duminică, 29 august 2010

A few thoughts on SSL Search

A few thoughts on SSL Search: "

I’m incredibly happy that Google has added the option to search over SSL by going to https://www.google.com/ — note the “s” in “https.” I’m writing this blog post in a hotel right now because I’m in Europe for a week doing a series of tech talks, but I could just as easily be working down at local Dublin cafe with an open WiFi hotspot. In both cases, I might want to do a private search that the hotel or local cafe can’t see. A Secure Sockets Layer (SSL) connection provides an encrypted tunnel between my browser and Google, so other people can’t sniff what I’m searching for.


I believe encrypted search is an important option for Google searchers. The Electronic Frontier Foundation (EFF) has asked for secure search in the past (see this post from 2009), and I credit them for helping to put this on Google’s radar. Another inspiration that helped to spark this project was Cory Doctorow’s book “Little Brother.” It was one of my favorite books of 2008 and while I won’t go into the book’s plot here, it’s a quick, fun read. “Little Brother” also makes a compelling case for encrypting HTTP traffic on the web.


Some people don’t yet fully understand how SSL search works. I saw one commenter sayIf they still pass in the search parameters in the URL (Get), what’s the point? People can still see what you queried, if they made them “post” messages it might actually do something.” It’s important to realize that even though you as a surfer can see the query in the url, the sites between your browser and Google can’t. Google OS demonstrated that by sniffing a regular HTTP query and an HTTPS query in Wireshark to show that the query can’t be seen going over the wire.


Thanks to all the people at Google who did the all the hard work and heavy lifting to deliver this. One of the main engineers behind the effort was Evan Roseman, a member of the webspam team who you might have met at previous search conferences. In fact, Evan was originally scheduled to be on our site review session at Google I/O this past Thursday, but we decided that launching SSL search took priority. :) I also wanted to say thanks and congratulations to the other Googlers (for example Andrew Widdowson, Nathan Dabney, and Murali Viswanathan, but also many, many others) who generously gave their time and effort to make the launch happen and happen smoothly. You might think that switching on SSL for websearch is easy, but for a website with the complexity and scale of Google, it’s really not. The launch wouldn’t have happened without a ton of assistance from Googlers from many parts of the company, and I sincerely appreciate it.


I hope you enjoy https://www.google.com and find it useful.


"

Niciun comentariu:

Trimiteți un comentariu