Google said on Wednesday it has made HTTPS available as an opt-in for its Blogspot publishing service.
Google and other technology providers have been ramping up encryption rollouts in the two years since the publication of the Snowden documents began. To date, Google has encrypted Gmail, search, Google Drive and its ad products as part of its HTTPS Everywhere campaign.
“While this initial rollout won’t support all of our Blogger users, we wanted to take the first step to make HTTPS available for Blogspot; for those users who want to try it early,” said Google software engineer Jo-el van Bergen in a post published on Google’s Online Security Blog. “We’re rolling this out gradually and Blogspot authors interested in enabling HTTPS support can begin opting-in today.”
Van Bergen said enabling HTTPS on blog is as simple as selecting “Yes” on the Blogger settings page.
“Unfortunately, blogs with custom domains are not supported in this first version,” van Bergen said. “Once enabled, your blog will become accessible over both HTTP and HTTPS connections. Blogspot authors should be aware that if they choose to encrypt at this time, some of the current functionality of their blog may not work over HTTPS.”
Google announced that its Official Google Blog and the Google Online Security Blog are also moving to HTTPS.
The change to secure connections by default gives users a expectation of security and privacy. It certainly doesn’t guarantee that specific sessions can’t be intercepted and decrypted by a man-in-the-middle attack or other techniques, but using SSL makes life harder for most adversaries.
One of the Internet’s largest properties, Reddit, earlier this year announced that it was moving HTTPS only for its sites after last year, it began offering users encrypted connections.
This year, there has been a steady stream of similar moves. In June, Apple began encouraging iOS app developers to move to an HTTPS only model, and this was announced around the same time federal government CIO Tony Scott announced that all government public sites and services would move to HTTPS. Browser makers have also been in on the HTTPS movement; in May, Mozilla announced that it would begin phasing out HTTP connections in Firefox.