Several Facts about Google and HTTPS: Via EFF.org Updates.

Three simple facts about Google and HTTPS:

One: as we posted last week, we're very pleased to hear that Google is trialling full HTTPS encryption of all Gmail pages.

Two: if Google's trials are successful, and the company does indeed make HTTPS encryption the default protocol for reading and writing Gmail messages, it will have taken a two-step lead on its competitors in the free webmail and social networking spaces. People use Yahoo! Mail, Hotmail, LiveJournal and Facebook for their private communications, but all of the private messages on those services travels over the network unprotected.1 MySpace doesn't even support HTTPS for passwords!

Three: webmail is one thing, but search is another. Sadly, it isn't possible to use Google's excellent search engine over HTTPS. If you attempt to visit google.com via https, you'll just be redirected back to unencrypted HTTP. If you try the same thing at Yahoo or Microsoft, you'll receive unhelpful error messages.

We've been privately urging Google to make their search service available by HTTPS for some time, but nothing has happened. Yahoo and Microsoft should of course do the same. At the moment, the only search engine that offers protection against eavesdropping is a metasearch site called Ixquick (they also have a truly excellent privacy policy). We hope that some day, the major search engines can catch up with Ixquick.

Those are three simple observations. If you're interested in some less-simple technical detail about what HTTPS actually does, why it's important, and what its limitations are, continue reading below the fold.

1. 1. Yahoo! Mail is the least worst of these services, since it defaults to HTTPS login, but all of these services are severely lacking in security.

read more

Read Original Article:(Via EFF.org Updates.)