Wouldn't Let's Encrypt offset any significant benefit of this change? Is it somehow difficult or counterproductive for these sites to add a certificate?
Getting more sites to use Let's Encrypt, or Cloudflare, or to buy a certificate is the intended benefit of the change. Google is gradually restricting these APIs to encrypted origins in order to encourage sites to use encryption, not because they don't want the APIs used.
cloudflare's "flexible ssl" option encrypts the connection between their datacenter and the user, but not the one between the datacenter and the actual web server
i guess it's better than nothing if your host doesn't support ssl but the false sense of security could be harmful
Coincidentally, I'm working on a travel app and had to spend some time automating let's encrypt on our servers because of the update. In the end, I came out as a huge fan of LE.
It is counterproductive, as many ad networks are not fully HTTPS-compliant yet. So you'll literally lose money by switching to HTTPS. It's why many big media sites still haven't done it yet.
It's a chicken-and-egg problem, but it's starting to improve.
Honestly if google really wanted to push this, they would do something to penalize http only ads. That would really pressure advertisers to upgrade or lose.
Why don't ad networks care about HTTPS? It would increase the number of potential sites that can show their ads, make it more difficult for ISPs to block their ads, and allow browsers to load their ads over HTTP/2.
If slow ads were a problem, why are ad networks so damn slow? I frequently see ads taking 10–20 seconds to load on major news sites. Serving fast ads would mean more viewing time, yet that doesn't seem to be a priority for anyone.
"On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10 KB of memory per connection and less than 2% of network overhead. Many people believe that SSL/TLS takes a lot of CPU time and we hope the preceding numbers will help to dispel that."
