Google search gets default SSL security

Google is making secure sockets layer (SSL) encrypted search the default for signed-in users as part of an effort to help preserve security and privacy, especially when using unsecured wireless networks or Internet cafes.

If you don't have a Google account, or if you're merely not signed in, Google.com will work as usual, according to the official blog entry. But if you're signed in, you'll be redirected by default to https://www.google.com (note the extra 's'), and all of your searches will be protected from prying eyes. Google says that this is even more important given its increased focus on delivering personalized search results.

This isn't the first time Google's offered SSL-encrypted search: a secure search domain has been available for over a year, but it's never before been made default for any user.

What webmasters need to know about clicks from security-enabled users: Google will still register as the referrer, but it'll no longer provide data about the specific query that brought the user to your site. However, every 30 days, webmasters can receive a report of the top 1,000 traffic-driving search strings.

A potential sticking point for users is that this newfound anonymity doesn't appear to extend to advertising. As the Google blog says:

If you choose to click on an ad appearing on our search results page, your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.

Google may be committed to promoting the SSL security standard across its product line and the web at large, but it's still very much in the advertising business. And caveats like that act as a harsh reminder that Google will choose its advertisers over your privacy every time.