Networking

Google offers encrypted sessions for Web search

Google provides a small benefit for users who value their privacy: encrypted Web searches. Here's what you should know about the limitations of SSL encryption.

Google provides a small benefit for users who value their privacy: encrypted Web searches.


The Official Google Blog suggests we should "search more securely with encrypted Google Web search". While complete session encryption for Gmail has already been available for quite a while, the same has not been true of Google's core end-user service: Web search. That changes with the addition of SSL encryption to the capabilities of Google Web search.

This is not a perfect protection of your privacy, of course, for a number of reasons. The most obvious is the simple fact that there are sure to be weaknesses in any system for secure communication over the Internet, though one hopes that service providers will (eventually) recognize the value of working to minimize those weaknesses. Another is that SSL is far from the most secure means of establishing an encrypted connection across the Internet; it not only does not boast as well-armored an approach to establishing an encrypted connection as protocols like SSH, but is also generally subject to the problem of its authentication infrastructure being predicated on what amounts to a tremendous business scam.

Regardless of these problems, SSL still does provide a means of establishing a strongly encrypted connection, which can keep eavesdroppers on your network connection out of your personal business. Employing an SSL connection option for Google Web search is a huge improvement over wholly unencrypted search, and Google should be commended for taking this step following the urging of the EFF and other privacy advocates.

It is important that users do not mistake this encrypted connection for more than it is, however. It in no way protects your privacy against:

  • spyware on the computer used to connect to Google's Web search page
  • Google's tendency to collect information about users' search activities
  • government's and litigants' ability to access such information
  • your ISP noting what site you visit when clicking the link for a Google search result

Not all search-related services offered by Google are covered. For instance, Google Images and Google Maps searches are not currently supported by Google's SSL encryption option.

The SSL encrypted connection for Google Web search is not default behavior. To ensure SSL encryption for your searches, make sure that you are on an SSL encrypted Google Web search page before you enter your search terms.

Google's information page for its SSL encrypted Web search is remarkably up-front about the implications of this new feature. See the Google SSL search help page for more information.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

2 comments
santeewelding
santeewelding

As I plot the downfall of the United States of America, that I should not believe all that I am told?

Ocie3
Ocie3

Quote: [i]"... your ISP noting what site you visit when clicking the link for a Google search result"[/i] If the connection between my computer and Google's computer is encrypted, then the owner of the DNS server which resolves the URL in a search result might log the event, but it seems that my ISP would not be able to identify either the DNS exchange or the subsequent connection as the result of a Google search. If the ISP can do that, then please tell me which part of the picture that I'm not seeing here. Of course, the ISP can simply log each connection that is made between the IP address assigned to me and another IP address (such as the Google secure search page). AFAIK, they can do that even if it is an SSL connection. (Please note that I, at least, do not use the DNS servers provided by my ISP. They are too slow and do not return HTTP 404 error pages.)

Editor's Picks