By now, I’m sure you have heard that Chrome 68 has been released. If you haven’t already, you need to make sure your Chrome version is up-to-date. While a browser update may not seem like the most newsworthy item, this is the version that will start to visually penalize sites who are not using proper HTTPS or that have mixed content. Google’s Chrome has been specifically putting more emphasis on whether a site is secure or not. Chrome 68 is the version identified by Google that puts even more emphasis on security issues for websites visited via the Chrome browser.
While Chrome 68 is still the interim browser between the total distrust of Symantec SSL certificates, it is a move in that direction between Chrome 66 and Chrome 70. While many people are commenting that this just seems like an undue burden on site operators, it should come as no surprise as Google has always been up-front about two things this is meant to provide:
- Pushing the overall web to be more secure
- Making the web safer for users by making it more obvious that a site is insecure and/or has mixed security content on it
Now, all that said, I’ve also seen some commenters use the “well https can still be hacked too, so what’s the point?” but at the end of the day, this is a lazy argument. Yes, people can still hack HTTPS, but it takes a higher level of skill and dedication to do so, whereas to do it on an HTTP site can simply be a matter of downloading some simple exploitation scripts. So, from my perspective, I applaud Google for pushing this change. In an age where we transact and interact more via our mobile devices and therefore, transmit a lot more data over more easily highjacked/sniffed Wi-Fi, Bluetooth, and other wireless communication paths, at least some form of encryption helps.
Below you can see just some of the inane comments:
Another aspect to note is that through the ongoing Chrome updates like Chrome 68, Google has been creating much more feedback loops via the browser. One of the key things is the sharing of anonymized usage stats and page speed stats from the actual user view to augment what they can see via their bot crawls. In fact, Google just flat out calls it out if the individual page doesn’t have enough data reported by Chrome! When we run page speed tests, we can see Google does this at the individual page level. However, we now see Google specifically calling out “Chrome user Experience Report” on their page speed tests.
GOOGLE PAGE SPEED:
Want to see a positive on Google Page Speed, check out …yup, not a rolled-up view, but, as stated, the individual page…now that is showing the granularity with which Google is processing this usage data.
Additionally, as we SEO folks (and hopefully your IT team) know, in the age of more and more sites being built using JS frameworks like Angular and React, Google crawls can execute your site’s JS files. What we’ve also learned, is that Google doesn’t typically process the HTML and the JS at the same time, in order to balance the need to keep up with billions of sites across the web and the detriment it adds to even their massive clustered processing power. What this ends up resulting in is Google having to “post-process” the JS files, and stitch together what they would add to the context of a page. Because of this, we’re finding the necessity for site operators to take more of the onus on themselves to provide a clearer rendering of their sites upfront. This has led to more server-side pre-rendering requirements for all sites that have any JS active on them. This not only expedites the site load for everyday users using browsers like Chrome (yup, go back and read the section above again…we can wait), but also for the Googlebot itself so that you’re not dependent on them to post-stitch things exactly the way you actually present them to users.
Overall, Google is living up to what it promised. It is forcing the internet to become more secure and to try to make general users more educated about what things to look for and Chrome 68 is a next step in this by creating more obvious user visibility to it. As SEOs and site owners, our jobs are to make sure we and our client’s sites stay in compliance by looking at the breadcrumbs Google leaves behind and then determining what the next steps will be. There is always a logical progression, but as we move to more and more communication via devices and technology that, while adding much more day-to-day user convenience, it does mean staying educated about what aspects of those technologies are likely to be exploited by the unscrupulous types out there. I mean really, did you ever think that having a credit card that had a chip meant that all of us would have to replace our wallets to ones that have RFID protection? Think about that and think about Google’s push for more security. I personally think it is the right thing and, if those who were unwilling to make the shift make it now because of this, then I applaud Google for making that happen…and as an SEO who is often stuck reacting to Google, that is a huge compliment.
Also, my guess is that if Google didn’t push this now, the EU would have eventually anyway ¯\_(ツ)_/¯.