Blog Post

Is Google adding a default security setting?

Posted by

Tue, Aug 9, 2011 at 4:44 pm

  • Share
Is Google adding a default security setting?

One of the dangers of using public Wi-Fi networks at coffee shops and the like is that anybody else on the network can read your email, Facebook postings, search requests and easily hack into your account unless the data is encrypted.

The most common is SSL encryption using the HTTPS protocol.  If you use it, transmissions between your computer and  the website you are visiting can’t be read by third parties.

As computer security researcher Chris Soghoian argues persuasively in an article on ars technica, maximum security should be the default setting out of the box.

Google initially offered HTTPS encryption on Gmail as an option, but you had to figure out how to turn it on.  It wasn’t particularly easy or intuitive, nor widely advertised. The result was that most people never bothered.  To its credit, Google now offers encryption by default in Gmail.

True, it only made the move after a major hacking incident believed to have originated in China and considerable pressure from privacy activists like Consumer Watchdog. But the Internet giant finally did the right thing. Facebook and Microsoft’s Hotmail still only offer HTTPS as an option, not by default.

Google also offers SSL encrypted search; you can find it at this site.

I believe it should be offered as a default.

Based on a colleague’s experience today, I think maybe Google is contemplating that idea.  When he entered google.com into the toolbar on a his Safari browser, he was taken directly to Google SSL.  It didn’t work when he used Firefox.

It didn’t happen for me  no matter which browser I used, leading me to believe  the Internet giant’s engineers are experimenting as they always are doing.   They should make SSL encryption the default mode for everyone’s searches.

Share
, ,

This post was written by:

John M. Simpson

- who has written 349 posts on Inside Google.

John M. Simpson is a leading voice on technological privacy and stem cell research issues. His investigations this year of Google’s online privacy practices and book publishing agreements triggered intense media scrutiny and federal interest in the online giant’s business practices. His critique of patents on human embryonic stem cells has been key to expanding the ability of American scientists to conduct stem cell research. He has ensured that California’s taxpayer-funded stem cell research will lead to broadly accessible and affordable medicine and not just government-subsidized profiteering. Prior to joining Consumer Watchdog in 2005, he was executive editor of Tribune Media Services International, a syndication company. Before that, he was deputy editor of USA Today and editor of its international edition. Simpson taught journalism a Dublin City University in Ireland, and consulted for The Irish Times and The Gleaner in Jamaica. He served as president of the World Editors Forum. He holds a B.A. in philosophy from Harpur College of SUNY Binghamton and was a Gannett Fellow at the Center for Asian and Pacific Studies at the University of Hawaii. He has an M.A. in Communication Management from USC’s Annenberg School for Communication.

Contact the author

One Response to “Is Google adding a default security setting?”

  1. wendels Says:

    HTTPSecure and SSL are, agreed, very important – but with the Internet now 20 years old SSL is still not even in grade school. There are problems – both on consumer and business sides – using SSL. I’ve had CTOs opt-out of implementing SSL for a plethora of reasons, and none of them had to do with security.

    I follow this blog sporadically. Unfortunately I don’t find many articles insightful or informative… a lot of it comes over as “war-mongering” – but credit where credit is due:

    This article was informative, balanced and air-tight. SSL should be default for all websites, and there isn’t really any good argument against that.

    I hope to read more articles like this one here in the future.

Leave a Reply