Google, and many other large web service providers, believe that HTTPS Everywhere should be the goal of everyone who provides services and sites on the web. We live in an era of increased threats to privacy and security from criminals and others with less than noble motivations for wanting to see the content of our online communication. TLS / SSL encryption remains one of the best ways to ensure that our private communications remain private.
Most web users are familiar with the idea that their banking and other sensitive online interactions should be encrypted to protect them from prying eyes, but not many give much thought to the content of the advertising that they see on almost every page they visit, and which has often been a source of security vulnerabilities, including malware.
Given that Google is both a cheerleader for SSL Everywhere and the web’s largest seller of advertising, it’s something of a surprise that it doesn’t already encrypt the content it sends over its ad networks, but in a recent announcement, the company has said that it intends to implement encryption on all the advertising it serves by the end of June this year.
“In addition to providing a secure connection on our own products, we’ve been big proponents of the idea of “HTTPS Everywhere,” encouraging webmasters to prevent and fix security breaches on their sites, and using HTTPS as a signal in our search ranking algorithm.
This year, we’re working to bring this “HTTPS Everywhere” mission to our ads products as well, to support all of our advertiser and publisher partners. Here are some of the specific initiatives we’re working on.”
SSL encryption provides secure connections, of course, but it also carries with it the benefit that the origin of advertising can be properly verified. Browsers and mobile applications will be able to determine that the server delivering encrypted advertising originates from a validated domain, rather than the malvertising server of online criminals.
Currently, all YouTube advertising is sent over an encrypted connection, and so is most advertising on Google.com. By the end of June, Google intends to encrypt all advertising served from Display Network, AdMob, and DoubleClick, which also covers mobile advertising and video advertising.
Google has recently drawn criticism over its efforts to make all web content encrypted, with some seeing tactics like using HTTPS encryption as a ranking signal in the SERPs, “prematurely” ending support for SHA-1 certificates ahead of the rest of the industry, and implementing warnings in the Chrome browser for unencrypted sites, as being an imperious use of the company’s power. Not to mention the additional costs that these moves impose on web hosting providers, certificate authorities, and site owners who don’t consider their content sensitive.
But, it looks like Google is prepared to put its money where its mouth is by ensuring that as much of possible of its own content is encrypted, including its major cash cow.
Whether or not you’re a supporter of HTTPS Everywhere, there’s no doubting that the encryption of advertising is a positive move towards a more secure web.