To celebrate 10 years of Creator Weekly, I’m sharing tech highlights from 2015 that still resonate 10 years later. This update was for the week of October 3, 2015.
Blogger HTTPS Settings in 2015
On September 30, 2015
Blogger started rolling out HTTPS support. Initially this was only available for blogs on the blogspot.com domain, but
it
eventually became available for Blogger blogs with custom domains as well (like this one).
HTTPS is HTTP Secure, which makes an encrypted connection between the browser and web server. This prevents man-in-the-middle attacks, bad actors seeing authentication credentials and cookies, or even tampering with the data in transit.
HTTPS was not new in 2015. Gmail web pages, for example, were using HTTPS in 2008.
But in 2014 Google called for “HTTPS everywhere” on the web, not just its own services. A few months later they started using HTTPS as a minor ranking signal in Google Search.
In 2015 this push to HTTPS accelerated. In addition to Blogger blogs, Google moved its ad products to HTTPS, and Google Search started indexing the HTTPS version of sites by default.
It wasn’t just Google.
Ten years ago this week, Blogger started rolling out HTTPS support for
Blogspot blogs. This was part of a concerted push for "HTTPS everywhere" as
adoption of secure sites took off.
HTTPS Everywhere
Blogger HTTPS Settings in 2015
HTTPS is HTTP Secure, which makes an encrypted connection between the browser and web server. This prevents man-in-the-middle attacks, bad actors seeing authentication credentials and cookies, or even tampering with the data in transit.
HTTPS was not new in 2015. Gmail web pages, for example, were using HTTPS in 2008.
But in 2014 Google called for “HTTPS everywhere” on the web, not just its own services. A few months later they started using HTTPS as a minor ranking signal in Google Search.
In 2015 this push to HTTPS accelerated. In addition to Blogger blogs, Google moved its ad products to HTTPS, and Google Search started indexing the HTTPS version of sites by default.
It wasn’t just Google.
In 2015 the
White House announced HTTPS Everywhere for US federal government sites,
Wikipedia,
Pinterest
and
Reddit
moved to HTTPS connections,
Mozilla said they would stop supporting "non-secure HTTP", Bing encrypted search traffic by default,
and many other sites followed suit. e
Also, notably, Let’s Encrypt launched in public beta in December 2015. This is a free, automated, and open Certificate Authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). This let anyone with their own domain get a certificate for free, making it much easier for website owners to set up HTTPS on their own site.
Also, notably, Let’s Encrypt launched in public beta in December 2015. This is a free, automated, and open Certificate Authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). This let anyone with their own domain get a certificate for free, making it much easier for website owners to set up HTTPS on their own site.
The view from 2025
Let's Encrypt growth in security certificates (Let's Encrypt Stats)
While there was a strong push HTTPS starting in 2015, it took years for the
majority of sites to implement HTTPS.
There were a number of reasons for that.
There were a number of reasons for that.
Older devices and browsers didn't support HTTPS. For example, by 2016
YouTube used 97% HTTPS connections, but that last 3% was the less secure HTTP, at least in part due to lack of
support on older devices.
HTTPS could be technically complex to implement, especially for sites
with mixed content, insecure scripts and embeds.
And I'm sure part of the reason was inertia. Why change something that is
working?
By 2018 83% of the top 100 websites (but a lower percentage of other sites) used HTTPS by default. At that time, Chrome started marking HTTP sites as "not secure". At that point website owners using HTTP should have been working on updating their sites.
By 2018 83% of the top 100 websites (but a lower percentage of other sites) used HTTPS by default. At that time, Chrome started marking HTTP sites as "not secure". At that point website owners using HTTP should have been working on updating their sites.
EFF declares
HTTPS is actually everywhere
But it wasn’t until 2021 that
it could be declared there was truly HTTPS Everywhere.
And it’s working now, invisibly, to help keep us all more secure online.
Google Security Blog, 30 September 2015, "HTTPS Support Coming to Blogspot"
References
Timelines Wiki,
Timeline of HTTPS Adoption
Google for Developers, Google I/O 2014 - HTTPS Everywhere
Google Webmaster Central Blog, 7 August 2014, "HTTPS as a ranking signal"
Google Security Blog, 17 April 2015, "Ads take a step towards 'HTTPS Everywhere'"
Google Security Blog, 30 September 2015, "HTTPS Support Coming to Blogspot"
Official Blogger Blog, 30 September 2015, "HTTPS Support Coming to Blogspot"
Google Webmaster Central Blog, 17 December 2015 "Indexing HTTPS Pages by Default"
Google Transparency Report, September 2016:
HTTPS at Google
Google Keyword Blog, 24 July 2018, "A milestone for Chrome security: Marking HTTP as 'Not Secure'"
Google Keyword Blog, 24 July 2018, "A milestone for Chrome security: Marking HTTP as 'Not Secure'"
EFF, 21 September 2021, "HTTPS is Actually Everywhere"
Comments
Post a Comment
Spam and personal attacks are not allowed. Any comment may be removed at my own discretion ~ Peggy