Features: SSL Search
With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.
To use search over SSL, visit
https://encrypted.google.com 
each time you perform a search. Note that only Google web search is available over SSL, so other search products like Google Images and Google Maps are not currently available over SSL. When you're searching over SSL, these properties may not appear in the left panel.
What is SSL?
SSL (Secure Sockets Layer) is a protocol that helps provide secure Internet communications for services like web browsing, e-mail, instant messaging, and other data transfers. When you search over SSL, your search queries and search traffic are encrypted so they can't be read by any intermediary party such as employers and internet service providers (ISPs).
What can I expect from search over SSL?
Here's how searching over SSL is different from regular Google search:
- SSL encrypts the communication channel between Google and a searcher's computer. When search traffic is encrypted, it can't be read by third parties trying to access the connection between a searcher's computer and Google's servers. Note that the SSL protocol does have some limitations — more details are below.
- As another layer of privacy, SSL search turns off a browser's referrers . Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy. By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information.
- At this time, search over SSL is supported only on Google web search. We will continue to work to support other products like Images and Maps. All features that are not supported have been removed from the left panel and the row of links at the top. You'll continue to see integrated results like images and maps, and clicking those results will take you out of encrypted search mode.
- Your Google experience using SSL search might be slightly slower than you're used to because your computer needs to first establish a secure connection with Google.
Note that SSL search does not reduce the data that Google receives and logs when you search, or change the listing of these terms in your
Web History .
Information for school network administrators
-
How will SSL search affect our content filtering services?
When students search using https://encrypted.google.com, their searches will bypass any content filters that are in place on your network. If this is problematic for your school, you can block https://encrypted.google.com. When students continue to search using http://www.google.com, your content filtering will work as it always has in the past.
-
If I block access to https://www.encrypted.google.com, will I block access to all of Google's authenticated services (like Google Apps for Education)?
No; logins for Google Apps for Education and our other authenticated services are currently hosted at https://www.google.com. As long as you allow access to https://www.google.com, your organization should still be able to access all of our other services.
Does SSL provide complete security?
While SSL helps prevent intermediary parties, such as ISPs, from knowing the exact search that you typed, they could still know which websites you visit once you click on the search results. For example, when you search over SSL for [ flowers ], Google encrypts the query "flowers" and the results that Google returns. But when you click on a search result, including results like images and maps, you could be exiting the encrypted mode if the destination link is not on
https://. If your computer is infected with malware or a keylogger, a third party might still be able to see the queries that you typed. We recommend that everyone learns how to
prevent and remove malware.
Remember that only Google web search supports search over SSL, so searching Google Images, for example, will not be encrypted.
Technical discussion of SSL protocol-level limitations
While SSL is a clear privacy and security benefit, we are aware of some technical limitations to SSL at the protocol level that are not specific to Google's implementation:
- A determined, skilled malicious party could potentially interpose himself into the network traffic and present a spoofed certificate to the user. In many cases, this will result in a certificate warning to the user. If you see a certificate warning, the protection may not hold.
- An adversary with the ability to install root certificates on the machine could potentially interpose himself into the network traffic without any warnings appearing.
- A highly capable source may be in a position to sign certificates with a standard, pre-installed certificate authority (CA), which again would allow intercept without any apparent warnings to the user.
- Even if all web searching occurs over SSL, a passive traffic listener may still be able to observe DNS look-ups.
How can I confirm whether I'm on a secure connection?
Check to see that the URL you're on starts with
https:// instead of
http://. Most browsers provide a visual confirmation (such as an icon of a lock) in the address bar or in the status bar at the bottom of the page. On Google SSL search, you'll also see a special Google SSL logo with a lock icon. In addition to this logo, be sure to also check the
https:// text in the address bar and any browser lock icons.
When you perform a search on
https://encrypted.google.com , you might see a warning if a page has some non-secure components: depending on your browser settings, you might see the lock icon turn into a warning sign, a pop-up message, or some other form of alert. This issue is often referred to as a "mixed mode error."
Since this is a beta feature, there might be some rare cases in search over SSL that generate a mixed mode error.
