Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Google Tracks Use of HTTPS on Top 100 Websites

Google announced on Tuesday that its transparency report now includes a section dedicated to monitoring the use of HTTPS on the world’s top 100 websites.

Data protection and privacy have become increasingly important, and many organizations have started moving their websites and services to HTTPS. However, the migration process can prove challenging for large services.

Google announced on Tuesday that its transparency report now includes a section dedicated to monitoring the use of HTTPS on the world’s top 100 websites.

Data protection and privacy have become increasingly important, and many organizations have started moving their websites and services to HTTPS. However, the migration process can prove challenging for large services.

Google has been working on implementing HTTPS by default across its services, but the search giant says it still has a long way to go until all its products are protected. In the meantime, the company launched a new transparency report that tracks the progress of encryption efforts for both its own products and the world’s most visited websites.

Google will be tracking the state of HTTPS on the world’s top 100 third-party websites, which, based on data from Alexa and Google, are believed to account for roughly a quarter of all global website traffic.

The list of websites that already run a modern TLS configuration (i.e. offer TLS v1.2 with a cipher suite that uses an AEAD mode of operation) and have HTTPS by default includes facebook.com, instagram.com, ask.fm, paypal.com, pinterest.com, reddit.com, twitter.com, tumblr.com, whatsapp.com, wikipedia.org, wordpress.com, yahoo.com, linkedin.com, mail.ru and netflix.com.

Google’s new tracking service shows that websites such as Amazon work on HTTPS and have a modern TLS configuration, but default HTTPS has yet to be implemented. There is also a long list of popular websites that still don’t work on HTTPS or don’t have a modern TLS configuration, including sites owned by Alibaba, Amazon, Apple, Baidu, Microsoft, eBay, and many news companies.

Google says it’s prepared to work with all these top websites to help them move to HTTPS by the end of 2016.

“Implementing encryption is not easy work. But, as more people spend more of their time on the web, it’s an increasingly essential element of online security. We hope this report will provide a snapshot of our own encryption efforts and will encourage everyone to make HTTPS the default on the web, even faster,” Rutledge Chin Feman and Tim Willis, HTTPS Evangelists at Google, wrote in a blog post.

Advertisement. Scroll to continue reading.

The new service also includes a certificate transparency feature that allows users and admins to check the name of the certificate issuer for a specified website. The search can also be configured to include expired certificates and certificates issued for subdomains.

Related: Google to Remove Symantec Root Certificate From Products

Related: Google Considers Early Rejection of SHA-1 Certificates

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights