Google pushes sites to encrypt

Google might tweak its search algorithm in favour of encrypted sites in a bid to encourage better security across the web.

Matt Cutts, an engineer in charge of liaising with website designers and minimizing spam in search, said that if everyone adopted encryption it would make it harder for third parties to spy on Internet users. Speaking at the SMX West conference in California, he said that encouraging encryption was important, because once sites had been hacked “We don’t have the time to maybe hold your hand and walk you through and show you exactly where it happened.”

It appears that Google’s discussions on changing the algorithm are at an early stage and Cutts is a major evangelist for the idea. Officially, Google said it has nothing to announce.

Google uses its search algorithm to encourage and discourage practices among web developers.

For example, sites known to have malicious software are penalised in rankings as are those that load very slowly. In total, the company has over 200 “signals” that help it determine search rankings, most of which it does not discuss.

If Google adds encryption to the list, it would give websites a big incentive to adopt it more widely.

However the first sites to adopt it will be those dodgy sites which are designed to game Google, rather than those which provide good content.

Google has been encrypting more of its services in recent years, including Gmail and Google Search. It encrypted traffic between its data centres after revelations that the NSA was exploiting vulnerabilities in Google’s infrastructure.

Of course all this depends on the encryption working. This week it was revealed that a popular encryption scheme, known as OpenSSL, contained a bug that could allow hackers to attack a network and take personal information without leaving a trace.