Google has just announced that it is rolling out an encrypted version of its web search service, https://www.google.com. This is something we've been asking Google for privately and publicly for some time, and we're very pleased to see it come to pass.
Several important points about encrypted Google search:
- It isn't on by default. You need to make sure that the URL is https before you type your query. [We hope to be posting a better solution to this shortly].
- HTTPS only protects against eavesdropping. It doesn't prevent Google from logging your searches, or prevent a government or civil litigant from obtaining your records from Google. Defending yourself against logging may be possible, but is definitely harder.
- For the time being, encryption is only available for web search and a few other result types that you can click through to on the left of the results pages. Some important Google search services, such as maps and images, remain unencryptable for the time being.
- Google engineers have indicated that they have data showing that the extra latency required for HTTPS will make searches less pleasing in a very subconscious way. Their SPDY project is an attempt to offer a variant of HTTP that is both encrypted and lower-latency than the current one. We look forward to using it!