Why did Google declare war on HTTP? | josh.com
Google is waging a war to force websites to only serve content over secure https connections by demoting the search ranking of websites that continue to use normal http connections. “…we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure.”
At first take, this seams like a magnanimous move by the internet’s benevolent dictator. Security is a good thing, so by forcing lazy websites to finally go secure we are all better off… right?
https encrypts the conversation between you and a website so that no one can electronically eavesdrop on or change any content. This is important for connections where secrets are exchanged. You do not want the person sitting next to you at Starbucks to be able to grab your account number and balance as you log into your bank account over the public Wifi. As long as your connection to the bank is using https, the most an eavesdropper can divine is what website you are looking at- they can not see the actual data (or at least not easily).
The other benefit of https is that it guarantees that the pages you see are really coming from the web site you see in your address bar. With just http, is it possible for someone who happens to control the network between you and the website (i.e. the person running the Wifi access point you are using or your ISP) to spoof the website and send you their own content but make it look like it was coming from the web server you thought you were connected to.
