their associated problems. Please read the 2 links I posted. They explain the problems with the SSL system.

Dude, look at the bigger picture.

[Zyber]

Quote:

Originally Posted by NewNick

I smell google ssl certs on the horizon.

Maybe connected to the Google+ account?

[ErectMedia]

Got a few SSL on some mainstream sites along with malware scanners that don't really need them but more of a confidence booster to help make the sale. Luckily found a pretty cheap source for them so doesn't hurt the wallet as much as it could.

[KillerK]

I'm betting this has to do with wanting to switch to ipv6 more then anything.

So they can get everyone tracked down to an ip.