We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,721 News Articles

Google search domains to get HTTPS by default

More encouragement to use Google sign-on

The steady roll-out of SSL for the world's most popular websites continues with the news Google's global search domains including google.co.uk are finally to get HTTPS encryption by default over the coming weeks.

The company turned on HTTPS by default for its global .com domain in October, which now works for all users while signed into Google services, before which secure searching had to be conducted through a special site few would have heard of, https://encrypted.google.com.

Even once turned on, users outside the US wanting to access the HTTPS feature would have had to manually specify the .com domain (which some know is encrypted), or the equivalent local domain (which many don't) or change the default search engine in their browser, which few do.

Once implemented, the new setting will make that unnecessary although all users will still need to be signed into a Google service to access HTTPS search.

Twitter turned on https by default only three weeks ago after making the security an opt-in option last year. Facebook offers https in its security settings but is not engaged by default.

If SSL offers an important layer of security, why would companies not turn it on by default?

The main reason is that requires that the company can handle the encryption overhead at data centre level, no mean feat when millions of concurrent users are accessing a service. That adds complexity and expense, hence HTTPS's slow journey towards being becoming standard.

For Google users, encrypted search means that visited sites can see that a user has landed from Google, but not the search term entered. It also shields this data while using unsecured WiFi.

The impetus to get https turned on without the need for user interaction dates from the appearance of easy-to-use sniffing software such as Firesheep, a proof-of-concept research tool used to point out the weakness of Twitter and Google to eavesdropping when used on open wireless connections without SSL turned on.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...