Feeds

Google turns on SSL encryption for search

Https option for google.com

Top 5 reasons to deploy VMware with Tegile

Google has added SSL encryption to its primary search engine.

Today, with a blog post, the company announced that netizens now have the option of establishing a secure https connection when searching google.com. To use the service, you must explicitly visit https://www.google.com (Notice the extra "s"). At time of writing, the link was being redirected to Google's default, unencrypted search page on our computers. A spokesman says the SSL service is being rolled out gradually on Friday.

The service also uses its own Google logo, so you can be doubly sure that SSL is in place:

Google SSL search logo

"The service includes a modified logo to help indicate that you’re searching using SSL and that you may encounter a somewhat different Google search experience, but as always, remember to check the start of the address bar for 'https' and your browser lock indicators," the post reads.

The "search experience" will differ because Google has not extended SSL across companion search services such as Google Image Search and Google Maps. Because of this - and because establishing an SSL can slow things down a bit - the service carries a beta tag.

"When you search using SSL, you won’t see links to offerings like Image Search and Maps that, for the most part, don’t support SSL at this time," the post continues. "Also, since SSL connections require additional time to set up the encryption between your browser and the remote web server, your experience with search over SSL might be slightly slower than your regular Google search experience."

Google promised https for search in a blog post last week, when it announced that its Street View had "mistakenly" captured payload data from open Wi-Fi networks as its cars drove across the globe snapping digital photos. "This [Street View] incident highlights just how publicly accessible open, non-password-protected Wi-Fi networks are today," last Friday's post reads. "Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search."

Google also offers SSL as an option with its Calendar, Docs, and Sites services, and just recently, it added SSL to Google Web History and Google Bookmarks, after a security vulnerability was found in the search personalization service that taps Web History. Google hopes to add https to other services as well.

Yahoo and Bing have yet to offer encrypted versions of their services, except when users are logging in. Hotmail this week announced plans to offer always-on SSL when the service is relaunched in the next few months.

A Google spokesman also indicated it plans to make SSL encryption the default for search. "We hope to expand the functionality once we better understand how it affects users' search experience," the spokesman told us. "We expect that encrypted SSL search will slow down Google searches by a small degree, and we don’t like the idea of rolling this out to everyone before we’re able to test the performance effects and gather feedback from our users." ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.