Google to encrypt searches by default

Google to encrypt searches by default

Summary: Google has begun to roll out SSL (secure socket layer) encryption for its search engine by default, protecting users who weren't aware the option existed.

SHARE:
TOPICS: Google, Browser, Security
4

Google has begun to roll out SSL (secure socket layer) encryption for its search engine by default, protecting users who weren't aware the option existed.

(Prison Planet image by Mark Rain, CC2.0)

SSL encrypts web traffic to ensure user information and accounts are protected against hijacking, especially over unsecured Wi-Fi network. Most web browsers display a padlock symbol when it is in use and website addresses are prepended with https://, representing the use of Hypertext Transfer Protocol Secure (HTTPS), which is a combination of the Hypertext Transfer Protocol with SSL.

Google had rolled out encryption for web searches in May this year, but had not made it the default option. It is likely that many users who are unaware of the security risks associated with connecting to unsecured networks are also unaware of the benefits of turning on SSL, or even how to do so, and could be the most vulnerable.

Encryption is only on by default for users who are signed in. Users signed out or without Google accounts have to navigate to https://www.google.com if they want the added protection. Additionally, it appears that some regional-based versions of the SSL-enabled search engine aren't yet online, with https://www.google.com.au reverting to the Australian version of Google without SSL encryption.

Previously, SSL was only used to encrypt traffic when users logged in to sites to protect usernames and passwords. However, with tools such as Firesheep, malicious users were able to trivially hijack users' accounts without knowing the username or password if the entire session wasn't encrypted.

Google enabled full-session SSL encryption on Gmail by default in January this year and other sites have made the move to do the same. Twitter now provides full-session encryption by default and while Facebook has the option to do so, it is not switched on unless done so manually by the user.

Facebook said in its blog post in January that it hopes to be able to enable it by default in the future.

Topics: Google, Browser, Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Interesting that it's yet another feature not available for .au yet.
    pleitch-38f49
  • Visit the Karen Millen Outlet & choose from a wide selection of products, all at great prices. Sign up now for an extra 10% off at the Bridgend designer outlet.
    karen millen clothes
    Flaclejarry
  • It is such an exciting thought: fly to an exotic country, spend a week or two under the gentle sun, and who knows, may be meet with a seductive local. But it's not so exciting when you realise you've got an unwelcome "present"
    belstaff jacket
    shappeata
  • What a great post! I just got my iPhone for Christmas and was wondering which Apps were worth getting for shopping, etc! I\¡¯m downloading the Seafood Watch app today!
    belstaff bags outlet
    inepantee