Google on Friday introduced an encrypted version of Google Search, a move that makes it far more difficult for anyone to intercept and read communication between Google and users during search sessions.
Encrypted search is available by initiating an https:// connection to Google rather than an unprotected http:// connection.
Had Internet users in Europe been using Google’s encrypted search, their searches would not have been exposed by Google’s recently disclosed inadvertent collection of wireless network traffic from public WiFi hotspots.
But Google’s introduction of encrypted search isn’t in response to that incident, said Google product manager Murali Viswanathan in a phone briefing. It’s part of a broad initiative to add encryption to its services.
In January, Google enabled https:// connections for Gmail by default, having previously made it an option available to users who wanted extra security.
As a consequence of using an https:// connection to reach Google, clicking on a search results link will send less information to the Web site at the end of the link. Encrypted search users will not transmit the search keywords they entered when they submitted their query or the fact that they used Google to find the site at the end of the search results link. This deprives publishers of information that may be useful to their marketing efforts, which may be why Google isn’t forcing everyone to use encrypted search. But it provides Google users with more privacy.
Adding encryption represents a cost for Google, though Viswanathan was unable to provide data to quantify the expense. It costs Google in terms of computational resources and engineering time.
“It requires a lot of work from the development side,” said Viswanathan. “We do realize those extra costs do bring extra benefits to our users.”
There’s also a cost for the user: Encrypted search is slightly slower, through Viswanathan says it shouldn’t be noticeable.
Encrypted search is not a complete security solution. Data has to be presented to the user in unencrypted form so any person or malware that has access to the user’s computer or mobile device may be able to read that information. Encryption does nothing to prevent users from being duped into supplying personal information to phishers. And the encryption only extends to Google Search at the moment; searches on Google Maps or Google Images, for example, will not be encrypted.
To prevent users from inadvertently shifting from encrypted to unencrypted search, Google is removing the Maps and Images links from the left-hand menu pane on its search results pages.