NNSquad - Network Neutrality Squad
[ NNSquad ] Google moves to make SSL search default for some users -- plus my comments
Google moves to make SSL search default for some users -- plus my comments
http://j.mp/r9gcRD (This message on Google+)
- - -
http://j.mp/pGqiWI (Official Google Blog)
"As search becomes an increasingly customized experience, we
recognize the growing importance of protecting the personalized
search results we deliver. As a result, we're enhancing our
default search experience for signed-in users. Over the next few
weeks, many of you will find yourselves redirected to
https://www.google.com (note the extra "s") when you're signed in
to your Google Account. This change encrypts your search queries
and Google's results page. This is especially important when
you're using an unsecured Internet connection, such as a WiFi
hotspot in an Internet cafe. You can also navigate to
https://www.google.com directly if you're signed out or if you
don't have a Google Account."
- - -
As regular readers know, for years I've been arguing that ISPs'
reading and in some cases tampering with users' Internet connections,
including to search engines like Google, amounts to wiretapping. So
as I noted about a month ago, I'm very pleased to see additional moves
by Google to protect more of their services via default SSL.
At the same time, there are some nontrivial issues associated with
such changes, especially related to the handling of HTTP "referer"
data ( http://j.mp/rmnip5 ["Friend or Foe" / Lauren's Blog] ).
For now, you may wish to view this article that gives a good overview
of the implications of what Google has announced today:
http://j.mp/redkEA (Search Engine Land)
In particular, it is not clear to me at this moment whether Google is
specifically blocking non-ad referers in the SSL->SSL situation that
ordinarily would still permit referers to pass.
Google has told me that their emphasis on logged-in users at this
early phase of default search SSL rollout (apparently representing
less than 10% of total Google searches), is indeed based on the
logical view that logged-in users using personalized search services
are more likely to benefit from this additional protection right now.
Some observant Google users may have noticed that Google has been testing
default http: -> https: redirects for some months (I saw it myself when
my searches diverted for about a week or so), and there wasn't any obvious
consternation from the SEO (Search Engine Optimization) community. Whether
this will remain the case as larger percentages of Google Search users are
moved to SSL will be interesting to observe.
Referers represent a complex value proposition element, where the
interplay between privacy and beneficial data is in many cases
complex.
Overall though, the move toward default SSL should be viewed as a very
positive one.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
- PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren
Twitter: https://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com