Google encrypts search to thwart Wi-Fi hackers

Google has radically expanded its use of bank-level security that prevents Wi-Fi hackers and rogue ISPs from spying on your searches.

Starting 18 October, logged-in Google users searching from Google's homepage will be using https://google.com, not http://google.com -- even if they simply type google.com into their browsers. The change to encrypted search will happen over several weeks, the company said in a blog post.

The change means that the communication between a user's browser and Google's servers will be wrapped in encryption by default for those logged into their Google account. That means that hackers, school administrators and nosy corporate network admins won't be able to see what search terms you are sending to the search giant.

Google introduced an HTTPS search option in May 2010, but users had to decide to go to that page (https://google.com). Google made it harder to find after schools objected to the change, saying it prevented them from censoring and monitoring their charges.

This go-round Google is  providing a way for schools and network administrators to prevent the redirect to HTTPS, but Google will also make it clear to searchers on those networks that they are not sending data to Google via encryption.

Web marketers also howled at the idea of encrypted search, because every time a Google user clicks on a search result and goes to another website, the destination is told what search term led the user there. That marketing data is not sent from an encrypted page.

To mollify this criticism, Google is saying that from now on, websites will have to get the data on the top 1,000 search terms that led visitors to their site from Google's webmaster tools. But the change will still throw a monkey wrench into complicated analytics tools that try to understand which search terms lead to sales on their site, which tells a website how to better optimise their website to earn those clicks.

The trade-off for users however is that they'll be better protected when they use Wi-Fi, which is particulary easy for hackers to spy on. Tools as simple as FireSheep allow even the most unskilled computer user to hijack Facebook accounts, and more powerful tools like WireShark are easily found on the web.

The blog post did not explain why the default to HTTPS is only for signed-in users. But according to spokesman Jay Nancarrow, Google's increasing use of personalised search for logged-in users makes them ideal to start with. For now, the change does not apply to search from mobile devices and browser search bars or searches on Google search sites customised for other countries and regions. However, those are all things Google would like to encrypt as well.

SSL doesn't prevent Google from knowing the content of your searches, and if you did not turn off the so-called Web History option upon sign-up, Google will store them in perpetuity. Those without Google accounts or those who want to search more securely without signing in can simply navigate to https://google.com.

Google has been a leader in adding SSL support to cloud services. Gmail is now encrypted by default, as is the company's new social network, Google+. Facebook and Microsoft's Hotmail make SSL an option a user must choose, while Yahoo Mail has no encryption option, beyond its intial sign-in screen.

Source: Wired.com

Other News

17 Jul

My Work Experience at Inventive Design

My name is Joe and I'm a year 10 student at Bideford College in North Devon, I chose to do my work experience at Inventive Design and today they've let me loose on their blog to tell you about my week here!

I arrived here at the office on Monday morning, not really knowing what to expect. I started work at 9am and jumped straight into it... [read more]

20 Feb

Digital Account Manager Vacancy

Due to continued growth Inventive Web Solutions are now recruiting again. We currently have a vacancy for a Digital Account/Project Manager. Reporting to the Business Development Manager you will be expected to work as part of a multi-discipline team. You will be responsible for establishing and strengthening client relationships and will... [read more]

10 May

IWS welcomes new Account Manager

IWS would like to welcome Neil Sharp-Dent, our new account manager, who started with us on the 3rd May 2011. Neil will be taking over various admin tasks as well as becoming the main point of contact for our existing clients. Neil has a huge amount of experience in client facing roles and we are looking forward to him being able to use his... [read more]

26 Jun

Improve the Structure of your URLs

Creating descriptive categories and filenames for the documents on your website can not only help you keep your site better organized, but it could also lead to better crawling of your documents by search engines. Also, it can create easier, "friendlier" URLs for those that want to link to your content. Visitors may be intimidated by... [read more]