When you’re browsing the web, you’re not transferring any specific personal data to and from the websites you visit. The method of data transfer between your computer and the websites, known as “http”, is technically insecure, in that someone could intercept the data you’re being sent by the website and understand it. But the data is just the content of a public website, so this is hardly important, right?
Things change, however, when you fill in a form or otherwise send personal data across the internet. For this, the “http” method of data transfer is not secure, and so an encrypted version was developed, called “https”. Changing from one to the other is all seamless to web users, so you may never have even known or thought about this before. But if you ever see a web page starting with “https”, you’ll know that any data you send is “secure”.
Google, however, has joined a growing call for all web browsing and data transfer to be secured in this way. If you’re interested, there’s a whole presentation about it here. Proponents say that if the whole web worked on “https”, you could be sure that you’re communicating with who you think you are, that the data has not been tampered with, and that the “conversation” has been thoroughly encrypted anyway. Sites like gov.uk appear to be https by default already, and Google would like to encourage the whole web to be this way. The reason is not so much that it’s dangerous for someone to find out how one visitor has interacted with one website, but the consequences of huge amounts of eavesdropped data being collected, and the pictures that might paint.
So, realising that everyone needs a nudge, Google has dropped a bombshell with this statement: “Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use https as a ranking signal.”
Let’s just think about that. They’ve realised (and it’s hardly surprising) that secure sites are likely to be the type of “good” sites which should rank more highly in searches. And that’s exactly why they’re going take that into account. “For now it’s only a very lightweight signal”, they say, but you can rest assured that it’ll become more significant in the future. Change to https and – even if it’s only slowly at first – your site will start to rank more highly in the Google search results.
So the question we should all be asking is: “Should I make my website https?”, followed closely by “…and how do I do that?” This is where it’s advantageous to have a good in-house IT department, or to work with independent web developers/hosts. There is a cost involved outside of their time, but it’s not major. If you’ve got someone to turn to, I would get their opinion on converting your site to https today.
For the rest of us who just use off-the-shelf hosting with “problem only” support, things are a lot more difficult. Unless you know a good website back-end developer who’s not already snowed under with work, you might have to wait until this becomes a standard offering from web hosts and you have a proper website rebuild. That could be a long time. But if you are planning a website rebuild any time soon, I’d advise you to make sure that a change to https is in the specification unless there’s a very good reason not to do so.