I was thinking about this question the other day. It SEEMS obvious… I relialized that it relates to one of my favourite misconceptions about https or SSL/TLS. Often people get too focused on the encryption aspect of SSL/TLS and not the authenticity and verification properties of it. When Google first announced that Google search was going to be over “https” a few years ago I, like a lot of people, assumed that it was because it was to make your search results private.
Google’s support page, regarding SSL Search, quite correctly points out:
SSL doesn’t always protect:
- The fact that you visited google.com
- The search terms that you typed