1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Securing the web, together

Discussion in 'Google Online Security Blog' started by RSS, Mar 15, 2016.

  1. RSS

    RSS New Member Member

    Posted by Rutledge Chin Feman and Tim Willis, HTTPS Evangelists

    Encryption keeps people’s information safe as it moves between their devices and Google, protecting it from interception and unauthorized access by attackers. With a modern encrypted connection, you can be confident that your data will be private and secure.

    Today we are launching a new section of our Transparency Report to track the progress of encryption efforts—both at Google and on some of the web's most trafficked sites. Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the web even safer for everyone.

    Here's an overview of what is included in the new report:
    Google sites
    Every week, we’ll update this report with progress we've made towards implementing HTTPS by default across Google’s services. We’ve long offered Gmail, Drive, and Search over HTTPS, and in the last year, we’ve begun to add traffic from more products, like ads and Blogger as well.

    We're making positive strides, but we still have a ways to go.
    [​IMG]This chart represents the percentage of requests to Google's servers that used encrypted connections. YouTube traffic is currently not included in this data.

    We plan on adding additional Google products over time to increase the scope of this report.


    Popular third-party sites


    Our report also includes data about the HTTPS connections on many popular sites across the web, beyond Google. We've chosen these sites based on a combination of publicly-available Alexa data and our own Google internal data; we estimate they account for approximately 25% of all web traffic on the Internet.


    Certificate Transparency


    Websites use certificates to assert to users that they are legitimate, so browsers need to be able to check whether the certificate that you’re being presented is valid and appropriately issued. That is why this report also offers a Certificate Transparency log viewer, providing a web interface for users and site administrators to easily check and see who has issued a certificate for a website. For example, if you use this log viewer and search for google.com with ‘include expired' checked, you'll see the mis-issued google.com certificate from September 2015.


    Encryption for everyone


    Implementing HTTPS can be difficult—we know from experience! Some common obstacles include: ​
    • Older hardware and/or software that doesn’t support modern encryption technologies.
    • Governments and organizations that may block or otherwise degrade HTTPS traffic.
    • Organizations that may not have the desire or technical resources to implement HTTPS.
    While there’s no one-size-fits-all solution to these challenges, we’ve put together a resource for webmasters to use as they work through this process. We also support industry-wide efforts, like EFF's ‘Encrypt the Web’ report, that aim to bring more of the web to HTTPS.

    Implementing encryption is not easy work. But, as more people spend more of their time on the web, it’s an increasingly essential element of online security. We hope this report will provide a snapshot of our own encryption efforts and will encourage everyone to make HTTPS the default on the web, even faster.​

    [​IMG]
    [​IMG] [​IMG]

    Continue reading...
     

Share This Page