Hacker News new | past | comments | ask | show | jobs | submit login

SSL adds latency, because you're setting up an encrypted connection. Google hates slowing down users, and we don't want to slow down every user unless it's a clear win. That's one reason.

When Google switched to AJAX-based search, that temporarily stopped sending referrers, and lots of people screamed bloody murder. For example, http://getclicky.com/blog/150/googles-new-ajax-powered-searc... said "So what can we do about it? If you run a blog, write about this. Submit this story or your own story to large tech blogs like TechCrunch, CenterNetworks, ReadWriteWeb, GigaOm, etc - no large site has written about this yet, and one of them needs to. ... Do anything you can to spread the word and let Google know that this is not acceptable."

Or see http://www.seobook.com/Ad-Networks-Partners-Hoarding-Publish... or http://econsultancy.com/us/blog/3240-google-ajax-bad-news-fo... or http://blogs.sitepoint.com/2009/02/04/google-update-breaks-t... . So we heard lots of complaints.

SSL as an option provides a nice choice for people who care about these issues and don't mind taking a tiny hit in latency.

Your argument would carry more weight if, the user had the ability to switch to SSL search from the "Classic" search page or if SSL search was a setting that was accessible from "Search Settings" or "Advanced Search" on the "Classic" page.

The articles you reference speak to the problems for advertisers and related interests. They do not address issues of web user privacy.

Don't get me wrong, Google is in the difficult position of balancing the display of results based on advertising revenue with the display of results based on utility to the user.

What I see Google facing is that given their market share and mind share and the typical web user's tolerance for providing information it is probably easy to make a business case for skewing the balance. The problem is that there is no precedent from which to draw long term conclusions about loss of anonymity at the scale at which it currently occurs.

I can talk a bit about why we didn't launch with "click here to switch to SSL search" links. When SSL search launched, web search was supported, but not every type of search was supported. For example, Google Image Search wasn't easily supported for some esoteric reasons (some browsers have a limit of 2 simultaneous connections, and that can interact badly with SSL + fetching bunches of thumbnail images).

The concern was that people might click into SSL mode, forget they were in SSL mode, and complain because they didn't see Images or Maps or whatever search mode they wanted.

For smaller websites, switching on SSL mode can be pretty easy, but we've still got changes going in to improve various rough edges on SSL search.

In fairness, Google deserves credit for providing SSL search in the first place, but exactly how does one go about contacting the Google Complaints Department?


We try to keep an eye out for feedback across the web, on Twitter, at search conferences, in comments on blogs, etc. There's also a forum linked to from google.com/webmasters that we keep an eye on.

I think moving to SSL as a default is a good move. What difference does no logging on the receiving end make when your ISP can log everything you search for?

In particular, GMail initially had SSL configurable, but then moved it to the default: http://gmailblog.blogspot.com/2010/01/default-https-access-f... . Apparently they don’t think the latency is a problem—or if they do, that it’s worth it to get the security benefits of HTTPS.

I don't think latency is a problem for something like gmail, you open it once and much of it happens in an already opened connection or in the background.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact