NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Google Testing Encrypted (SSL) Search by Default

Google Testing Encrypted (SSL) Search by Default

http://j.mp/ogA71p  (This message on Google+)

 - - -

I've long been a proponent of the concept that all data on the Internet
should be encrypted *by default* whenever possible.

So I'm very pleased to note today that Google has publicly acknowledged
that they are now testing encrypted SSL search by default, an
extension of their move months ago to make SSL search available on a
"manual" basis for users accessing Google Search by entering
https://www.google.com via their browsers.

The current default SSL test will automatically redirect some users to
https://encrypted.google.com -- apparently a percentage of Chrome
browser users in particular at this stage.

A side effect of this change is that in most cases "referer" (that's
the accepted spelling in this context!) data will not be passed to
servers of clicked search results from an SSL Google Search.  This
information, such as "clicked page address" and search query terms, is
traditionally sent and has become an important mechanism for sites to
determine pages linking inbound, search patterns, user interest, and
other statistics.

While it can be argued that the absence of referer and other
associated data may be privacy enhancing, there are significant
collateral downsides as well.  Ways do exist to help deal with this
aspect of the situation.  Existing mechanisms such as Google's
Webmaster Tools could be expanded to provide more statistical insight
for site owners.  The use of "proxy relays" to bridge referers is
another possibility.

Overall, Google's move toward fully encrypted search by default should
be viewed as an important milestone in the continuing effort to ensure
that communications between users and the services with which they
choose to engage on the Internet are as secure as possible from prying
eyes and tampering.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
 - Network Neutrality Squad: http://www.nnsquad.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com