All blogs hosted on Google’s blogspot.com domain are now accessible through an encrypted HTTPS connection. This gives more control to blog readers who value privacy.
Google started offering users of its Blogger service the option to switch their blogspot.com sites to HTTPS in September, but now that setting has been removed and all blogs have received an HTTPS version that users can access.
Instead of the “HTTPS Availability” option, blog owners can now use a setting called “HTTPS Redirection,” which will automatically redirect all visitors to the HTTPS version of their blogs. If the setting is not used, users will still be able to access the unencrypted HTTP version.
Forcing HTTPS by default would have been better, but would likely have triggered mixed content alerts in user browsers for some blogs. These errors occur when a website served over HTTPS loads resources, such as images and code, from external servers that do not use HTTPS.
“Mixed content is often caused by incompatible templates, gadgets or post content,” Google software security engineer Milinda Perera said in a blog post Tuesday. “While we proactively correct most of these errors, some of them can only be corrected by you, the authors of the blog.”
To help authors quickly spot such errors, Google has integrated a tool directly into the Blogger Editor that alerts authors of mixed content issues even before a blog post is saved and published.
In addition to using blogspot’s subdomains, Google’s Blogger service allows users to use their custom domains for their blogs; however, these blogs have not yet received HTTPS support.
This contrasts with WordPress.com, the blogging platform operated by Automattic, which recently enabled HTTPS by default for all custom domains. The company achieved this by partnering with Let’s Encrypt, a new certificate authority that provides free SSL / TLS certificates and automates their deployment, configuration, and renewal.
Users who still want to access the HTTPS version of a blogspot.com domain can install the HTTPS Everywhere extension developed by the Electronic Frontier Foundation and available for Google Chrome, Mozilla Firefox, and Opera.
Copyright © 2016 IDG Communications, Inc.