Marking a significant change in its security protocols, Google announced that its Analytics service now secures all communications between client websites, end users, and Google servers.
Formerly, Google followed its clients’ individual preferences in choosing whether or not to secure their web traffic via the standard HTTPS encryption protocol. Now, the market leader in web analytics is using HTTP Strict Transport Security (HSTS) to direct supported browsers to employ HTTPS for all communications, regardless of the security protocols for individual sites.
In announcing the change, Google pointed to the shared benefits of enhancing data security across the web: “…with the increase in privacy related concerns we have made the decision to secure all communication to and from Google Analytics, protecting our clients, our client’s end users, and the broader internet.”
The change requires no implementation or code modifications on the part of clients and their websites, and there is no way of opting out of the enhanced security protocols.
Google also disclosed at least one potential wrinkle for clients: the service will not be able to collect analytics from end users employing firewalls that block HTTPS for security purposes.
As the number of websites using its services grows to the tens of millions, Google Analytics’ comprehensive approach to encryption marks a major step forward in ensuring the security and privacy of data across the web.
Read Google’s updated Analytics security policy here.