Your bank account login details are encrypted, right? You wouldn’t just leave that info laying out in the open for anyone to grab, would you? You wouldn’t leave the doors to your business wide open after hours either, right? No, of course not. Well, oddly enough, many business owners leave their website unlocked and up for grabs. With it, they leave their customer’s valuable data – potentially even credit card data or other personal information – “unlocked.”
Google is changing the rules though. They’re announcing that they will enforce encryption on the web. How will they do that, and how can you prepare for it?
What’s The Danger?
The danger right now is that many websites out there are totally unencrypted. Even when a site has encrypted user data, the code isn’t encrypted. That means hackers can gain access to the site and inject malicious code to try to gain entry, crash the site, or do a number of other things which could compromise the integrity of other security measures the site employs.
Another danger is email. By now, you’ve heard or read about the NSA’s data collection scheme. It’s extended to popular email clients like gmail – the government agency has collected emails on a massive scale for later analysis.
Many see this as an invasion of privacy, including Google. And, that’s why it’s fighting back. Recently, it announced that it has forced encryption on all gmail accounts. Now, when you send an email, it cannot be snatched up by any government agency at any of the data centers around the U.S. before it gets to its intended recipient.
You’ve probably also read about the heartbleed vulnerability. This was a vulnerability announced back in April that involved the OpenSSL security protocol. Basically, the open source encryption scheme contained a bug that allowed hackers to exploit vulnerabilities in many websites – including big brands.
Customer data was stolen, passwords compromised, personally identifiable information disclosed to the public. All this is really bad, but it highlights the necessity of better security – better encryption.
Google plans to enforce encryption of all websites in its index. This would favor webmasters that choose to encrypt their sites and covertly penalize those that don’t. At least, this is what Matt Cutts recently hinted at. Sometime in the future, everyone may have a safer surfing experience. Don’t think they would do something like that? They already have. For example, sites that are identified by the search giant as having malicious software installed on them are filtered using Google’s weighted loading times.
Basically, the site loads as slow as molasses. That’s a layer of protection for users on top of other built-in protections in most browsers that alert users of potentially malicious websites before the user is allowed to actually visit the site and download some nasty bug or run a a malicious script.
If Google implements an algorithm tweak that favors encrypted websites, the thought is that the web will be a safer place to surf. You won’t have to worry as much about hackers because the entire Internet will be locked down.
The downside is that not all webmasters may be able to afford redoing their entire website in an encrypted form. It’s going to generate a lot of business for web designers. But, it’s also going to put a lot of strain on larger sites and startup companies strapped for cash. And, while Google seems committed to the idea, it’s done nothing as of yet to enforce it. Whether it ever comes to pass remains to be seen.