Encryption keeps people’s information safe as it moves between their devices and Google, protecting it from interception and unauthorized access by attackers. With a modern encrypted connection, you can be confident that your data will be private and secure.
Today we are launching a new section of our Transparency Report to track the progress of encryption efforts—both at Google and on some of the web's most trafficked sites. Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the web even safer for everyone.
Here's an overview of what is included in the new report:
Google sites
Every week, we’ll update this report with progress we've made towards implementing HTTPS by default across Google’s services. We’ve long offered Gmail, Drive, and Search over HTTPS, and in the last year, we’ve begun to add traffic from more products, like ads and Blogger as well.
We're making positive strides, but we still have a ways to go.
This chart represents the percentage of requests to Google's servers that used encrypted connections. YouTube traffic is currently not included in this data.
We plan on adding additional Google products over time to increase the scope of this report.
Popular third-party sites
Our report also includes data about the HTTPS connections on many popular sites across the web, beyond Google. We've chosen these sites based on a combination of publicly-available Alexa data and our own Google internal data; we estimate they account for approximately 25% of all web traffic on the Internet.
Certificate Transparency
Websites use certificates to assert to users that they are legitimate, so browsers need to be able to check whether the certificate that you’re being presented is valid and appropriately issued. That is why this report also offers a Certificate Transparency log viewer, providing a web interface for users and site administrators to easily check and see who has issued a certificate for a website. For example, if you use this log viewer and search for google.com with ‘include expired' checked, you'll see the mis-issued google.com certificate from September 2015.
Encryption for everyone
Implementing HTTPS can be difficult—we know from experience! Some common obstacles include:
- Older hardware and/or software that doesn’t support modern encryption technologies.
- Governments and organizations that may block or otherwise degrade HTTPS traffic.
- Organizations that may not have the desire or technical resources to implement HTTPS.
Implementing encryption is not easy work. But, as more people spend more of their time on the web, it’s an increasingly essential element of online security. We hope this report will provide a snapshot of our own encryption efforts and will encourage everyone to make HTTPS the default on the web, even faster.
No comments:
Post a Comment
You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.
Note: Only a member of this blog may post a comment.