Google will begin letting users run encrypted searches on its flagship search site Google.com starting next week, the company said in a blog post Thursday.

Allowing users to search using https - the web security system which many associate with online banking and shopping – would mark a first for a major search engine, and could begin a move by web services such as social networks to begin offering encryption for more than just log-ins. Such increased adoption would cut down on network eavesdropping and also have the added benefit of preventing some online attacks.

Ironically, the announcement of the upcoming change came in a long blog post explaining that the search company had been "mistakenly" eavesdropping and recording what people were doing on unencrypted wi-fi networks as its Street View cars were taking pictures of cities around the world and recording the IDs of wifi networks and routers. That data is used to help geo-locate people using devices without GPS, but the company has said for years it was not collecting session data.

Google turned on encryption – better known as https:// – as a default for Gmail users earlier this year. That encrypts the data sent between a user's browser and Google's servers, making it nearly impossible for someone in the middle to read the contents of that e-mail. When not using SSL, a user of a school or corporate network can have their e-mail and web traffic content read by authorities who control the network, while anyone using an open Wi-Fi connection can have their traffic sniffed by a hacker using simple tools.

Gmail was the first major webmail service to offer encryption for full sessions, rather than just for log-ins. Google allowed power users to use https:// for years, and under pressure from privacy and security advocates turned it into the default for all users earlier this year. In contrast, Gmail's competitors including Yahoo Mail or Microsoft's Hotmail don't even offer https sessions as an option.

Using https, rather than http, is not technically difficult, but the authenticating handshakes between a server and a browser do require more resources from both a server and the browser. That means it costs a company more to run a service and can slow down an application.

Image: Darwin Bell

See Also: