Stop and Think Before you Change Your Website to Use HTTPS

Website security: not so safe after all.
Website security: not so safe after all.
Writing on the Web Hosting Services Blog, SEO expert Michael Martinez debunks Google’s call for using HTTPS on Websites by documenting exactly how little the use of HTTPS accomplishes and how vulnerable the HTTPS system is to being compromised.

Google has proudly touted itself as an early adopter of HTTPS protocol for its websites, but as it turns out you can still get hacked watching YouTube videos. YouTube is owned by Google.

What makes the problem worse is that as hundreds, thousands of developers rush apps and software to market to take advantage of Google’s great HTTPS scare these allegedly SSL-friendly applications are vulnerable to being hacked. The very tools people want you to use to protect yourself make it more likely you’ll be hacked and lose control over your personal information.

Many Webmasters who responded to Google’s call for switching to HTTPS protocol found to their dismay that Google’s own AdSense service does not support as many ads on HTTPS sites as standard HTTP sites. Their revenues fell.

Many self-installed WordPress users also discovered to their horror that some of their plugins stopped working when they moved their sites to HTTPS protocol as well. So while Google is winning the public debate on moving everyone into HTTPS (for the most flimsy of reasons), Webmasters and their visitors are paying the price for being naive, stupid, and gullible.

We should certainly take our browsing security needs seriously but there are limits to the usefulness of HTTPS (which, actually, is not very useful at all). Furthermore, most Websites are not ready to make the change and most Website owners will be shocked to learn just how much it costs to switch to HTTPS. If you pay $10 a year for a domain registration and $25 a year for hosting, your costs will easily double if you switch to HTTPS — or go up to $500 a year, depending on which type of security certificate you buy.

All the Web hosting companies immediately began pushing security certificates to their customers when Google announced that it was giving a SLIGHT ranking boost to Websites using HTTPS (affecting less than 1% of all queries). These upsells only confuse consumers and make the whole HTTPS debacle more widespread.

What we can be sure of is that hackers and government spy agencies have been circumventing HTTPS for years. That isn’t going to stop just because Google is telling the world we all need to change to HTTPS. Propaganda campaigns like this have always been effective at changing public opinion; unfortunately, propaganda can’t change the facts on the street.