[shamzblueworld]

Well I've heard that google is declaring all sites that don't have ssl certificate as unsafe. So if this is true, how much damage it would be to a forum/website?

[raaman]

Well, I think Mr. Fergal will be in a position to tell. So, Mr. Fergal, please!

[Canaria]

I'm not Mr. Fergal but I think it's quite costly to integrate SSL on a website. That may not be the case, of course. As long you have an anti virus installed, you will probably do just fine, I guess.

[shamzblueworld]

I'm not Mr. Fergal but I think it's quite costly to integrate SSL on a website. That may not be the case, of course. As long you have an anti virus installed, you will probably do just fine, I guess.

But for a general blog or even a forum, I don't see such need of ssl, but I want to know what impact will it do if google does declare all sites without it unsafe. And does it matter for a forum?

[Canaria]

Under normal circumstances, no. The forum itself is far from harmful. But, every website is vulnerable to malware/virus attack, and this includes forum as well. If I recalled properly, last year 2 forums were injected with loads of malware, infecting its users with some sort of keyloggers, namely loverslab.com and ps3news.com That's why SSL is important nowadays, especially on website with money transaction.

[CyberFreak]

Really, SSL is not really needed for most sites however Google is attempting to force all sites to use SSL. While it can be free (via LetsEncrypt), it can be alot of work and inconvenience for website owners and the websites users. The main reason we do not SSL here is the complexity to set it up without having mixed content warnings. Basically we would need to force every offsite image a user links to to start with https or require the user to download the image and then upload it here. Really there isn't much need or expectation for a site like us to use SSL. It is just Google that feels the need to inflict this on every website.

[Doby]

SSL is not that useful in most of the websites. Google is just trying to make the web safer. But it will be so inconvenient for us, the simple users, I agree with CyberFreak.

[skysnap]

Google is enforcing the sites to have SSL as they are finding it harder to avoid spam and intrusive ads which affect user experience. Though there is only SEO and security requirement. Many sites can't switch blindly. Some blogs and shops can make the switch now but forums are harder to migrate. I don't think for forum it's required as there are two many errors to fix if migrated. I have written short article on this topic. viewtopic.php?f=67&t=14105

[shamzblueworld]

Really, SSL is not really needed for most sites however Google is attempting to force all sites to use SSL. While it can be free (via LetsEncrypt), it can be alot of work and inconvenience for website owners and the websites users. The main reason we do not SSL here is the complexity to set it up without having mixed content warnings. Basically we would need to force every offsite image a user links to to start with https or require the user to download the image and then upload it here. Really there isn't much need or expectation for a site like us to use SSL. It is just Google that feels the need to inflict this on every website.

And what if a site don't do it, how can it affect it? In SEO or what?

[raaman]

It is just Google that feels the need to inflict this on every website.

So you mean to say that our big brother Google is bad? Of course, I have seen this (Google's behavior) in so many other areas.

[CyberFreak]

Really, SSL is not really needed for most sites however Google is attempting to force all sites to use SSL. While it can be free (via LetsEncrypt), it can be alot of work and inconvenience for website owners and the websites users. The main reason we do not SSL here is the complexity to set it up without having mixed content warnings. Basically we would need to force every offsite image a user links to to start with https or require the user to download the image and then upload it here. Really there isn't much need or expectation for a site like us to use SSL. It is just Google that feels the need to inflict this on every website.

And what if a site don't do it, how can it affect it? In SEO or what?

Apparently Google already takes into account whether a site uses HTTPS when ranking sites and gives them a boost. Also in future the plan is for Chrome to show sites using HTTP as insecure with a red cross in the address bar of the browser.

It is just Google that feels the need to inflict this on every website.

So you mean to say that our big brother Google is bad? Of course, I have seen this (Google's behaviour) in so many other areas.

Personal opinion is yes. Google are basically making everyone use HTTPS whether they need it or not for their site and punish sites that don't need it and therefore don't use it. Thanks to Google, if you want to set up a basic website about your dog, you need to have it use HTTPS otherwise in the future, it will show as being insecure even though there is no need for a site like that to use HTTPS.

[shamzblueworld]

[Personal opinion is yes. Google are basically making everyone use HTTPS whether they need it or not for their site and punish sites that don't need it and therefore don't use it. Thanks to Google, if you want to set up a basic website about your dog, you need to have it use HTTPS otherwise in the future, it will show as being insecure even though there is no need for a site like that to use HTTPS.

But why? Why are they doing this? They are smart enough to know which site needs it and which don't.
They must also know that installing SSL can decrease the speed of the site as well, sometimes the smart can be very dumb as well. But maybe there is something else that we don't know? Behind the requirement of SSL...
Well until we see that red cross on chrome, I think we're fine. Maybe that would be the line when they draw it. Then most of us would have to get the damn thing even if we don't want/need it.