Alphabet Inc. was created in 2015 as a holding company which would own Google and its existing subsidiaries. In some ways, things haven't changed much after the corporate restructuring; on the other, higher hand, Alphabet has basically tossed the informal Google motto of "Don't be evil" and replaced it with "Don't let anybody get away with anything."

Currently under the gun: anybody with a Web site. This is what the company currently says:

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users' connection to your website, regardless of the content on the site.

"Encourage"? Does this sound encouraging?

How do you shame an unencrypted website?

The bard might advise that your sites be foul, undigested lumps, and the developers scullions! Rampallians! Fustilarians!

Then he'd likely threaten to tickle their catastrophes and their venomous toad-tainted nonencryptiousness.

Google Chrome, on the other hand, plans to strip it down: starting in January 2017, the browser will start flagging some unencrypted sites as plain old "Not Secure."

OK. Well. It's a start. The "NS" label is the first step in Google's eventual plan to shame all sites that donít use encryption.

That was earlier this year. This is what's coming:

Eventually, all HTTP pages will be labeled non-secure, and the HTTP security indicator will change to the red triangle/exclamation mark that Google uses for broken HTTPS.

Which is where I find myself at the moment. I do have a proper certificate, courtesy of the kind folks at Let's Encrypt. All the WordPress stuff on this site — about twenty thousand posts' worth — is marked as broken, except for the WP admin itself, which is nicely secure except for the Dashboard. What's different about the Dash? A third-party script, specifically the little widget that displays WordPress News. I can live with that, since presumably no one else is reading my Dashboard. Weirdly, all the Vents seem to be properly secure, so apparently my 301 redirects are working for them.

That leaves, oh, seven thousand or so old Movable Type posts, static pages dated 2002 through 2006, which, if a user's browser is set to the typical default of "Block non-SSL scripts," display 1993-style text without ever referring back to the style sheet for those posts. I have discovered, mostly by accident, that converting the same-site absolute links to HTTPS manually will get me a pat on the back from TLS. There is, of course, a downside: the average page from this era has ten such links. So I have to fix somewhere upward of 70,000 links, or beg people to turn off this security setting. This latter, I am unwilling to do.

What's miffed me about this, of course, is that I'm having to do all this work to stay in Google's good graces. If I don't, I stand to lose a lot of my analytical data, including about 85 percent of my search strings, and there goes "Strange search-engine queries," which is my second most popular feature. I'm not saying I can't do the patch job, because I most certainly can. (At this writing, I've fixed about 400 of those 7000 pages.) More troubling, though, is the broken encryption in WordPress. I suspect this is the fault of the social-media buttons, which shoot data via tunnels I can't even locate, but if it is, I'm at the mercy of Facebook and/or Twitter. (I killed the Google+ button after noting it wasted a line without any measurable feedback.)

And ultimately, I see this as inevitably what happens when one organization has too much power. Not that anything can be done about it; the federal government has no interest in shrinking institutions grown too big for their britches, and the pockets of those britches are stuffed with disincentives of various denominations. So what else is new?

The Vent

#1034
  26 October 2017

 | Vent menu | E-mail to Chaz

 Copyright © 2017 by Charles G. Hill