Mozilla Firefox is using Secure Sockets Layer (SSL) for Google searches from its site by default, in a move that will increase the security protections afforded to about a quarter of total internet users.
The change was built into the web browser's nightly beta builds but would not appear in the final stable releases for several months, according to US security and privacy researcher Christopher Soghoian.
Google's 'Speedy' experimental protocol for transporting web content was also expected to be used.
SSL could help protect users from some forms of censorship and monitoring, and prevent leakage of referral header information which provided web sites with the search terms used to reach their sites.
Referrer data concerns privacy pundits because it has the potential to expose sensitive user data such as location.
The incorporation of SSL by default into browsers was considered a death knell for referrer data, Soghoian said.
Google users signed into their accounts have had SSL searches by default since October. But SSL was not yet set as default in Google's Chrome browser.
Chrome software engineer Adam Langley applauded the move by Mozilla but said SSL would not yet be introduced into Chrome because it affects speed and functionality.
“We would welcome Firefox giving their users the option to use encrypted search. However, at this time we don't feel that our encrypted search offers the features and speed that our users expect and so we wouldn't want it to be the default,” he said in a post. “We are working towards making encrypted search as fast and complete as unencrypted search, but we're not there yet.”
Soghoain attacked Google, claiming the search company had discouraged Mozilla from using SSL by default, reportedly because it was more resource-intensive and lacked some functionality. He added that SSL should “at the very least” be made an option for Mozilla users for versions later than Firefox 4.0.
In December, AllThingsDigital reported that Google would pay Mozilla about $US300 million a year for three years to ensure it was the default search provider in Firefox browsers.
Copyright © SC Magazine, Australia
Issue: 324 | February 2014
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.