Google to encrypt searches by default

Summary:Google has begun to roll out SSL (secure socket layer) encryption for its search engine by default, protecting users who weren't aware the option existed.

Google has begun to roll out SSL (secure socket layer) encryption for its search engine by default, protecting users who weren't aware the option existed.

(Prison Planet image by Mark Rain, CC2.0)

SSL encrypts web traffic to ensure user information and accounts are protected against hijacking, especially over unsecured Wi-Fi network. Most web browsers display a padlock symbol when it is in use and website addresses are prepended with https://, representing the use of Hypertext Transfer Protocol Secure (HTTPS), which is a combination of the Hypertext Transfer Protocol with SSL.

Google had rolled out encryption for web searches in May this year, but had not made it the default option. It is likely that many users who are unaware of the security risks associated with connecting to unsecured networks are also unaware of the benefits of turning on SSL, or even how to do so, and could be the most vulnerable.

Encryption is only on by default for users who are signed in. Users signed out or without Google accounts have to navigate to https://www.google.com if they want the added protection. Additionally, it appears that some regional-based versions of the SSL-enabled search engine aren't yet online, with https://www.google.com.au reverting to the Australian version of Google without SSL encryption.

Previously, SSL was only used to encrypt traffic when users logged in to sites to protect usernames and passwords. However, with tools such as Firesheep, malicious users were able to trivially hijack users' accounts without knowing the username or password if the entire session wasn't encrypted.

Google enabled full-session SSL encryption on Gmail by default in January this year and other sites have made the move to do the same. Twitter now provides full-session encryption by default and while Facebook has the option to do so, it is not switched on unless done so manually by the user.

Facebook said in its blog post in January that it hopes to be able to enable it by default in the future.

Topics: Google, Browser, Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.