Google is expanding the use of SSL encryption on its web properties by making it the default for logged-in Google users searching from the company's homepage. In the coming weeks, logged-in users browsing to google.com will be redirected to https://google.com in an effort to help preserve security and privacy. That extra "s" in HTTPS means the communications between you and the Google search engine servers are encrypted.
The move should make it harder for someone to listen in on what you're doing and see what search terms you are sending to the search giant. This will be particularly useful for people using an unsecured Internet connection, such as an open Wi-Fi hotspot. Last year, Firefox extension FireSheep showed just how easy it is even for inexperienced computer users to snatch browser cookies sent over insecure connections, in some cases allowing them to log into another user's account via a process called HTTP session hijacking.
"Although SSL offers clear privacy and security benefits, it does not protect against all attacks. The benefits of SSL depend on your browser's list of trusted root certificates, the security of the organizations that issue those certificates, and the way in which you and your browser handle certificate warnings," writes Google in its support page for SSL search. "In addition, while the connection between your computer and Google will be encrypted, if your computer is infected with malware or a keylogger, a third party might also be able to see the queries that you typed directly."
Early last year Google made SSL the default setting in Gmail at all times, not just during sign-on, and introduced an encrypted search service located at https://encrypted.google.com four months later. Other prominent websites such as Twitter and Facebook have also added SSL support in recent months.