[real-eyes] Google to Offer Encrypted Search Next Week
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Sat, 15 May 2010 08:11:43 -0500
The following article is from wired.com
Steve
Google to Offer Encrypted Search Next Week
By Ryan Singel
Google will begin letting users run encrypted searches on its flagship
search site
Google.com starting next week, the company said in a blog post Thursday.
Allowing users to search using https - the web security system which
many associate
with online banking and shopping — would mark a first for a major search
engine,
and could begin a move by web services such as social networks to begin
offering
encryption for more than just log-ins. Such increased adoption would cut
down on
network eavesdropping and also have the added benefit of preventing some
online attacks.
Ironically, the announcement of the upcoming change came in a
long blog post
explaining that the search company had been “mistakenly” eavesdropping
and recording
what people were doing on unencrypted wi-fi networks as its Street View
cars were
taking pictures of cities around the world and recording the IDs of wifi
networks
and routers. That data is used to help geo-locate people using devices
without GPS,
but the company has said for years it was not collecting session data.
Google turned on encryption — better known as https:// — as a default
for Gmail users
earlier this year. That encrypts the data sent between a user’s browser
and Google’s
servers, making it nearly impossible for someone in the middle to read
the contents
of that e-mail. When not using SSL, a user of a school or corporate
network can have
their e-mail and web traffic content read by authorities who control the
network,
while anyone using an open Wi-Fi connection can have their traffic
sniffed by a hacker
using simple tools.
Gmail was the first major webmail service to offer encryption for full
sessions,
rather than just for log-ins. Google allowed power users to use https://
for years,
and under pressure from privacy and security advocates turned it into
the default
for all users earlier this year. In contrast, Gmail’s competitors
including Yahoo
Mail or Microsoft’s Hotmail don’t even offer https sessions as an option.
Using https, rather than http, is not technically difficult, but the
authenticating
handshakes between a server and a browser do require more resources from
both a server
and the browser. That means it costs a company more to run a service and
can slow
down an application.
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] Google to Offer Encrypted Search Next Week - Steven Clark
