Rolling Out HTTPS Google search

Sid Stamm

23

Now in Aurora: Secure Google Searches are default. In Aurora when you search using the location bar, search box, or the right-click menu, your search will be sent to Google through a secure (HTTPS) connection. You won’t notice a difference in how you search, but your Google search suggestions and search results will be presented through a secure web site.

Enabling HTTPS for these searches shields our users from network infrastructure that may be gathering data about the users or modifying/censoring their search results. Additionally, using HTTPS helps providers like Google remove information from the referrer string. While Google users may expect Google to know what they are searching for, Firefox users may not be aware these search terms are often transmitted to sites they visit when they click on items in the search results; enabling HTTPS search helps sites like Google strip this information from the HTTP referrer string, putting the user better in control of when and to whom their interests are shared.

Encrypting our users’ searches is our next step into giving users better control over their data online. Enabling HTTPS for Google searches helps Firefox users maintain better control over who sees things they search for — queries that are often sensitive. We’re excited to see this improvement in our upcoming releases now that we, with Google’s help, have been able to provide our users a secure and responsive secure search.

23 responses

  1. Brenno wrote on :

    Not to forget that this makes possible to use SPDY too…

  2. Brian wrote on ::

    This is a bad proposal I suspect is influenced by Google’s financial support. It is a back-door way for Google to effectively assert significant, possibly monopoly control over a significant amount of important search data available to webmasters unless they subscribe to Google’s services.

    There is no need to protect user privacy because users already have means to shield who they are. Such as a proxy, or other add-ons available in Firefox that prevent their personal identification.

    The claim user privacy is protected is nonsense. Isn’t the user’s IP, search string and other data PROVIDED TO GOOGLE? Why is providing this information to Google lauded but not to the webmaster trying to design a website for the user?

    Now, the many websites that rely on referer information will be broken. Tools and software that compete with Google’s data offerings will disappear because they will no longer have the search data.

    The ultimate result is that webmasters and website owners will need to subscribe to Google’s services to get important information about what search terms are being used to find their web pages. Google will decide what, if any, information webmasters will receive. With Google’s new privacy policies it means webmasters must identify themselves to Google.

    The ultimate purpose, and result, is not to protect user privacy, but to give Google exclusive control over user information and to force webmasters to use Google’s services instead of competitive software.

    1. Sam wrote on :

      Don’t be a heater dude, you are seeing the bad everywhere! having SSL by default is good seriously and you know it, just try to find a conspiracy on anything.

      1. Austin wrote on ::

        He’s not being a “heater” — read his argument and do a little research.

  3. Brandon wrote on ::

    I really hate this move as a fair amount of users to my websites use Firefox and I am not sure this actually provides them much of any protection from anything except possibly information targeted for them. P.s. a typo exists on the posting.

  4. Benjamin Stein wrote on ::

    This is a great trend all around. Great work for leading the charge.

  5. Sami Lehtinen wrote on ::

    This also means that SPDY will be used with Google Search by default. Without SSL SPDY can’t be used.

  6. Anti-Google wrote on :

    This has nothing to do with security. Removing the referrer information puts Google in the position to use (sell?) this information exclusively.

    While Google is collecting more and more data about users you call it an “improvement” to keep away referrer information from website owners. This is ridiculous.

    So Mozilla get’s its money from Google and in return you do what Google tells you.

  7. R P wrote on :

    Love this. Thanks for aiding us in controlling a bit more of our online lives.

  8. Koozai Mike wrote on ::

    Whilst I applaud the desire to protect user privacy it is worth clarifying that when information is passed on to website users about search activity it has always been de-personalised.

    Although the search itself can be seen there’s no name, or any personal information that would allow a website owner to identify that person. Just the search query and the number of times that led to a visit on your website.

    Blocking this data means website owners will have no way to see why a person arrived on their website. Being able to see this data helps us to write better content in the future that answers your questions.

    Do you hate it when you search and see no relevant results? Well that will only get worse in the future. If you visit a website for a query string and a page doesn’t answer your question we can at least now see what you wanted and try to help you in the future. With that data hidden it’s simply not possible to do so. Without the data we are left to guess what people want, which is a real loss for the Internet and the needs of millions of searchers.

    1. Ben Johnston wrote on ::

      Well said, Mike.

      It’s also worth mentioning at this juncture that although the keyword data is not provided for organic results, this data is still provided when you click a paid advert in Google. Essentially, the message is, you can still get this data if you want to pay for it and ads are becoming harder and harder to distinguish from organic results.

      I’m all for privacy, but this really isn’t about privacy.

      1. Austin wrote on ::

        I’m definitely curious about where this change originated. Sid does explicitly mention “censoring/modifying search results” so perhaps there’s an international freedom of information subcurrent here.

        But as far as monitoring via network infrastructure, this does go hand-in-glove with Google’s nerfing of Google Analytics keyword data… and it’s much more totalitarian because it affects all Ffox users by default.

        It certainly makes me wonder whether Firefox is receiving any compensation or considerations from Google in exchange for this change in function.

  9. lucb1e wrote on ::

    Search is very central to the web, HTTPS will slow it down. I think it should be very easy to enable the feature, but doubt if it’s a good default.

  10. rob shavell wrote on ::

    Sid,
    this is great news for FF users. More browsers should follow suit, or at least have an easy-to-find option for users. we’re also excited to be extending this concept when we update GoogleSharing to use only https and enhance the reliability of searching over ssl AND through a basic proxy to further protect consumers privacy.

  11. Adam Buchanan wrote on ::

    From a privacy perspective, I get it and I’m in favor of this decision. However, I’m also a search marketer. Changes like this continue to make optimizing Google AdWords advertising nearly impossible. I’m just a bit bummed I guess.

  12. Joni Ratrspur wrote on ::

    Except when your searches need to be secured by the all time king of profiling and data gathering… Google itself.

    Users need to be protected from Google itself when searching because it is THEM who has the greatest power and potential to collect information about a user.

  13. Yuriy wrote on :

    Why stick you heads in the sand? Why delete well reasoned and rational comments? This doesn’t bode well for Mozilla and only serves to alienate my colleagues and I from Mozilla products. This opinion is shared by more than just a small percentage of people; enough to impact market share. Consider that.

    1. Sid Stamm wrote on :

      @Yuriy: The comments were held by our aggressive spam filter (we get lots of comment spam here). I’ll try to adjust the filter and make sure they’re approved more quickly.

  14. Johannes Faustus wrote on :

    I’ve used the HTTPSEverywhere add-on for the last year or so, which connects using HTTPS wherever possible – including to Google. I find that if I’m careful in choosing sites to visit I can enjoy a fairly complete, fully private browsing session even on a monitored network (client workplace, random coffee bar).

    I endorse building this capability within Firefox for Google searches, and I would be even happier if you could add the HTTPSEverywhere capability of having a lengthier whitelist of HTTPS-capable sites, automatically using HTTPS for all sites on it.

  15. tulga wrote on :

    no

    1. tulga wrote on :

      good

  16. tulga wrote on :

    yes

  17. Joshua wrote on :

    Agree with: Johannes Faustus wrote on May 10th, 2012 at 2:03 pm: