With Google’s short-sighted stand that SSL will now be used as a ranking signal in its algorithm, the giant technology and marketing company has finally shown its hand — it doesn’t care about the ordinary web.
SSL is the technology we use when we need to connect with our bank or credit card accounts online. It ostensibly ensures a “secure” connection with the company’s servers. But SSL is not some sort of cure-all to securing online data — it is prone to other kinds of vulnerabilities and attacks.
SSL can readily be implemented by spammy websites, because those people have a financial incentive to do so. How that makes the web any “safer” is beyond me, but that’s Google’s belief — that just because a website is running SSL, it’s somehow “safer.” SSL still allows viruses and malware to be downloaded. SSL still allows a person to read a website from owners who’ve stolen their content from other websites.
In short, requiring SSL does little to make the web safer for the vast majority of websites. Why? Because most websites are still static, requiring no user interaction or login.
And that’s why SSL won’t be readily implemented by the average Joe running his own personal website. These websites rarely need a login or require any personal data be exchanged.
This means that Google is now penalizing ordinary people — and most small businesses — who just run simple websites without any user interaction.
And with us running out of IPv4 addresses, this move even makes less sense. Each SSL website needs its own unique IP address, and the Internet is virtually out of the old-style IPv4 addresses that are still the Internet’s standard. A new style IP system — IPv6 — addresses fix this problem — but still aren’t used widely. Worse, they are not backward compatible with IPv4 without hardware updates — something a lot of people are loathe to invest in until they absolutely have to.
For websites like Psych Central, it means thousands of dollars in new annual costs and maintenance. It also means an initial development cost that is substantial — and crushing.
Google simply whitewashes over how easy it is to make this sort of move. After reading the Google Webmaster forums (that they refer you to) and consulting with our developers, I find that it is instead a complicated and risky process. It could significantly negatively impact our search rankings if done incorrectly.
And if we implement it on our main website, it means significant and unacceptable slowdowns for people trying to access our mental health information. (Well, we could avoid those slowdowns, but again, at a large monthly monetary cost that Google glosses over for high-traffic sites like ours.)
We prefer to keep our meager budget focused on producing the high-quality content that Google still values more than this SSL signal.
But the writing is clearly on the wall. Small businesses like ours that don’t implement SSL at some point will be penalized for that high quality content, even when there’s little evidence to suggest doing so will improve the safety of the web.