clock menu more-arrow no yes

Filed under:

Google is giving itself an encryption report card

New, 2 comments

Today, Google added a new section to its transparency report, giving users a running tally of how many Google requests use HTTPS encryption. Groups like EFF have long pushed for wider usage of HTTPS, but implementation can be demanding, particularly for services as complex as Google's. "Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the web even safer for everyone," Google said in an accompanying statement.

Roughly three-quarters of requests from Google products use SSL. Products like Gmail, and Drive require SSL protection for security reasons, but it's less important for casual products like Maps or News. Still, Google figures show SSL usage growing gradually more encrypted over the past two years. Google's ad networks are particularly challenging to encrypt because of their size and interoperability requirements. Google began a push for HTTPS-enabled ads back in April, and the current reports estimates 77 percent of the ads are secured through SSL.

Google Chart

SSL encryption, which powers HTTPS, has a number of security benefits. Without a securely encrypted connection between website and visitor, it's possible for an intermediary to listen in on data being sent between the two, or even replace data in transit. That's a particular concern for ad networks, which attackers often target as a means of distributing malware. As a result, Google has long encouraged HTTPS adoption, in part by boosting HTTPS-capable sites in Search rankings.

A number of prominent sites have moved over the HTTPS in the last year, including Wikipedia and Reddit. In 2014, the content distribution network CloudFlare added universal SSL for any site that opted in, adding encryption to as many as two million sites. A recent Statista survey found just over a third of web requests were made using HTTPS.