Google has vowed to serve ads over HTTPS from its massive advertising network.
The move will make it easier for website owners to go fully SSL-protected, serving their webpages and ads over HTTPS rather than just the pages over HTTPS and mixing in ads over HTTP, which is insecure. It also means each ad and its link can't be tampered with in-transit by miscreants.
Where you end up after clicking on an ad is still up the advertiser, so users can be tricked into visiting sites booby-trapped with exploit kits, which are designed to hijack their PCs via security vulnerabilities in their software.
Google veeps Neal Mohan and Jerry Dischler say the move is in line with the SSLing of all things Google, an effort that may encourage everyone else to encrypt all their web traffic.
“By encrypting ads, the advertising industry can help make the internet a little safer for all users,” the pair say in a post.
“With these security changes to our ads systems, we’re one step closer to ensuring users everywhere are safe and secure every time they choose to watch a video, map out a trip in a new city, or open their favourite app.”
As of June 30 most mobile, video, and desktop display ads served over Google's Display Network, AdMob, and DoubleClick will be spewed across the web via SSL.
The pair note that admen association the Interactive Advertising Bureau are calling on internet billboards to use HTTPS for their eyeball grabbing, and that many industry players are obeyed.
Google's ad initiative follows the encryption of its Search, Gmail, YouTube, and Drive services, which is part of a wider effort by major tech players to use SSL to try to lock out crims and government snoops.
It comes as the Choc Factory announced a tweak in the new Chrome browser that will help system administrators upgrade insecure mixed content using the policy directive