Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Google Tracks Use of HTTPS on Top 100 Websites

Google announced on Tuesday that its transparency report now includes a section dedicated to monitoring the use of HTTPS on the world’s top 100 websites.

Data protection and privacy have become increasingly important, and many organizations have started moving their websites and services to HTTPS. However, the migration process can prove challenging for large services.

Google announced on Tuesday that its transparency report now includes a section dedicated to monitoring the use of HTTPS on the world’s top 100 websites.

Data protection and privacy have become increasingly important, and many organizations have started moving their websites and services to HTTPS. However, the migration process can prove challenging for large services.

Google has been working on implementing HTTPS by default across its services, but the search giant says it still has a long way to go until all its products are protected. In the meantime, the company launched a new transparency report that tracks the progress of encryption efforts for both its own products and the world’s most visited websites.

Google will be tracking the state of HTTPS on the world’s top 100 third-party websites, which, based on data from Alexa and Google, are believed to account for roughly a quarter of all global website traffic.

The list of websites that already run a modern TLS configuration (i.e. offer TLS v1.2 with a cipher suite that uses an AEAD mode of operation) and have HTTPS by default includes facebook.com, instagram.com, ask.fm, paypal.com, pinterest.com, reddit.com, twitter.com, tumblr.com, whatsapp.com, wikipedia.org, wordpress.com, yahoo.com, linkedin.com, mail.ru and netflix.com.

Google’s new tracking service shows that websites such as Amazon work on HTTPS and have a modern TLS configuration, but default HTTPS has yet to be implemented. There is also a long list of popular websites that still don’t work on HTTPS or don’t have a modern TLS configuration, including sites owned by Alibaba, Amazon, Apple, Baidu, Microsoft, eBay, and many news companies.

Google says it’s prepared to work with all these top websites to help them move to HTTPS by the end of 2016.

“Implementing encryption is not easy work. But, as more people spend more of their time on the web, it’s an increasingly essential element of online security. We hope this report will provide a snapshot of our own encryption efforts and will encourage everyone to make HTTPS the default on the web, even faster,” Rutledge Chin Feman and Tim Willis, HTTPS Evangelists at Google, wrote in a blog post.

Advertisement. Scroll to continue reading.

The new service also includes a certificate transparency feature that allows users and admins to check the name of the certificate issuer for a specified website. The search can also be configured to include expired certificates and certificates issued for subdomains.

Related: Google to Remove Symantec Root Certificate From Products

Related: Google Considers Early Rejection of SHA-1 Certificates

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...