Comment by stephen_g
21 hours ago
Which in-turn was driven by the Snowden revelations of what the NSA was doing in terms of mass surveillance.
21 hours ago
Which in-turn was driven by the Snowden revelations of what the NSA was doing in terms of mass surveillance.
I have a more cynical view of the reason.
It is to protect commercial interests, I don't think that Google cares about the NSA looking at your personal data.
Google cares a lot about protecting the personal data they get from you, so that they and no one else can get it, at least not for free.
Because let's get real, 99% of the time, why do you need encryption? The reason is commercial activity. It is really important to protect your credit card number, otherwise no one would trust e-commerce. For paid service to work, you need to authenticate, and it means encryption, no paywall means no authentication and much less need for encryption. And even with "free" services, you need encryption to protect the account that shouldn't even be required in the first place. As for general communication, my guess is that hackers and governments alike are more interested in financial data than in casual conversation.
So by pushing TLS everywhere, Google is actually pushing for a more commercial, less open web. That it helps with general privacy (except against Google itself) is just a happy accident.
This is remarkably naive for being self-admittedly cynical. Transmitting all web pages in the clear allows any man in the middle to spy on profile you based on the exact contents of the sites you're visiting. We know for a fact that ISPs were profiling us like this and monetizing this personal data prior to ubiquitous encryption.
The even more unscrupulous ISPs would outright edit the HTML and images that got sent to you, removing Google's ads and injecting theirs. Which arguably Google would have cared about a lot more.