[HTTPS-Everywhere] Google native https
Peter Eckersley
pde at eff.org
Wed Oct 19 11:40:17 PDT 2011
We should not change the Google rulesets because of this announcement.
encrypted.google.com will continue to exist, and will continue to offer better
protection than https://www.google.com, in particular when users click on
advertisements.
https://www.eff.org/deeplinks/2011/10/google-encrypts-more-searches
On Wed, Oct 19, 2011 at 05:59:10PM +0200, Heinz Repp wrote:
> Hello,
>
> Google announced native https support for its sites, the main site
> https://www.google.com and its NLS variants already working:
>
> http://googleblog.blogspot.com/2011/10/making-search-more-secure.html
>
> This requires a rewrite (and simplification) of the google ruleset,
> mainly just changing http to https without sending to
> encrypted.google.com. This change should come soon, as the native
> https://www.google.com has all its bells and whistles, but the
> encrypted.google.com has not.
>
> Google said it would do the redirection by itself only for logged-on
> users, so support by https-everywhere is still needed, and in its
> current form it even invalidates Google's approach for logged-on users.
>
> Jm2c
>
> Heinz
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list