News Clipping

Is Google adding a default security setting?


Tue, Aug 9, 2011 at 4:44 pm

    Is Google adding a default security setting?

    One of the dangers of using public Wi-Fi networks at coffee shops and the like is that anybody else on the network can read your email, Facebook postings, search requests and easily hack into your account unless the data is encrypted.

    The most common is SSL encryption using the HTTPS protocol.  If you use it, transmissions between your computer and  the website you are visiting can’t be read by third parties.

    As computer security researcher Chris Soghoian argues persuasively in an article on ars technica, maximum security should be the default setting out of the box.

    Google initially offered HTTPS encryption on Gmail as an option, but you had to figure out how to turn it on.  It wasn’t particularly easy or intuitive, nor widely advertised. The result was that most people never bothered.  To its credit, Google now offers encryption by default in Gmail.

    True, it only made the move after a major hacking incident believed to have originated in China and considerable pressure from privacy activists like Consumer Watchdog. But the Internet giant finally did the right thing. Facebook and Microsoft’s Hotmail still only offer HTTPS as an option, not by default.

    Google also offers SSL encrypted search; you can find it at this site.

    I believe it should be offered as a default.

    Based on a colleague’s experience today, I think maybe Google is contemplating that idea.  When he entered into the toolbar on a his Safari browser, he was taken directly to Google SSL.  It didn’t work when he used Firefox.

    It didn’t happen for me  no matter which browser I used, leading me to believe  the Internet giant’s engineers are experimenting as they always are doing.   They should make SSL encryption the default mode for everyone’s searches.

    , ,

    One Response to “Is Google adding a default security setting?”

    1. wendels Says:

      HTTPSecure and SSL are, agreed, very important – but with the Internet now 20 years old SSL is still not even in grade school. There are problems – both on consumer and business sides – using SSL. I’ve had CTOs opt-out of implementing SSL for a plethora of reasons, and none of them had to do with security.

      I follow this blog sporadically. Unfortunately I don’t find many articles insightful or informative… a lot of it comes over as “war-mongering” – but credit where credit is due:

      This article was informative, balanced and air-tight. SSL should be default for all websites, and there isn’t really any good argument against that.

      I hope to read more articles like this one here in the future.

    Leave a Reply