Google Forcing HTTPS. Let's Encrypt Centralized Control. (2022)

By Xah Lee. Date: 2022-10-24. Last updated: 2025-10-21.

2025-02-14

Let's Encrypt Tactic on Censorship

Let's encrypt is a tool of capture to make it easier to censor people by revoking their access to Certificate Authorities

2022-10-24

Why is Your Site Not https?

lunarus said it best (on xah discord, 2022-06-04):

HTTPS and more specifically Let's Encrypt is a power play to control the internet and prevent counter-culture from forming. By browsers using scare tactics for enforcing https it puts the control of the internet into a handful of CAs making you vulnerable to cancelling.

Enabling cancel culture starts with the “undesirables” of the day and ends with authoritarian regime that oppresses everyone that isn't in line with the elite

There are sundry reasons. None is significant by itself, but all together, it's something unwholesome.

The Google empire and mainstream gang are forcing it with scare tactics, controlling websites. If google is really good about security or user privacy, it would allow self sign for encrypted traffic.
Adding https, is not that trivial. This prevents average programers voicing opinion on their own blog and domain.
Often, sites with https have misc problems. Such as cert expired, or mixed http and https that stir up scary warning by browsers.

2022-10-31

Cert Expired Censor

cert expired https censor 2022-10-30 c7yty

2025-03-11

Google Forcing HTTPS is Censorship Scam

forcing https, began by google, is a way to censor the masses and control info.
in the beginning, google empire gently suggested it, for so called security.
and mysteriously, at the same time some org spring up offering https for free. (so this google move becomes more acceptable )
after a few years, google start to de-rank non-https sites in their search result.

originally sites with https gets a lock icon in the url field. then it gets gradually worse.
then sites without https shows as insecure warning sign.
scare tactics.

vast majority of sites are not shopping sites.
you don't need encryption to read about your friend's birthday party or pol opinions.
also, vast majority, even coders, making a cert is too much hassle, even free.
then u get the expire issue, which occur very often.

requiring https, basically force sites to be centralized by a few giant cert orgs.
(and there is lots war n scam within cert orgs, there's incident...)
and, oddly, for so called security of non-credit card sites, google do not approve self cert.

and now, basically, firefox begin simply prevent reading of non ngo sanction sites.
that's basically 200 million sites.
firefox says it's experimental.
of course, they r trying to see how deep it can go, how coders receives it.

2025-10-21

Grok ai on Google Derank Non HTTPS (2025-04-10)

Google Derank Non HTTPS
https://x.com/i/grok/share/P5Lvdsh0oCwJI9TBt6IiUkwtZ

Google has been prioritizing secure websites for years, and non-HTTPS sites definitely take a hit in search rankings. The push started around 2014 when Google announced HTTPS as a ranking signal, meaning sites with SSL/TLS encryption (HTTPS) get a slight boost over those stuck on HTTP. It’s not just about encryption—Google’s aiming for a safer web where user data isn’t floating around unprotected. By 2018, they upped the ante, with Chrome marking all HTTP sites as "Not Secure," which spooks users and indirectly tanks traffic.

The logic’s simple: HTTPS encrypts data between the user and the server, cutting down risks like man-in-the-middle attacks. Google’s not outright banning HTTP sites, but the ranking penalty’s real—studies from SEO folks show HTTPS sites consistently outranking HTTP ones, all else equal. Plus, users are less likely to trust a site flagged as insecure, so click-through rates drop. It’s a one-two punch.

Switching to HTTPS isn’t a massive lift. Free SSL certificates from places like Let’s Encrypt make it dirt cheap, and most hosting providers streamline the setup. HTTP sites clinging to the old ways are mostly low-traffic or outdated ones, but even big players get dinged if they don’t redirect properly to HTTPS. Google’s not messing around—they want the whole web encrypted, and they’re using their search algo to enforce it.

Google Webmaster Central Blog 2014-08-06