What is the difference between https://google.com and https://encrypted.google.com?
In terms of security what were the benefits of browsing through encrypted Google search?
Note that this is not a question about HTTP vs HTTPS. These are two Google services.
@John Whoa. I’ve made this my default search engine now. I don’t care about referrers (I’ve disabled them anyway) but the missing top bar is a killer feature.
@KonradRudolph The http referer header is one of the most useful things for webmasters. If you come from a https website it's not sent anyway, so no data is leaked. You may consider enabling it again for our sake.
@Luc It may be useful but it’s also a crass invasion of the user’s privacy. A website generally has no business knowing how I get there. I agree that it’s *useful* for the website to know but only in rare instances does the *user* profit from that.
@KonradRudolph As an example, yesterday I looked at the referring sites from a website I maintain and found some things I hadn't expected people to search for. Knowing those (one example search was "harbor roermond", in Dutch) we can optimize the website so that we can be found more easily; we weren't the top hit while some above us were useless linkspam. I myself never did it, but even if this was only to make money, then even in that case the user might profit from it. But this could become a very long discussion. Feel free to ping me in the DMZ or another room if you want to discuss it ;)
@KonradRudolph User profit is possible, indirectly: the `referer` makes it possible to log the origin of external links (from Y to X); sometimes these links generate a 404 error in X; if the webmaster of X cares enough, he could get in touch with the webmaster of Y so that links could get fixed. From the amount of broken links I see, I conclude that this is very rarely done. The best way to deal with broken links is obviously to avoid them in the first place, with stable URLs.
After a note from AviD and with the help of Xander we conducted some tests and here are the results
1. Clicking on an ad:
https://google.com: Google will take you to an HTTP redirection page where they'd append your search query to the referrer information.
https://encrypted.google.com: If the advertiser uses HTTP, Google will not let the advertiser know about your query. If the advertiser uses HTTPS, they will receive the referrer information normally (including your search query).
2. Clicking on a normal search result:
https://google.com: If the website uses HTTP, Google will take you to an HTTP redirection page and will not append your search query to the referrer information. They'll only tell the website that you're coming from Google. If it uses HTTPS, it will receive referrer information normally.
https://encrypted.google.com: If the website you click in the results uses HTTP, it will have no idea where you're coming from or what your search query is. If it uses HTTPS, it will receive referrer information normally.
The same topic was covered in an EFF blog post.
EDIT: Google dropped encrypted.google.com as of April 30 2018. According to Google, this domain was used to give users a way to securely search the internet. Now, all Google products and most newer browsers, like Chrome, automatically use HTTPS connections.
One benefit of this: copying a link from a Google search result will give you a link to a webpage, not the jumbled mess of a redirect link.
@Adnan, So this is all? I mean, they built encrypted.google.com just to do that referrer thing?
@Pacerier Originally, no. The `encrypted.` domain was where Google first rolled SSL support. However, after they added SSL support to the main domain, that became the distinction.