Google Aims to Encrypt Most Ads by the End of June

By bringing HTTPS support to all ad-serving platforms, Google wants to protect users from ad-borne security threats when watching videos or opening mobile apps.

Google Security

Most of the advertisements that Google serves up on its various online properties will be fully encrypted, starting later this year.

The company has already moved all YouTube ads to the secure HTTPS protocol and is now working toward encrypting search ads across all its systems, two Google vice presidents wrote in a blog post Friday.

By the end of June, most mobile, video and desktop display advertisements served to the Google Display Network, AdMob and DoubleClick publishers will also be fully encrypted.

The changes are designed to ensure that users are safe from ad-borne security threats when watching videos, opening mobile apps or running any applications, the two Google executives blogged. Moving ads to HTTPS ensures that users will automatically have an encrypted connection with the ad servers, just like they have an encrypted connection when using Google Search and Gmail and YouTube.

"Since 2008, we've been working to make sure all of our services use strong HTTPS encryption by default," wrote Neal Mohan, vice president of product management, Display and Video Ads, and Jerry Dischler, vice president of product management, AdWords. "In addition to providing a secure connection on our own products, we've been big proponents of the idea of HTTPS Everywhere," they noted.

Google's latest moves build on its effort to get more Websites to start supporting HTTPS, a protocol that adds a layer of encryption on top of the standard HTTP that has been used on the Internet for years. HTTPS enables Websites to securely authenticate themselves to client browsers and encrypts all communication between the browser and server. Such encryption is considered critical to protecting against online snooping, man-in-the-middle attacks, Website spoofing and other security threats.

Google has been on a mission to foster wider use of HTTPS via its support for initiatives like HTTPS Everywhere, an extension for Chrome, Firefox and Opera that enables fully encrypted communications between browsers and Websites.

In addition, Google has begun using HTTPS as a measure for ranking Websites on its search engine. Google's Chrome now features an alerting mechanism that warns users when they visit a site that does not support HTTPS. Initially, Chrome will simply warn users who visit a non-HTTPS site about the site's "dubious" security. However, later this year it will escalate the warning and mark such sites as "non-Secure."

Google's moves to encrypt its ads coincide with an ongoing campaign by the Interactive Advertising Bureau (IAB) to get its members to start adopting encryption, as well. In a recent alert, the IAB noted that it is time for the online ad industry to catch up with other Internet stakeholders in supporting HTTPS.

According to the IAB, a survey of its membership last year showed that nearly 80 percent of its member networks already support HTTPS. While that is a good start, ad publishers need—not only to support HTTPS on their own ad servers, but also to ensure their agencies' ad servers and those belonging to data partners, as well as any other system in the ad delivery chain, support the encryption protocol, as well.

Enabling such support ensures better server authentication and communications and makes it more expensive for malware authors to use an ad server to deliver malware to Internet users, the IAB said.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.