As you may possibly know already (or obviously, may not know), Google now tries to make the web even more secured and have plans to add HTTPS as a ranking signal, meaning websites enabled TLS/SSL should be considered more "valuable" comparing to regular domains.

Google's popularity obviously have an impact on all webmasters, but regarding this case, I may have some extra of my own thoughts gained from experience.

Before you introduce SSL to your website, you must precisely know, what it's about. This is what Google have plans to introduce this or that, doesn't really mean you need to have it.


* "Secured Sockets Layer" is actually only for websites keeping the private information or related, like credit cards, real names, passport IDs, addresses and so on. Running a little forum, or even a large forum filled in with aliases actually doesn't keep anything important. If you have a recipes-based content or love cats in your blog, I doubt someone from "Intelligence Agencies" even will find it worth cracking. And despite it would have https enabled, I doubt it could become strictly popular just because of it.


* On another hand, TLS/SSL provide a way of encoding and decoding information, that means, you will see a notable loss in speed. Actually, you will never your website as quick as it was. They try to claim it is OK, but trust me - I've seen a lot and I know how protocols work to conclude that even in theory, a decoding process COULD NOT be quicker than a regular process. You will be forced to switch to more powerful server and/or hosting plan to allow this (tip! start to count more coins from that point).


* TLS needs an official certification from the authorized company. Of course, there is a way to issue a self-signed certificate build with OpenSSL. But for websites, in most cases, it won't work, because it's mostly for user-to-user connection and not for user-to-website. Most often, if you owe an unauthorized certificate, website newcomers will see this at first:



Not good enough? Of course, not. At this point you will start to lose your traffic and users heavily. But, of course, there is a way of


* BUYING an official certificate. They claim there are companies issuing "free" certificates, but as I've seen some of them, I could say it's almost the same kind of junk as the self-signed certificate. Thus, someone else except you will have an access to your secrets, and that's a little untrusted company; and those certs will expire, sooner or later, with an option to buy them, for sure.

As about "solid" companies, like DigiCert or Symantec's Verisign, their prices for a regular SSL certificate, start from $175 and $ 1,699 respectively. (tip! tip! tip!)

Sure to pay such amounts? I'm not sure someone even earns so much on Google Adsense. Private or small-to-medium businesses just could not allow this. So why then they should care?..

However, this is a must-have option for big daddies, which earn thousands or even millions per month... they become "solid" that way. And ranked high in Google.

Not sure if with the new step, Google just tries to switch off the "amateur" websites and concentrate on giants? That would mean, 80% of the web is under impact of this... and sooner or later, WWW will become a garbage can providing only information from the "major" sources, and with no alternatives.

Good way on controlling the elephants, though...


* All in All, TLS protection just doesn't protect you from something serious. It's a common fact that "Intelligence Agencies", specially those coming from US, have all the tools to decode any SSL connection. Specially if it's just about a website.

After reading this from Google, I was having an impression like this step is done to gain even more websites to control. Specifically, to control from US and exclude these sources from national agencies control.

I suppose, you all heard already that Google KNOWS everything about you, as soon as you have signed up with it, and/or use Google Chrome, and/or signed up with any with Google's "partnership" programs.

Inviting all users to be TLS-protected is just another delicious program to gain even more control.


* I suppose, in no way the type of the data protocol could even have some higher ranks. Any website's rank should still built by it's related quotations amount on the other websites. It's not important if your website runs http or https; if it's a popular source, you shall give no shit to Google's invitations. Just continue what you have started and don't be drilled too much with the IT Planet Surgeons.

There are lots of the other Search Engines on the market. Secure protocols are constantly updated. New devices and programs are coming out each day, and they may not deal with the newest encoding algorithms, because it's all about money, in result. With that all, I just wanted to say that switching to something "more secure" could have a PR meaning and obviously affect your business from the negative end, actually.

So I'd say, I'm not ready to switch to SSL for my projects at this stage. And I'm still for the free and speedy web, which couldn't be in all ways secured, anyway.


P.S. Webmaster Central Blog on Google, which I've given the initial link to in this post, by the way, just advertises TLS and doesn't have SSL certificate on its own.

It's from the 'secure email' category: news.yahoo,com/yahoo-join-google-create-spy-free-email-systems-012458302--finance.html. Corporations that gave master access to governments now try to pretend nothing has happened and they are now working on a 'secure email.'

That makes sense. 80-90(?)% of all companies issuing SSL certificates are controlled by US corporations. Knowing they have a way to decode all SSLs gives them a huge advantage over spy agencies from other countries. By forcing websites to use SSL is a way to protect interests of US agencies so that they are the first to collect all sensitive data they want.

Secured layer adds more protection on the connection itself. For example, if you use wi fi, data is being transferred encoded and it's more difficult to decipher, if there appears an intermediate intrusion between client and website. That would be all about it. 

In no way TLS could help to protect user accounts or even make them safe, it is still up to the software and most likely even users themselves. There could be many ways of stealing users information bypassing all the secure layers. Such majors as Ebay, Skype, Facebook use https - but did it help from stealing users data? Not at all, few times a year we read this or that was hacked *again*. 

Additionally, https makes websites extremely hard in development, they are slow in appearance, because when on https, pages are not cached and all elements reload as soon as the page reloads; if there are lots of icons or images, that's waste of time. I don't know why Google propagates it like it would be a cure of all illnesses, fake approach.

The best way to know the rank is linkcollider. It is helpful in boosting your PageRank, Alexa Ranking, Backlinks, and SEO Keyword Rankings. check it out on linkcollider

Bookmarked!