[Update 2010-05-27 09:16: Don’t do the below editing, because it’ll break your updates. Install Cheng Wang’s Google (HTTPS) search provider instead.]
Google just announced that you can now search Google with your query and results protected by SSL. If you want to change Firefox so that searches in the URL bar use a secure connection and so cannot be eavesdropped, change “http” to “https” in the keyword.URL preference in about:config.
Unfortunately, the Google Suggest service at http://suggestqueries.google.com/ does not currently support SSL, which means that it’s not possible to have both suggestions and non-eavesdroppable searching in the Firefox search box. If you want private searching rather than suggestions, then edit the file $FIREFOX_HOME/searchplugins/google.xml, delete the line beginning:
<Url type=”application/x-suggestions+json” …
and then change the URL in the following line from “http” to “https“.
Note that not all Google search types are available over SSL and, quite wisely, Google does not provide links to “repeat this search with another type” for non-secure types from the secure UI. So making the switch will make it harder to do e.g. Image searches.
Still, it’s a great start!
I suspect that even with Google’s stated caveat, most people will assume this means that their searches are private, not just from MITM snoopers, but from Google too. I believe that their motives are better than Facebook’s anti-phishing measures released right in the middle of their privacy firestorm, and I think it’s a fine move, but it doesn’t really address the common privacy/security concern that most people have with Google.
There is another thing to note: you will only get the US search this way. google.de for example doesn’t support SSL, so if you want your language-specific results first you need to add hl=de parameter to the search query. If on the other hand you (like me) are annoyed by Google’s automatic redirect to language-specific search domains – HTTPS is perfect.
Apparently, my plugin got duped to another one but the link above should work. The dupe plugin has been updated with the right keywords.