October 23, 2011

HTTPS everywhere: Google, we salute you!

Google radically expanded Tuesday its use of bank-level security that prevents Wi-Fi hackers and rogue ISPs from spying on your searches.

Starting Tuesday, logged-in Google users searching from Google’s homepage will be using https://google.com, not http://google.com — even if they simply type google.com into their browsers. The change to encrypted search will happen over several weeks, the company said in a blog post Tuesday.

We have known for a long time that the answer to web insecurity is this: There is only one mode, and it is secure.

(I use the royal we here!)

This is evident in breaches led by phishing, as the users can't see the difference between HTTP and HTTPS. The only solution at several levels is to get rid of HTTP. Entirely!

Simply put, we need SSL everywhere.

Google are seemingly the only big corporate that have understood and taken this message to heart.

Google has been a leader in adding SSL support to cloud services. Gmail is now encrypted by default, as is the company’s new social network, Google+. Facebook and Microsoft’s Hotmail make SSL an option a user must choose, while Yahoo Mail has no encryption option, beyond its intial sign-in screen.

EFF and CAcert are small organisations that are doing it as and when we can... Together, security-conscious organisations are slowly migrating all their sites to SSL and HTTPS all the time.

It will probably take a decade. Might as well start now -- where's your organisation's commitment to security? Amazon, Twitter, Yahoo? Facebook!

Posted by iang at October 23, 2011 05:24 AM | TrackBack

A brilliant initiative, however, its late Wednesday in India and I would expect that it would trickle over to the rest of the countries that also need it.

Logged in or not.. typing on google.com in the address bar takes me over to http://www.google.co.in/

A google in Bahrain takes me over to


No https. Not sure if its only a matter of time.. if so, when? but, a step forward nonetheless... kudos!

Posted by: XploitZ at October 26, 2011 12:34 AM


We went through the process of obtaining a green bar, and it involved getting a lawyer's opinion that our organization actually exists.

Official copies of state docs weren't enough:

Anyways, it's cool because it matches the color scheme of our site.

I'm on to starting a small business monetizing the domain bd3.us, and we need a free triple entry accounting system to track income, expenses, payroll, B&O tax for the City of Vancouver, federal excise taxes for imports and exports, currency conversions, foreign taxes, Washington State sales tax, the ability to file 1120 online, keep track of stock ownership, pay equitable dividends and so on and so forth.

Is there anything like this in the works?

Posted by: jez569 at January 2, 2012 01:52 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.