14 DAY TRIAL // Google announced today that its regular Transparency Report that provides an insight into how the company works and interacts with users, governments, and third-parties, will from now on feature a special section dedicated to HTTPS and encryption usage.
The new HTTPS section will provide details on the state of HTTPS support for Google products, which the company has started moving a few years back, reaching 77% coverage at this particular moment.
Out of all its major services, Gmail has 100% coverage, while Google engineers are still working to bring Drive, Maps, Advertising and the rest up to par.
Google says that the reasons that prevent it from achieving 100% coverage for all of its products have to do with older hardware and software that don't support modern encryption, countries that intentionally degrade HTTPS traffic, and products like Blogger where certificate management can be tricky when users add a custom domain to their blog.
Monitoring HTTPS Usage on Alexa Top 100 Sites
But the report won't include data only on its products. Since encryption has become such a big deal today, Google will be periodically assessing the state of HTTPS support on Alexa Top 100 sites as well, including the results in its periodical reports.
Google will be scanning if these top sites support HTTPS, if they use a modern TLS configuration, and if they use HTTPS by default on their service.
In Google's first HTTPS Transparency Report, only 21 sites got a perfect score for these criteria, a short list that includes services such as Yahoo, Facebook, Twitter, Tumblr, Reddit, Pinterest, Yandex, Wikipedia, and WhatsApp.
Why the focus on Alexa Top 100 sites? Because these 100 sites make up for around 25% of all the Internet traffic today, and if they realize that encryption is crucial for their users, then smaller sites will soon follow.
As a bonus, Google's Transparency Report also includes a Certificate Transparency checker that will allow users to verify the validity of an SSL/TLS certificate that an HTTPS website is using. The train of thought behind this feature is to show that if HTTPS is present, it doesn't automatically mean it's good quality HTTPS.
