You are hereGoogle Secure Search


Google Secure Search


By hagrin - Posted on 03 June 2007

Update - As of 17 May 2010, it looks as if secured search will be offered by Google!

After reading about another vulnerability found in the Google Desktop software (a new man-in-the-middle attack), I was reading through some user comments at Slashdot and was hit by one of them like a ton of bricks -

Why doesn't Google offer secured search?

Wait a second, they don't? They offer a secured version of their Gmail application. Although Google doesn't make it very public that a secured version exists, you can login through a SSL page and all pages will be appended with the https prefix. But, what happens when you try to navigate to https://www.google.com ? Simply, you are redirected to the basic Google search page.

So, is this even a big deal? Probably not since many services are not encrypted over SSL. In addition, the data being passed are simply search terms. However, if search terms can be sniffed and recorded and indexed by parties outisde of Google, there is a certain level of privacy that doesn't exist that maybe should. When Google released their search history and web history functionality, many outsiders complained about the privacy violations. However, if a third party could garner the same information through back channels, should we be as equally concerned? When you think about the biggest sites around on the Internet, I cannot think of one single site that gets nearly the smae traffic Google does and that offers a SSL connection for all their pages. Therefore, one has to wonder how well the secured search solution would scale and what type of overhead would be involved on offering the solution at all - no less by default.

My final thought - I think it would be nice if the option existed, but it definitely doesn't need to be a default connection that "normal" users need to conern themselves with. I think that you will see a secure search page within the next year or two for sure.