NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Google moves to make SSL search default for some users -- plus my comments

Google moves to make SSL search default for some users -- plus my comments
http://j.mp/r9gcRD  (This message on Google+)

 - - -

http://j.mp/pGqiWI  (Official Google Blog)

   "As search becomes an increasingly customized experience, we
    recognize the growing importance of protecting the personalized
    search results we deliver. As a result, we're enhancing our
    default search experience for signed-in users. Over the next few
    weeks, many of you will find yourselves redirected to
    https://www.google.com (note the extra "s") when you're signed in
    to your Google Account. This change encrypts your search queries
    and Google's results page. This is especially important when
    you're using an unsecured Internet connection, such as a WiFi
    hotspot in an Internet cafe. You can also navigate to
    https://www.google.com directly if you're signed out or if you
    don't have a Google Account."

 - - -

As regular readers know, for years I've been arguing that ISPs'
reading and in some cases tampering with users' Internet connections,
including to search engines like Google, amounts to wiretapping.  So
as I noted about a month ago, I'm very pleased to see additional moves
by Google to protect more of their services via default SSL.

At the same time, there are some nontrivial issues associated with
such changes, especially related to the handling of HTTP "referer"
data ( http://j.mp/rmnip5 ["Friend or Foe" / Lauren's Blog] ).

For now, you may wish to view this article that gives a good overview
of the implications of what Google has announced today:

http://j.mp/redkEA  (Search Engine Land)

In particular, it is not clear to me at this moment whether Google is
specifically blocking non-ad referers in the SSL->SSL situation that
ordinarily would still permit referers to pass.

Google has told me that their emphasis on logged-in users at this
early phase of default search SSL rollout (apparently representing
less than 10% of total Google searches), is indeed based on the
logical view that logged-in users using personalized search services
are more likely to benefit from this additional protection right now.

Some observant Google users may have noticed that Google has been testing
default http: -> https: redirects for some months (I saw it myself when
my searches diverted for about a week or so), and there wasn't any obvious
consternation from the SEO (Search Engine Optimization) community.  Whether
this will remain the case as larger percentages of Google Search users are
moved to SSL will be interesting to observe.

Referers represent a complex value proposition element, where the
interplay between privacy and beneficial data is in many cases

Overall though, the move toward default SSL should be viewed as a very
positive one.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com