As you may possibly know already (or obviously, may not know), Google now tries to make the web even more secured
and have plans to add HTTPS as a ranking signal
, meaning websites enabled TLS/SSL
should be considered more "valuable" comparing to regular domains.
Is this just another ploy by Google to get people to spend more money and make things more complex? Is this a part of their new domain offerings??
you're not the only one asking that question. :)
Google's popularity obviously have an impact on all webmasters, but regarding this case, I may have some extra of my own thoughts gained from experience.
First of all, I'd like to mention you could run the current version miniBB on a regular domain or https-based domain with no problems. If you switch from http to https, it could be just about changing one option in the settings file, and running a single SQL to fix inner URLs in posts.
Despite of it, you may run into difficulties while combining https-based pages with a content from another websites, for example, built-in images from another recources. In this case, as I suppose, all absolute URLs should be rewritten to relatives, i.e. not having https or http in front (like it now happens with YouTube or Vimeo embedding codes).
This is now what this post is about however.
Before you introduce SSL to your website, you must precisely know, what it's about
. This is what Google have plans to introduce this or that, doesn't really mean you
need to have it.
* "Secured Sockets Layer" is actually only for websites keeping the private information or related, like credit cards, real names, passport IDs, addresses and so on. Running a little forum, or even a large forum filled in with aliases actually doesn't keep anything important. If you have a recipes-based content or love cats in your blog, I doubt someone from "Intelligence Agencies" even will find it worth cracking. And despite it would have https enabled, I doubt it could become strictly popular just because of it.
* On another hand, TLS/SSL provide a way of encoding and decoding information, that means, you will see a notable loss in speed
. Actually, you will never your website as quick as it was. They try to claim it is OK
, but trust me - I've seen a lot and I know how protocols work to conclude that even in theory, a decoding process COULD NOT be quicker than a regular process. You will be forced to switch to more powerful server and/or hosting plan to allow this (tip! start to count more coins from that point)
* TLS needs an official certification from the authorized company. Of course, there is a way to issue a self-signed certificate
build with OpenSSL. But for websites, in most cases, it won't work, because it's mostly for user-to-user connection and not for user-to-website. Most often, if you owe an unauthorized certificate, website newcomers will see this at first:
Not good enough? Of course, not. At this point you will start to lose your traffic and users heavily. But, of course, there is a way of
* BUYING an official certificate
. They claim there are companies issuing "free" certificates, but as I've seen some of them, I could say it's almost the same kind of junk as the self-signed certificate. Thus, someone else except you will have an access to your secrets, and that's a little untrusted company; and those certs will expire, sooner or later, with an option to buy them, for sure.
As about "solid" companies, like DigiCert or Symantec's Verisign, their prices for a regular SSL certificate, start from $175 and $ 1,699 respectively. (tip! tip! tip!)
Sure to pay such amounts? I'm not sure someone even earns so much on Google Adsense. Private or small-to-medium businesses just could not allow this. So why then they should care?..
However, this is a must-have option for big daddies
, which earn thousands or even millions per month... they become "solid" that way. And ranked high in Google.
Good news for SSL sellers, yay!.. Now they will gain even more money, pay even more taxes and US Army will become even more trained for bombing the Iraq.
Not sure if with the new step, Google just tries to switch off the "amateur" websites and concentrate on giants? That would mean, 80% of the web is under impact of this... and sooner or later, WWW will become a garbage can providing only information from the "major" sources, and with no alternatives.
Good way on controlling the elephants, though...
* All in All, TLS protection just doesn't protect
you from something serious. It's a common fact that "Intelligence Agencies", specially those coming from US, have all the tools to decode any SSL connection. Specially if it's just about a website.
After reading this from Google, I was having an impression like this step is done to gain even more websites to control. Specifically, to control from US and exclude these sources from national agencies control.
I suppose, you all heard already that Google KNOWS everything about you, as soon as you have signed up with it, and/or use Google Chrome, and/or signed up with any with Google's "partnership" programs.
Inviting all users to be TLS-protected is just another delicious program to gain even more control
* I suppose, in no way the type of the data protocol could even have some higher ranks. Any website's rank should still built by it's related quotations amount on the other websites. It's not important if your website runs http or https; if it's a popular source, you shall give no shit to Google's invitations. Just continue what you have started and don't be drilled too much with the IT Planet Surgeons.
There are lots of the other Search Engines on the market. Secure protocols are constantly updated. New devices and programs are coming out each day, and they may not deal with the newest encoding algorithms, because it's all about money, in result. With that all, I just wanted to say that switching to something "more secure" could have a PR meaning and obviously affect your business from the negative end, actually.
So I'd say, I'm not ready to switch to SSL for my projects at this stage. And I'm still for the free and speedy web, which couldn't be in all ways secured, anyway.
P.S. Webmaster Central Blog on Google, which I've given the initial link to in this post, by the way, just advertises TLS and doesn't have SSL certificate on its own.