Google Pick the Safe Option

PushON | August 8th 2014

Google are often quite cryptic when it comes to revealing the inner working of their algorithms, so when they announced on Wednesday that they’ve begun using HTTPS as a ranking signal there was a lot of initial excitement from the search community. Essentially this means that any site which sits on a secure network will be rewarded with better rankings, and by upgrading to HTTPS site owners could enjoy additional benefits.

Their reasons, of course, are related to their overall mission to provide the best user experience possible; in this case protecting the privacy of users. Their Webmaster Central blog post is full of poignant language about making the internet safer and more secure and whilst we can only commend their commitment to this there has been understandable cynicism towards some of their actions over the past few years. This relates to the removal of organic keyword data from analytics, cited as another way to “protect user privacy” or possibly to drive more businesses to use paid search. However even paid search, which was assumed safe, is due to feel the wrath of ‘not provided’ in the coming months.

It is hard to really suggest that the recommended move to HTTPS to any business decision from Google, though it does come at the same time as they have launched their own domain service which may well sell sites that come with an SSL certificate.. Aside from any potential ranking improvement there are further benefits from moving to a secure network, not least the added trust it gives the site at a time when consumer’s feelings towards online security may be at a low. Will this lead to a rush of webmasters moving towards HTTPS? Whilst it seems like an obvious decision it is not simply a straightforward switch; there are some good articles available that run through how to do it efficiently such as this guide from Yoast.

What does all this mean for internet privacy concerns? Should more search engines be encouraging this move towards more secure search? DuckDuckGo received a lot of early plaudits for their open approach towards user privacy, championing themselves as “a search engine that puts privacy first, rather than collecting data for advertisers and security agencies”. There is also a wider movement to “take back privacy” from groups such as Reset The Net, who we were introduced to by Matmi founder Jeff Coghlan at SASCon earlier this year. Initiatives such as this, in addition to recent outcry towards Facebook, and the rather insidious terms & conditions that come with their messenger app, have simply brought this invasion of our privacy into the spotlight.
Facebook Messenger t&cs

The PushON team have discussed the recommended move towards HTTPs and what it means in regards to the bigger picture of privacy online.

“There’s so many cynical angles you can take with this. ‘Google using a carrot and stick approach again to enact change…. again!‘ ‘Increasing costs to businesses!‘ ‘Google are just trying to hide referral traffic and sell SSL certs‘ but I’m not biting.

Much like penalising sites that redirected mobile visitors to their homepage, this is a positive change for everyone. PushON have been recommending sites with HTTPS/HTTP components switch to pure HTTPS since April when Matt Cutts announced they were considering this at SMX.

One benefit of switching to pure HTTPs is a partial recovery of referral information from other HTTPs sites. It has good privacy benefits (kind of) and in 2014, the performance hit is minimal. Furthermore it can boost trust and it saves unnecessary redirects.

If you don’t have one, get yourself a SSL certificate, install it and… remember that you’ll need to setup Webmaster Tools for the HTTPS version of the site separately and you’ll want to redirect people with your old URLs to the new version. Most CDNs should SSL certs already – but be sure to check!”

.htaccess (Apache) RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L] web.config (IIS7+) <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <clear /> <rule name="https redirect" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" /> </rule> </rules> </rewrite> </system.webServer> </configuration>

James Flacks, Technical SEO Consultant

“Facebook has come under fire this week for yet another privacy issue, this time relating to the company’s Messenger app. Numerous online articles have run the above terms and conditions and there’s no denying that when laid out for all to see, they look frankly imposing and disturbing. It seems like another move against personal privacy and people are talking about removing the app all together, to take a stand against the social giant.

It would be interesting to see the company’s stance on this – as a guess, it wouldn’t be surprising if this is a case of poor wording and awkward legislation, for example, it can take photos without your permission, but is this just a clumsy way of saying it doesn’t have to ask you everytime you take a photo through Messenger? Is making calls just related to linking your Messenger with your contacts and calling through the app? There’s a chance these terms aren’t as suspicious as they appear, and either way, it wouldn’t be shocking if Facebook is the only app with these kind of requirements.

Even with the release of these terms and threats from online commenters to delete the app, it’s unlikely that this will really hurt Facebook in the long run, or make much of a dent in the billion Messenger downloads. It’s an interesting warning for people to take more care about what they sign up for; understandably, a certain amount of personal freedoms will have to be given up for using a free service – that’s how the advertising works  – but is there a limit to how far this can go? Should people be more aware of what they’re signing up for with online apps? And even if made aware, would the majority actually care?” 

Carl Eden, Online Marketing Consultant

“Facebook have initially tried to get everyone to switch to the messenger app but it wasn’t a necessity, with this new approach they have segregated the tool into making users choose one or the other instead of switching between apps. Personally, from the Foursquare and Swarm split, I only use Swarm now as it achieves the essential check-in that Foursquare was designed to do. Foursquare have done a similar thing to Facebook by tracking your movements to suggest places for you to visit based on your movement and I find this an invasion of my privacy. As a consequence, I turned of all location tracking for Foursquare.

With regards to the new terms and conditions for Facebook, this may be the same for apps that use your camera etc but many of the additional requirements are not necessary and  shouldn’t be granted access to. If you want to text someone, you will send them a SMS/iMessage or Whatsapp from the contacts/phonebook, so why would you now decide to switch to Facebook to contact that person? Is this new system eliminating the need for a phone package with unlimited texts and minutes as you can now use multiple apps to do this?

Will you be granting access to Facebook Messenger?”

Pedrom Pourkashanian, Social Media and Online Marketing Consultant