Advertising giant Google has announced a big step toward increasing users' privacy on the web: the enabling of HTTPS encryption for search traffic. It's not all good news, however.
While many of Google's services - including Gmail and Calendar - already support always-on encryption, Google's main search site does not. Last year, the company introduced an encrypted version of its search portal - but required that users manually choose to use it.
Now, Google is flipping the switch and making the search site encrypted for all logged-in users. Users who have not logged in to their Google account, or who don't have an account to log in to, will continue to see the normal unencrypted page unless they choose to manually visit the encrypted version.
"This is especially important when you’re using an unsecured Internet connection, such as a Wi-Fi hotspot in an Internet cafe," explains Google's Evelyn Kao of the shift. "You can also navigate to https://www.google.com directly if you’re signed out or if you don’t have a Google Account."
The move doesn't just encrypt the traffic, however, but the search queries themselves - and that's something which search engine optimisation companies aren't happy about.
At present, the majority of web browsers let a site know what page a visitor comes from using a 'referrer header.' In the case of traffic from Google, this includes the search terms used to find the page.
Now, however, those search terms won't be included - taking a useful piece of information away from webmasters looking to see precisely how traffic is reaching their sites, and making the lives of so-called 'SEO experts' that much more difficult.
Tellingly, however, the encryption won't be turned on for Google's advertising partners. "If you choose to click on an ad appearing on our search results page, your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you," Kao admits.
On the one hand, Google's move to almost-always-on encryption is a good thing, and something more sites should adopt; on the other, Google is taking away a useful tool from the majority of webmasters while keeping it for those that choose to use its advertising products.