Internet behemoth Google is adding encryption to an administrative tool for IT departments that can constrict lunch-hour porn-surfing on the part of employees (and by proxy, the malware infections that often come with that), along with the inadvertent serving of inappropriate material for schools.
The company is tweaking an existing option for requiring the use of SafeSearch by workers, which filters out explicit content from search results.
“For some time, we’ve offered network administrators the ability to require the use of SafeSearch by their users,” said Brian Fitzpatrick, engineering director at Google, in a blog. “This is especially important for schools. However, using this functionality has meant that searches were sent over an unencrypted connection to Google. Unfortunately, this has been the target of abuse by other groups looking to snoop on people’s searches.”
As a result, Google will be removing the existing tool as of early December. Going forward, organizations can require SafeSearch on their networks while at the same time ensuring that their users’ connections to Google remain encrypted.
“This is in addition to existing functionality that allows SafeSearch to be set on individual browsers and to be enabled by policy on managed devices like Chromebooks,” Fitzpatrick noted.
The move is the latest in a series of cyber-improvements that Google has made of late. Over the summer, it said that it would implement SSL encryption by default for Search, Gmail and Drive, and is now encrypting data moving between its data centers. It has also added a mobile device kill switch for Android, and helped to fund an open-source security initiative. It also created a new team called Project Zero, dedicated to improving the security of software by seeking out vulnerabilities and monitoring exploits.
Others have been improving the “encryption by default” goal of a safer internet as well. CloudFlare recently said that it will support secure sockets layer (SSL) connections to every CloudFlare customer, including the 2 million sites that have signed up for the free version of its service. It’s a big move that essentially doubles the number of encrypted sites on the internet by rolling out what it’s calling Universal SSL.
“Having cutting-edge encryption may not seem important to a small blog, but it is critical to advancing the encrypted-by-default future of the Internet,” said Matthew Prince, co-founder and CEO at CloudFlare. “Every byte, however seemingly mundane, that flows encrypted across the Internet makes it more difficult for those who wish to intercept, throttle, or censor the web. In other words, ensuring your personal blog is available over HTTPS makes it more likely that a human rights organization or social media service or independent journalist will be accessible around the world. Together we can do great things.”