Woo hoo! +TechCrunch
article about my main project at work. By June 30th, the ads that Google places on millions of web sites around the world will get to your browser securely, over HTTPS.So why are we doing this?
Any number of news stories in the past year have made it clear that non-encrypted communication really is the target of both eavesdropping and tampering. That would be reason enough.
But it's more than that. Google is a big believer in "HTTPS Everywhere":
the notion that all web sites should be encrypted; that if someone proposed unencrypted HTTP today, everyone would just laugh at the mistake and of course add encryption. The privacy, integrity, and authentication benefits of encryption are hands-down winners.
But there's a catch. If a web site owner wants the benefits HTTPS, then browsers demand that everything on the page must be delivered secure — so as not to leave an unencrypted "weakest link" lying around. Entirely reasonable. And in particular, that means that any ads appearing on that page have to be served up on an encrypted channel too.
Well, not all of the ads in the world come in encrypted form. (Yet!) So when a web page is encrypted, the auction that picks the best ad to show you can only choose from among the ones fully deliverable over HTTPS... and that means the winning ad is sometimes a little less good. And the owner of the web page sometimes gets paid a little less money.
People have known this for years. Articles like "Google AdSense Earnings Drop With HTTPS Migrations" (https://www.seroundtable.com/https-google-adsense-19035.html
) talk about how bad the revenue hit can be.
My launch, coming up by June 30th, will make that a thing of the past. We will be serving all ads over HTTPS. And that means that web sites moving to HTTPS won't lose money by doing so.
The threat of decreased ad revenue has been a barrier to HTTPS adoption — but for sites that ask Google to place ads on them, that barrier is about to come down.