Google bolsters encryption for Blogspot domain Residents with HTTPS Rollout

Google software engineer Milinda Perera said this week that the company is now rolling out an HTTPS version of every single blog stored away on the Blogspot domain. That means visitors can load up their favorite blog on this specific domain over an encrypted channel, preventing eavesdropping snoops from seeing what they’re actually accessing. Even more, there’s nothing to enable: all Blogspot domain residents automatically have the HTTPS version switched on.

But of course, there’s a catch. Blogs with mixed content may not work correctly on the HTTPS version. According to Perera, this is caused by several factors: post content, incompatible templates, or gadgets. To help authors weed out the problematic elements, Google is offering a mixed content warning tool to help fix the issues manually. Perera said that Google is proactively fixing most of the errors it comes across.

Another catch is that Blogspot posts published on custom domains currently do not have HTTPS support. For those who are unaware, Google bloggers can actually publish their content on a top-level domain (www.mydomain.com) or a subdomain (myblog.mydomain.com). This can be accomplished by clicking on “Basic” under the blog’s “Settings” tab, and then adding the custom domain address in the “Publishing” section. While supporting HTTPS is presumably possible, it may be some time before Google tackles this specific feature.

Outside of those two setbacks, the HTTPS versions won’t screw up existing links and bookmarks stored on the blog entries. The company has also injected Blogspot with a new HTTPS Redirect setting that allows authors to provide access to either one version of the blog (on = HTTPS), or two versions of the blog (off = HTTPS and HTTP). Note that with the setting turned off, visitors will have access to the blog on an unencrypted connection.

So what’s the big deal about HTTPS? It’s an internet protocol that secures the connection between a device application (email app, browser, etc), and a website or service. This not only keeps data safe and secure from prying eyes as it speeds across the virtual highways, but protects the user’s privacy in the process. Websites with the vanilla HTTP protocol do not offer this type of security.

Google’s move to secure all Blogspot residents is part of the overall HTTPS Everywhere initiative. While there are many sites that offer HTTPS security, a good chunk of the internet does not. And as the Electronic Frontier Foundation (EFF) points out, many encrypted pages may still contain links that direct users back to the unencrypted version. Third-party content mayalso not be encrypted through links on an HTTPS-based site.

To that end, the EFF teamed up with Google, Mozilla, and Opera to create an extension that encrypts the Internet surfer’s communications with a number of major websites. The extension is offered for the Chrome, Firefox, Firefox for Android, and Opera browsers.

Google started testing the HTTPS waters with the Blogspot domain back in September 2015 as an opt-in feature. The company actually began encrypting its services in 2008, securing Search, Gmail, Drive, and other services throughout the years. Google said that some of the benefits to HTTPS encryption include preventing visitors from being redirected to a malicious site, preventing changes to data exchanged between the Blogspot domain and the visitor, and so on.

That said, Google is now officially rolling out HTTPS encryption to all Blogspot residents, not just with volunteers, as seen in September. The company encourages its bloggers to provide feedback so that it can make improvements.

Source | DigitalTrends