Google turns on SSL encryption for search
Https option for google.com
Google has added SSL encryption to its primary search engine.
Today, with a blog post, the company announced that netizens now have the option of establishing a secure https connection when searching google.com. To use the service, you must explicitly visit https://www.google.com (Notice the extra "s"). At time of writing, the link was being redirected to Google's default, unencrypted search page on our computers. A spokesman says the SSL service is being rolled out gradually on Friday.
The service also uses its own Google logo, so you can be doubly sure that SSL is in place:
"The service includes a modified logo to help indicate that you’re searching using SSL and that you may encounter a somewhat different Google search experience, but as always, remember to check the start of the address bar for 'https' and your browser lock indicators," the post reads.
The "search experience" will differ because Google has not extended SSL across companion search services such as Google Image Search and Google Maps. Because of this - and because establishing an SSL can slow things down a bit - the service carries a beta tag.
"When you search using SSL, you won’t see links to offerings like Image Search and Maps that, for the most part, don’t support SSL at this time," the post continues. "Also, since SSL connections require additional time to set up the encryption between your browser and the remote web server, your experience with search over SSL might be slightly slower than your regular Google search experience."
Google promised https for search in a blog post last week, when it announced that its Street View had "mistakenly" captured payload data from open Wi-Fi networks as its cars drove across the globe snapping digital photos. "This [Street View] incident highlights just how publicly accessible open, non-password-protected Wi-Fi networks are today," last Friday's post reads. "Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search."
Google also offers SSL as an option with its Calendar, Docs, and Sites services, and just recently, it added SSL to Google Web History and Google Bookmarks, after a security vulnerability was found in the search personalization service that taps Web History. Google hopes to add https to other services as well.
Yahoo and Bing have yet to offer encrypted versions of their services, except when users are logging in. Hotmail this week announced plans to offer always-on SSL when the service is relaunched in the next few months.
A Google spokesman also indicated it plans to make SSL encryption the default for search. "We hope to expand the functionality once we better understand how it affects users' search experience," the spokesman told us. "We expect that encrypted SSL search will slow down Google searches by a small degree, and we don’t like the idea of rolling this out to everyone before we’re able to test the performance effects and gather feedback from our users." ®
Cool, now the bad guys can't see my searches
oh, wait, no, Google still know exactly what I searched for and are busy monetizing that data. Score!
Using encrypted SSL will prevent third party crooks like BT/Phorm profiling you on the basis of your communications with Google.
You are then free to make your own choice about using Google or not, knowing that only you and your chosen search engine see your communications.
Which is the way it ought to be.
If UK ISPs can't be trusted with communications data, encryption is the inevitable result.
Well that screws Phorm (and their evil siblings like Hitwise and Nebuad) over.
Which makes it a slightly better world than it was yesterday.
Roll on encryption. Because if the CPS and Police won't protect the privacy/security/integrity of UK communications, it is the way forward for communications in this country.
That or walking down to the shops, buying a newspaper, paying cash, and visiting the village library from time to time... in a 1980s pre-internet retro kind of way.
Which, if I'm honest, is starting to appeal to me a lot more than being spied on for the rest of my life.