An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com .

October 18, 2011

Google Encrypted Search for Logged-in Users

Google announced that in the coming weeks all Google.com users that are logged in will be redirected to Google Secure Search. The secure version of Google Search has been launched last year and now includes all the features from the regular Google interface. The main difference is that the connection is encrypted and Google is the only one who knows the queries you've typed. ISPs, network administrators, those who intercept your connection and the webmasters of the pages from Google's search results won't able to find your searches. "SSL encrypts the communication channel between Google and a searcher's computer. When search traffic is encrypted, it can't easily be decoded by third parties between a searcher's computer and Google's servers," as Google says.

"As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we're enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra 's') when you're signed in to your Google Account. This change encrypts your search queries and Google's results page. This is especially important when you're using an unsecured Internet connection, such as a WiFi hotspot in an Internet cafe," explains Google.


Right now, https://www.google.com no longer redirects to https://encrypted.google.com and Google no longer informs users that they're using Secure Search. It's important to keep in mind that no other search engine offers this feature and SSL has a performance penalty, which means that search results pages will load slower. This is especially noticeable when you use Google Instant and the results won't show up as fast as before.

After the security incident from December 2009, Google went to great lengths to make its services more secure. Most services that require authentication default to SSL and many no longer offer unencrypted versions. It's interesting to see that Google Search will be treated just like Gmail, Google Docs, Google+ and other services that store user data even if this change won't make too many people happy (users will complain that search results pages load slower, webmasters will complain that their logs will be less useful, AdSense ads from search results will no longer be able to use the Google query and fewer users will click them, companies won't be able to monitor their employees' Google searches). Google already offers some solutions that address these issues: webmasters can use Google Webmaster Tools to find the most popular Google searches that sent users to their sites, while network admins can try the NoSSLSearch option.

It's an important change, but I don't see why signed-in users should be treated differently and why protecting user queries outweighs the drawbacks mentioned earlier. One of the explanations could be that search will no longer be a distinct service and will integrate with Google+, Gmail, Google Docs Drive so much that it will be hard to notice when you've switched to a different app. Larry Page, Google's CEO, has recently said that "our ultimate ambition is to transform the overall Google experience, making it beautifully simple, almost automagical, because we understand what you want and can deliver it instantly. This means baking identity and sharing into all of our products so that we build a real relationship with our users. Sharing on the Web will be like sharing in real life across all your stuff."

This blog is not affiliated with Google.