For years now, ACLU chief technologist Christopher Soghoian has had a standing offer to encourage privacy on the web. He's offered it over and over: Any media outlet that enables the more secure HTTPS protocol gets a free bottle of whiskey.
He may be about to give up a lot of whiskey.
This morning, Google announced it would be boosting sites that use HTTPS in search results. It's a small nudge, only affecting one percent of search results, but it's a play that could make a huge difference for anyone hosting a site. HTTPS is the tiny padlock icon in your browser that keeps attackers from snooping in on your Gmail session, but it hasn't gotten much traction outside of webmail and banking, in part because it puts an extra load on servers. There are also a growing number of services who will take on that server load for free, making it easy for sites to make the switch if they want a little more search traffic.
As long as sites are unencrypted, it's trivial for attackers to see where you're going online
Both Soghoian and Google like HTTPS for privacy reasons. As long as most sites are unencrypted, it's trivial for anyone at the ISP or network level to see which addresses you're visiting online. That can be a real problem, whether you're living under an oppressive regime or just creeped out by the NSA. Sites already do lots of crazy things for good Google rankings (hello tag pages, hello metadata), so the company is hoping they'll start to encrypt traffic for the same reason.
It's a good plan and I hope it works, but it's also a risky one. Google messes with its algorithm all the time, but it's always for the purpose of improving user experience. Spammers get knocked down and trusted sources get promoted; we assume that's what the user would want. This is something different, part of Google "working to make the Internet safer more broadly," as the post puts it. That's been a priority at Google for years, but this is the first time the company has tinkered with search results to get there. So far it's just a nudge, too small to object to, but as Facebook learned earlier this year, it's easy to go too far, and often hard to know where to stop.