Google has announced that it is now offering privacy-friendly SSL encryption on its search engine, becoming the first major company to offer the protection. The company deserves credit and others who want to do more than pay lip service to privacy should immediately follow Google’s lead.
For now you can log into the more secure service at https://www.google.com. The “S” is critical, indicating you are connecting to Google’s server through the HTTPS protocol, rather than the usual HTTP. The “S” stands for secure. It means the data flowing on the network between your computer and Google’s servers is scrambled and can’t easily be intercepted and read. HTTPS is the usual protocol used automatically when connecting to such things as bank Websites and other Web pages were sensitive financial information is entered.
It’s also important do understand that the new service does not change the information you share with Google. The Internet giant continues to gather that and do everything it has always done so it can serve you up to advertisers. However, HTTPS makes it extremely difficult for anyone between you and Google to snoop on what you are doing.
That matters because what you search for can reveal a lot of sensitve personal information. Consumers using a WiFi net work at a coffee shop, for example, are likely targets for such snooping on their online activities. Employers can check up on workers on a network.
You’ll know you’ve reached Google’s secure service because of the image of a lock. See the picture below.
Consumer Watchdog has been pushing Google to offer SSL encryption since we launched our Google Privacy and Accountability Project nearly two years ago. At the recent annual shareholders’ meeting I asked CEO Eric Schmidt when Google would offer the privacy enhancing service. As you can see from the video below, he hinted it would happen soon.
As I mentioned, Google is the only major search engine to offer SSL encryption. The privacy friendly European-based search engine, Ixquick.com, also offers SSL and doesn’t store search logs. SSL encryption had been available on Gmail as an option for more than a year and Google made it the default mode for that service in January.
Google told The Register’s Cade Metz that the company hopes to make SSL the default for search as well:
“We hope to expand the functionality once we better understand how it affects users’ search experience. We expect that encrypted SSL search will slow down Google searches by a small degree, and we don’t like the idea of rolling this out to everyone before we’re able to test the performance effects and gather feedback from our users.”
No surprise there, I guess. Google never launches anything except in “Beta mode” and so it is with SSL encryption. But as soon as possible SSL should become the default for search. Maximum privacy protection should always be the default mode online. Let people who fully understand the risks turn off the protections.
Google does has a propensity to announce privacy enhancements after it suffers privacy breaches and criticism for its privacy gaffes. The Internet giant announced that SSL was becoming the default mode on Gmail just after it revealed it had been the victim of hackers thought to be based in China and that some email accounts of Chinese dissidents had been breached.
Similarly, though hinted at during the shareholders’ meeting, plans to offer SSL encryption were first officially announced in Google’s mea culpa blog post revealing the WiSpy scandal where Street View cars snooped on WiFi network communications.
Timing of Google’s privacy improving announcements may partially be due to public relations spin, but that in no way negates the importance of this substantial step to help safeguard consumers’ privacy. Google should be congratulated. The question now is when will Microsoft and Yahoo! take this important step.