This decision of Googleโs to shame any non-SSL-based website has nothing at all to do with protecting their users.
It has everything to do with pushing people to Googleโs services by making it harder for small businesses and others to create their own websites.
Have you ever installed a cert yourself? I have, and itโs not easy. Nothing about it is simple. It only takes me a few minutes now because Iโve done it dozens of times if not hundreds over a 15+ years IT career. But the first time I did it it took several days to get it all working.
People assume the good will of companies, and I canโt understand it. Have they never worked for a corporation? If there is any good will itโs all accidental because of a serendipitous alignment of user and corporate interests.
Google made the web better for a while but now itโs making it worse.
And so it goes.
Yowie I actually managed to do it, on a shared hosting outfit that won’t allow me to run Certbot (I figured in this case it would be better to ask permission than forgiveness). No root access, no SSH even, just “Siteworx” GUI control panel, very, very carefully following the instructions at https://gethttpsforfree.com/ (third time being the charm in this instance). Voila. Does that get me the “server-side netizen” badge?
Now to come up with some content for Google not to censor (at least on that grounds).
Nice. I have a domain that I use for my private VPN that I’ve got a non-self-signed cert on but that runs on a Windows server, so I can’t use Certbot or any similar tools.
It’s been sociologically informative to watch the web transition from a wild west anarchic free-for-all to all the walled gardens with corporate censorship and how democratization actually constrained possibilities, curtailed thinking, rather than the opposite.
A lesson contained therein that probably related to our larger democracy….