Google has extended SSL coverage to its biggest service yet, the Web Search. The new encrypted search offers significant privacy protection at virtually no cost.
The HTTPS (Hypertext Transfer Protocol Secure) is a protocol that makes use of SSL/TLS to encrypt HTTP communications. Even though HTTPS dates back to the '90s, until a few years back only a select number of websites, like online banking systems, enabled this security mechanism for entire browsing sessions.
It has always been a known fact that network administrators can snoop traffic passing through the infrastructure they control, yet people never really cared on a wide scale that their private communications could be intercepted and viewed without authorization. A more widespread need for HTTP encryption wasn't felt until the rapid proliferation of unsecured private wireless networks and hotspots, which made Man-in-the-Middle (MitM) attacks from ill-intent parties a lot more likely.
Session-wide HTTPS has been available for Gmail for years, however, the majority of users remained unaware of the option or of how to enable it. Finally, after repeated pleads
from security researchers, IT experts or privacy advocates and after performing extensive testing, Google enabled it
by default for all users of its email service.
Enabling encryption for Web Search might not seem as important as protecting private emails
, but the move carries important privacy benefits, especially for users in countries where freedom of information and speech carry little meaning. "When you search on https://www.google.com, an encrypted connection is created between your browser and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party on your network," the company explains
in a post on its official blog.
But protected search terms and search results are not the only benefit of the new SSL encryption. The feature also strips the referrer URL from the browser's header when visiting a URL shown in the search results. Therefore, the website in question won't see that you reached it after performing a Google Web search.
According to The Register
, Google plans to enable HTTPS for Web Search by default in the future as it did for Gmail, but only after more testing is performed to make sure the change won't negatively impact large groups of users. It is also worth noting that, at the moment, SSL encryption is not yet available for all services that normally integrate with Web Search, such as Image Search or Google Maps.