738376 - Use https://encrypted.google.com/ instead of https://www.google.com/ for security and privacy reasons

Status: VERIFIED WONTFIX

(Firefox :: Search, defect)

Description

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

We should use
https://encrypted.google.com/

instead of
https://www.google.com/

for security and privacy reasons like sending the search terms or cookie information related to authenticated session for specific query to the advertiser over HTTP instead HTTPS

More info:
https://support.google.com/websearch/bin/answer.py?hl=en&topic=1678515&answer=173733
https://www.eff.org/deeplinks/2011/10/google-encrypts-more-searches
http://curtisfree.com/blog/2012/01/13/not_all_encrypted_google_searches_are_equal

Comment 1

[Mike Graboski]

The correct option for implementing encrypted search at this scale is to use https://www.google.com, which is properly supported across Google's global search domains.

Comment 2

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

I see that both sites produce the same results in searching sth,
so it will be wise to use site with better privacy & security and didn't leak information about anything.

What https://encrypted.google.com/ didn't support, which https://www.google.com/ support ?

Comment 3

[Thomas Ahlblom]

(In reply to Virtual_ManPL from comment #2)
> I see that both sites produce the same results in searching sth,
> so it will be wise to use site with better privacy & security and didn't
> leak information about anything.

Did you test with a clean Firefox profile from multiple IP-addresses in different non-English speaking countries and made sure that the results still were the same as with https://www.google.com?

Comment 4

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

I can only say that I see no differences in search results from my side using Firefox on different ISPs and PCs located in Poland.

If someone have different results please post it, don't forget to have same options set in settings, because it use different cookie as I see.

Comment 5

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

Attachment: Google rec

Even Google stated that https://encrypted.google.com/ is "more secure and private" than https://www.google.com/

"Encrypted search

Encrypt the search traffic between your computer and Google, helping to protect your search terms and your search results pages from being intercepted by a third party. Try a more secure and private search experience."



So what are we doing with this guys ?

Comment 6

[:Gavin Sharp [email: gavin@gavinsharp.com]]

I think you're misinterpreting that statement - it isn't contrasting https://encrypted.google.com to https://www.google.com, it's comparing https://encrypted.google.com to the normal non-SSL Google search.

Google has told us - in this bug, even (comment 1) - that encrypted.google.com currently isn't set up to properly handle our millions of users, so we can't just make the switch.

Comment 7

[Tracy Walker [:tracy]]

gavin: is this a wontfix?

Comment 8

[:Gavin Sharp [email: gavin@gavinsharp.com]]

for the moment, yes