Skip to main content

Google bolsters encryption for Blogspot domain residents with HTTPS rollout

made for google
Image used with permission by copyright holder
Google software engineer Milinda Perera said this week that the company is now rolling out an HTTPS version of every single blog stored away on the Blogspot domain. That means visitors can load up their favorite blog on this specific domain over an encrypted channel, preventing eavesdropping snoops from seeing what they’re actually accessing. Even more, there’s nothing to enable: all Blogspot domain residents automatically have the HTTPS version switched on.

But of course, there’s a catch. Blogs with mixed content may not work correctly on the HTTPS version. According to Perera, this is caused by several factors: post content, incompatible templates, or gadgets. To help authors weed out the problematic elements, Google is offering a mixed content warning tool to help fix the issues manually. Perera said that Google is proactively fixing most of the errors it comes across.

Recommended Videos

Another catch is that Blogspot posts published on custom domains currently do not have HTTPS support. For those who are unaware, Google bloggers can actually publish their content on a top-level domain (www.mydomain.com) or a subdomain (myblog.mydomain.com). This can be accomplished by clicking on “Basic” under the blog’s “Settings” tab, and then adding the custom domain address in the “Publishing” section. While supporting HTTPS is presumably possible, it may be some time before Google tackles this specific feature.

Please enable Javascript to view this content

Outside of those two setbacks, the HTTPS versions won’t screw up existing links and bookmarks stored on the blog entries. The company has also injected Blogspot with a new HTTPS Redirect setting that allows authors to provide access to either one version of the blog (on = HTTPS), or two versions of the blog (off = HTTPS and HTTP). Note that with the setting turned off, visitors will have access to the blog on an unencrypted connection.

So what’s the big deal about HTTPS? It’s an internet protocol that secures the connection between a device application (email app, browser, etc), and a website or service. This not only keeps data safe and secure from prying eyes as it speeds across the virtual highways, but protects the user’s privacy in the process. Websites with the vanilla HTTP protocol do not offer this type of security.

Google’s move to secure all Blogspot residents is part of the overall HTTPS Everywhere initiative. While there are many sites that offer HTTPS security, a good chunk of the internet does not. And as the Electronic Frontier Foundation (EFF) points out, many encrypted pages may still contain links that direct users back to the unencrypted version. Third-party content mayalso  not be encrypted through links on an HTTPS-based site.

To that end, the EFF teamed up with Google, Mozilla, and Opera to create an extension that encrypts the Internet surfer’s communications with a number of major websites. The extension is offered for the Chrome, Firefox, Firefox for Android, and Opera browsers.

Google started testing the HTTPS waters with the Blogspot domain back in September 2015 as an opt-in feature. The company actually began encrypting its services in 2008, securing Search, Gmail, Drive, and other services throughout the years. Google said that some of the benefits to HTTPS encryption include preventing visitors from being redirected to a malicious site, preventing changes to data exchanged between the Blogspot domain and the visitor, and so on.

That said, Google is now officially rolling out HTTPS encryption to all Blogspot residents, not just with volunteers, as seen in September. The company encourages its bloggers to provide feedback so that it can make improvements.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program
iPhone 11 Pro feature image

Apple’s new hacker-friendly iPhones offer security researchers unrestricted access to devices so that they can easily hunt down vulnerabilities and bugs. But Ben Hawkes, technical lead at Project Zero, a team at Google tasked with discovering security flaws, says he’s “pretty disappointed” with Apple’s latest security program.

Hawkes, in a Twitter thread, said that its team won’t be able to take advantage of Apple’s “Security Research Device” (SRD) iPhones since it appears to exclude security groups that have a policy to publish their findings in three months.

Read more
Google acquires Typhoon Studios to bolster Stadia game development team
Journey to the Savage Planet by Typhoon Studios

Google acquired Typhoon Studios, the independent developer behind the upcoming Journey to the Savage Planet, to help make games for the Stadia streaming service.

In a blog post, Google said that Typhoon Studios will be joining the first studio of Stadia Games and Entertainment in Montreal. The developer, however, will continue working on the release of Journey to the Savage Planet to multiple platforms on January 28, 2020, as it is integrated into Stadia's game development team. Future games from Typhoon Studios will be exclusive to Stadia.

Read more
ChatGPT’s new Pro subscription will cost you $200 per month
glasses and chatgpt

Sam Altman and team kicked off the company's "12 Days of OpenAI" event Thursday with a live stream to debut the fully functional version of its 01 reasoning model, as well as a new subscription tier called ChatGPT Pro. But to gain unlimited access to these new features and capabilities, you're going to need to shell out an exorbitant $200 per month.

The 01 model, originally codenamed Project Strawberry, was first released in September as a preview, alongside a lighter-weight o1-mini model, to ChatGPT-Plus subscribers. o1, as a reasoning model, differs from standard LLMs in that it is capable of fact-checking itself before returning its generated response to the user. This helps such models reduce their propensity to hallucinate answers but comes at the cost of a longer inference period and slower response.

Read more