Google has begun to roll out SSL (secure socket layer) encryption for its search engine by default, protecting users who weren't aware the option existed.
SSL encrypts web traffic to ensure user information and accounts are protected against hijacking, especially over unsecured Wi-Fi network. Most web browsers display a padlock symbol when it is in use and website addresses are prepended with https://, representing the use of Hypertext Transfer Protocol Secure (HTTPS), which is a combination of the Hypertext Transfer Protocol with SSL.
Google had rolled out encryption for web searches in May this year, but had not made it the default option. It is likely that many users who are unaware of the security risks associated with connecting to unsecured networks are also unaware of the benefits of turning on SSL, or even how to do so, and could be the most vulnerable.
Encryption is only on by default for users who are signed in. Users signed out or without Google accounts have to navigate to https://www.google.com if they want the added protection. Additionally, it appears that some regional-based versions of the SSL-enabled search engine aren't yet online, with https://www.google.com.au reverting to the Australian version of Google without SSL encryption.
Previously, SSL was only used to encrypt traffic when users logged in to sites to protect usernames and passwords. However, with tools such as Firesheep, malicious users were able to trivially hijack users' accounts without knowing the username or password if the entire session wasn't encrypted.
Google enabled full-session SSL encryption on Gmail by default in January this year and other sites have made the move to do the same. Twitter now provides full-session encryption by default and while Facebook has the option to do so, it is not switched on unless done so manually by the user.
Facebook said in its blog post in January that it hopes to be able to enable it by default in the future.