Google Giving Weight to HTTPS in Search Results


Maybe not everything, but certainly more than we are doing now.

So how do you encourage more sites to use HTTPS? Well, if you are Google, you tweak the SEO black box:

we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

From HTTPS as a ranking signal on the Google Webmaster Central Blog.

The call to have more sites use HTTPS has been out for some time. It is hard to be motivated enough to over come the technical and financial hurdles to make the move ( and for some sites those hurdles are non-trivial ). The SEO approach that Google is taking is the equivalent of hitting sites in the wallet ( in some cases that might be the literal result ). When the possibility of loosing money is involved then it is easier to get people’s attention.

This might be the single best use of the crazy Google SEO situation I’ve ever seen.

Earlier this summer Automattic talked about working towards providing all * sites with HTTPS by the end of 2014. This is something that I’m really excited to see happen.

If you still aren’t supporting HTTPS for your site, I’d encourage you to map out a plan to get there. Tim Bray posted a simple outline of the why and how of switching to HTTPS. If you are looking for a more technical view of how HTTPS works check out the TLS chapter of “High Performance Browser Networking”, which is free to read online.

Casting Out Google+?

Signs have been increasing that perhaps Google is no longer all in on Google+.

Just a few days ago there was the shift in Google Hangout no longer requiring Google Apps users to have a Google+ account. Now comes the rumor that photos will be usable without a Google+ account.

My personal preference would be for Google+ integration to be an option, instead of a requirement, on all Google services.

Awkward Moment For Google And Feedly

The Google Cloud Platform blog recently had a rather awkward moment posting about the success of Feedly, emphasis is mine:

In the middle of last year, our servers were overwhelmed with hundreds of thousands of new signups, and we experienced our first service outage. The first thing we did was move all of our static content to App Engine. Within an hour we were up and running again with 10 times the capacity we had before. This turned out to be a good thing – we added millions more users over the next few months and more than doubled in size.

I seem to recall Google telling millions of users to pack up their stuff and leave around the middle of last year. Feels strange to see Google excited to brag about their ability to send millions of users to a competitor. At least they used to be competitors, before Google decided to get out of the reader space.

Read Access on Google Servers with XXE

Detectify explains how they gained read access to production servers at Google:

One system caught our eyes. The Google Toolbar button gallery. We looked at each other and jokingly said “this looks vuln!”, not knowing how right we were.


They were able to leverage XML External Entity ( XXE ) processing to read local files on Google’s production servers. If you haven’t read up on XXE go watch Mike Adams talk at WordCamp SF 2013, the video is only 30 minutes.

Be very careful when processing XML, it can come back to bite you in very bad ways.

Export Gmail and Google Calendar Data

Great to see this news yesterday:

Starting today we’re rolling out the ability to export a copy of your Gmail and Google Calendar data, making it easy to back up your data or move to another service.

From Official Gmail Blog: Download a copy of your Gmail and Google Calendar data.

I’m not sure how well downloading 7GB of email is going to do in mbox format, exporting Gmail data hasn’t been enabled for my account yet. I like that Google is taking this step though, it is the right thing to do.

Opt Out Of Google’s Shared Endorsement Ads

Google recently announced that their ads are going Facebook style by including the image and name for your account as an endorsement on ads. This came as part of an update to their terms of service.

To opt out of this go to

Make sure that box stays unchecked.
Make sure that box stays unchecked.

You will need to make sure that the checkbox towards the bottom of that page remains unchecked.

I wonder how long until Google starts showing derived endorsements on ads. If you carry an Android device around they’ll be able to see what places your visit most frequently, which they might want to use as an implied endorsement. That could make Google Now a huge source of ad related data.

PageSpeed Online

Unfortunately the Chrome PageSpeed plugin hasn’t worked for me in a long time. appears to no longer include PageSpeed analysis in reports either.

That leaves PageSpeed Online has the only option for running a PageSpeed analysis on a site.

I really liked using the Chrome plugin (back when I could still get it to work), but I’m happy to see there is at least one place where you can still run a PageSpeed analysis.

Google Fiber in Provo Gets Even Stranger

Last week I mentioned the concerns over the $1 sale price of the iProvo fiber network to Google. Well, the Provo Google Fiber project continues to get even stranger than that. From the Daily Herald article on the Provo city council vote:

Curtis also introduced new information and obligations that had not been discussed during the initial excitement of last week. There will be a need to spend some money. For one, the map on where the fiber conduits are actually laid is not available and it may take some guessing at a few locations as to what side of the street the fiber backbone is under. There is also an agreement the city will have control of the fiber to the schools and the city operations. Money has already been set aside from the telecom fund to take care of those needs. An insurance policy will also be needed to protect the city from the unknown. The total cost for city outlay will be approximately $1.7 million.

Emphasis at the end is mine.

A more detailed breakdown was reported by The Salt Lake Tribune:

  • $722,000 “for equipment in order to continue using the gigabit service for government operations already using the network, such as the operation of traffic lights and police and fire services.”
  • $500,000 “to a civil engineering firm to determine exactly where the fiber optic cables are buried, a requirement by Google”
  • $500,000 “for an insurance policy to help mitigate any possible legal damages should Provo’s network not be presented to Google as promised”

Of course Google is paying Provo $1 for the network, so the real cost to Provo for selling their existing fiber network to Google is only $1,721,999. Still a fair bit money to pay someone to take an asset off your hands.

Then there is the issue of not even knowing where all of the fiber in the ground actually is. Didn’t they have to file permits with the city when they installed it in the first place? If they moved it later on, wouldn’t that require getting permits from the city as well? For something that they paid $39M for I would have thought they would keep a close eye on it.

The Salt Lake Tribune also reported numbers on how much is still due on the original $39M in bonds:

With interest, taxpayers still have to pay $3.3 million in bond payments per year for the next 12 years.

For a total of $39.6M that Provo will have paid out over the next 12 years.

This story may still have a happy ending. If Google Fiber in Provo blossoms into everything it could be, then all of this may have been worth it.

The money thing doesn’t really freak me out though. What really freaks me out is that the city of Provo has connected “operation of traffic lights and police and fire services” to the same fiber network that connects to the Internet. That strikes me as a really, really, really bad idea.