Thursday, August 21, 2014

Google’s Push For HTTPS Is More About PR Than Search Quality

Is it worth it for webmasters to switch to HTTPS in light of Google's recent announcement?

Earlier this month, Google announced that its search ranking algorithm will now consider whether a site is HTTPS. Does this mean you should now go out and make the switch to HTTPS, or is this just political jousting with no real search relevance on Google’s part?
What Is HTTPS, Anyway?
HTTPS stands for Hyper Text Transfer Protocol Secure. It’s a variation of the popular HTTP used to transfer web pages across the internet. The difference (the “S”) is that HTTPS adds a layer of security by encrypting the data.

A normal website is accessed by putting http:// before the domain name, such as http://facebook.com. If the site supports HTTPS, the URL will look like https://facebook.com. Typically, browsers will add a padlock icon and will highlight the address bar in green when a site uses HTTPS.

The Push For Security
Over the past few years, Google has pushed for improved security on its site as well as sites in general across the internet, and for good reason. Between the NSA’s spying and routine security breaches that pilfer millions of passwords from popular sites, it’s not a bad idea for a company like Google to take security seriously.

We saw the beginnings of this a few years ago when Google began encrypting search referral terms for logged-in users, which led to a lot of frustration for marketers who no longer had access to keyword data in their analytics packages. This frustration was compounded late last year when Google moved to 100% secure search — whether searchers were logged in to Google or not.

Now, we see another step toward security with Google announcing a potential rankings boost for sites that run HTTPS.

How Will This Impact Your Rankings?
Several years ago, Google announced that site speed would be considered a ranking factor in its search algorithm. As a result, many sites rushed to improve their site load time. While users certainly appreciated the speed improvement, hardly anyone noticed a direct impact to their rankings. Why was that?

Page Speed is what’s called a “modifier.” If two web pages have very similar quality and relevance scores, Google considers which page loads faster as the deciding factor on which ranks higher. The loading speed of the page modified the ranking score only ever so slightly.

Similarly, HTTPS looks to be a modifier, from what I’ve seen. Ninety-nine percent of searches will happen without HTTPS even being looked at; but, in those rare cases when two search results are otherwise “equal,” HTTPS might push one over the edge for the higher ranking.

This Is About Politics, Not Search Quality
Google has a phase it likes to use: “HTTPS Everywhere.” In fact, that’s what they named this year’s I/O Conference. The idea is that if every site implemented HTTPS, the web would be that much more secure; but, it’s a red herring. Here’s why:

HTTPS only protects against a very limited number of site vulnerabilities, specifically wiretapping and man-in-the-middle type attacks – in other words, spying. It makes the NSA’s job of tracking and spying on internet users more difficult, but it doesn’t protect against hackers, denial-of-service attacks and scripting, server or database exploits.

Essentially, HTTPS is useful for sites that collect and transmit personal information. Banks, e-commerce sites, even social networks need to have HTTPS in place to make sure consumers’ sensitive information is protected.

For all the blogs, news sites, brand brochure-type sites or any information site that doesn’t require a member login, HTTPS is useless. It’s like the post office telling you to that all your mail needs to be written in secret code. That’s fine for the military, but do your Christmas greeting cards really need to be written in unbreakable secret code? Probably not. It’s just as pointless to require HTTPS on sites that do not transfer sensitive information.

That’s why it doesn’t make sense for Google to consider using HTTPS as a ranking signal for the majority of sites and queries. If used at all, it will always be a very lightweight signal used on a very narrow set of queries, acting only as a tie breaker between two identically ranked pages.

No, this announcement is not about search quality. It’s about Google trying to get back at the NSA for making it look bad during the PRISM scandal, and it is doing this under the guise of a social cause — internet privacy under the “HTTPS Everywhere” banner.

It’s a classic “greater good” story. Google says HTTPS will be a ranking signal so that everyone runs out and switches to HTTPS. What they’re not saying is that this change will only affect a minuscule number of sites. For everyone else, they’ve wasted time and energy switching to HTTPS for no reason – but that’s okay, because it serves the greater good of improving privacy for the internet as a whole.

What Should I Do?
What should you do about switching to HTTPS? When in doubt, do what’s best for users.

If you run a site in the e-commerce, financial, search, social networking or related fields, you should already be running HTTPS on it. In fact, if your site utilizes a member login or any type of shopping cart, you should really switch to HTTPS.

On the other hand, if you’re running a blog, brochure site, news site, or any sort of information site where users don’t provide you with any personal information, I would recommend not using HTTPS. It costs money; it takes resources to implement; it slows down your site; it’s not needed; and it won’t hurt your rankings.

Long story short: if you make the switch, do it for the users and not because Google said it’s a ranking signal, because it really isn’t.

No comments:

Post a Comment