The move is
part of the company’s HTTPS-everywhere vision for the internet
By Tomáš Foltýn
Google has rolled out .app, a new top-level
domain (TLD) that is the first to require encrypted HTTPS connections for all
.app websites, according to an announcement
by the search giant’s CIO Ben Fried.
The company opened up .app domains for
registration as part of the Early Access Program on Google Registry on May
1. The domains will be up for grabs for the general public through other
registrars from May 8.
“A key benefit of the .app domain is that
security is built in—for you and your users. The big difference is that
HTTPS is required to connect to all .app websites, helping protect against ad
malware and tracking injection by ISPs, in addition to safeguarding against
spying on open WiFi networks,” reads the press release.
The domain is geared towards app developers
in particular, although, in fact, Domain Name Wire quoted a Google representative as saying in March that the
domain is not reserved exclusively for them. Some of the early adopters of .app
domains are featured on get.app.
“Even
if you spend your days working in the world of mobile apps, you can still
benefit from a home on the web. With a memorable .app domain name, it’s easy
for people to find and learn more about your app. You can use your new domain
as a landing page to share trustworthy download links, keep users up to date,
and deep link to in-app content,” according to the announcement.
Google, which paid
$25 million for .app in 2015, controls a total of 45 TLDs, including .how,
.dad, .eat, .soy, or .google. According to the global domain name authority ICANN,
the internet has 1,543 TLDs as of May 4.
The move is part of Google’s HTTPS-everywhere
vision for the internet. In February, for example, the company announced that Chrome 68, due in July of this year, will
mark all HTTP websites as “not secure”.
Finally, a quick note: HTTPS, or Hypertext
Transfer Protocol Secure, encrypts web traffic, making sure that submitted data
is safe from prying eyes while in transmission. It is, therefore, important to
check for the presence of HTTPS in the browser’s address bar whenever we submit
sensitive data to a website. However, the protocol’s presence alone does not
automatically guarantee safety from a number of other threats. Even a site that has HTTPS can be malicious: phishing sites, for example, have been increasingly embracing HTTPS.