back to article Google adds default end-to-end encryption to search

Google is rolling out default end-to-end encryption to people who use the site to seek for images, news and general webpages, a change that will better protect search queries and results from eavesdroppers. The SSL, or secure sockets layer, service will be offered by default to users who are signed into their Google accounts, …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Fit me for a tinfoil hat

    But I feel like searching while logged into my G account is quite a bit bigger privacy risk than some random sniffer catching my search terms at starbucks.

  2. Anonymous Coward
    Anonymous Coward

    Significant Milestone

    This presumably means that the US gov have perfected trivial SSL eavesdropping, and will have their kit up and running in the next weeks.

    May I be the first to welcome our... oh.. wait.. that already happened.

    1. Tony Humphreys
      Black Helicopters

      Why eavesdrop?

      Why break in when you have a back door key?

  3. Don Bannister

    When on ?

    As the title says. If you put in https:// for, it just reverts to a normal http:// connection.

  4. Trev 2

    What will be interesting is whether the search terms still appear in Google Analytics from these

    searches. Can't imagine they're going to drop that info if they can help it.

    But if they do include the info, and no other analytics type package can see it (due to not being connected into big G's database) then doesn't that steer them into hot water over stifling analytics competition?

    Actually pretty sure if it comes via SSL the referrer isn't sent, thus seriously breaking most analytics systems?

    1. Anonymous Coward
      Anonymous Coward


      You think this is a problem? If I go to and search for 'Trev 2' (for example) and I click on the link to your website, you'll get the connection, but you won't get a referral header. This is what the current HTML spec says is supposed to happen.

      I think what you'll see is that sites will start sending search-engine specific urls, so where formerly you'd get this link in google:

      now you'll get

      Until google drops these sites from its index.

      Alternately, Google could decide to add a variable to the url:

      although this could break things worse.

  5. Anonymous Coward
    Anonymous Coward

    Wait, let me get this straight.

    This "security" feature means people must now buy ads from Google to know which search terms drove people to their sites?


    1. Anonymous Coward
      Anonymous Coward


      it means that you have to ask them yourself, instead of simply being able to parse your webserver logs.

      besides, if all search engines implement https, you won't know if they found your site via, or, so you'll have to buy from the equivalent of google adwords on from every search engine.

    2. Anonymous Coward
      Anonymous Coward

      Why the quotes?

      Using SSL is not a "security" IS a security feature.

      The beneficial side-effects for google and subsequent stuffing of website hosts and analytics packages do not detract from the increased security offered to end users.

      1. Anonymous Coward
        Anonymous Coward

        Security of what?

        Your search terms? Why? The search result you then click on probably won't be https, so it'll be out there for any to see.

        Bit pointless compared to the real baddies: malware pages that spam the search itself. Google should really be working on that, but that probably doesn't help to sell more ads. Actually many of those malware sites even run Google ads...

        1. Anonymous Coward
          Anonymous Coward

          Re: Security of what?

          > Security of what? Your search terms?

          Yes, well done! It means that no one can snoop on what I am searching.

          > Why?

          Because I don't want anyone snooping on my searches, I am not sure if I can be any more obvious...

          > The search result you then click on probably won't be https, so it'll be out there for any to see.

          Not Google's problem or responsibility. They are making THEIR service HTTPS which is a good thing for the users of their search.

          Just because you don't give a damn doesn't mean others don't and Google has decided to cater to those people.

  6. Anonymous Coward
    Anonymous Coward

    That's all very well...

    ...but it's Google I don't want to give information to.

    1. Anonymous Coward
      Anonymous Coward

      but it's Google I don't want to give information to

      So use the Scroogle add on if you are using Firefox, (don't know if its available for other browsers).

      1. Anonymous Coward
        Anonymous Coward

        I use IxQuick

        No logging and has had SSL for ages.

      2. Tomato42

        You can configure scroogle as the web search of choice for any browser, including, but not limited to, Opera, IE, Konqueror, Chrome, ...

        It may not be as easy as installing a new add-on, but it is possible.

  7. Anonymous Coward
    Anonymous Coward

    So let me get this right

    This is great!

    So let me get this.

    Don't sign in, random people can see my searches, but still be fairly "anon"

    Sign in, Google know EXACTLY who I am and track everything I search for.

  8. Paul 98

    Are the search terms not sent in the address bar unencrypted anyway? They do here:

    1. Havin_it


      Just because you see them in the address bar doesn't mean they go over the wire exactly like that.

      Domain and source/dest IP addresses are the only things not encrypted in transit.

  9. Anonymous Coward
    Anonymous Coward


    Surely anyone using wireless hotspots who cares about their security would be signed up with a VPN service already? That way, all your traffic is encrypted rather than you having to pick and choose which sites you use based on them providing SSL or not.

    I am pretty sure that the security angle is being used to justify this, but the motives, as pointed out by comments above, are more commercial.

    1. Tomato42

      most IT workers don't do this, I really can't see a starbucks hipster using VPN

      Internet as a whole should have moved to HTTPS years ago.

  10. wyatt


    As previously commented, using Firefox (7.01) it removes the 'https://' and just shows If you use IE (8) then it doesn't. Anyone know a way round this?

    1. Anonymous Coward
      Anonymous Coward

      assuming you're wanting firefox to show the protocol, go to about:config and change browser.urlbar.trimURLs to false..

    2. Anonymous Coward
      Anonymous Coward

      Secure Scroogle

  11. Test Man


    You haven't checked recently then, writer-of-article, because the Microsoft apps that communicate with the Hotmail servers were updated ages ago to work with SSL-enabled accounts.

This topic is closed for new posts.

Other stories you might like