Home Google Protects User Data for the Future with Forward Secrecy

Google Protects User Data for the Future with Forward Secrecy

The Google security team has enabled forward secrecy in its HTTPS services by default, so that captured messages can’t be decrypted retroactively. Even though Gmail went to a secure HTTPS connection by default last year, encrypted files could still be captured in their unreadable form and broken years later, when computers are much faster.

Other HTTPS Google services include Docs and Google+, as well as SSL Web search. All these services are now forward secret when HTTPS is turned on. Initially, only Chrome and Firefox will use forward secrecy by default with Google services, because Internet Explorer doesn’t support Google’s combination of the RC4 authentication and ECDHE key exchange mechanisms. “We hope to support IE in the future,” the security team says.

The forward secrecy enabled today requires that the private keys that maintain the connection to the service are not held in persistent storage. That means a would-be attacker can’t reverse-decrypt past connections. Not even the server operator can decrypt these sessions retroactively. The team has released its work on the open-source OpenSSL library that enabled this security.

You can see whether your connection is secure by clicking the green padlock in your browser’s address bar when on an HTTPS site.

Google’s Progress on Security

Google made encrypted Web search available in 2010, but it did not anticipate that the secure domain would conflict with the Children’s Internet Protection Act, which requires schools to monitor and block certain websites. Since secure search prevented schools from logging, filtering or blocking search results, schools were caught in the lurch. Google resolved the problem by giving secure search its own encrypted.google.com domain.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.