Bing arrives better late than never to the encryption party

Bing arrives better late than never to the encryption party

Bing arrives better late than never to the encryption party

Ever-the-bridesmaid Bing will finally encrypt your search data by default.

The news is another big step forward for the plucky search engine but comes a full three years after Google walked down that aisle.

HTTPS has been an option with Bing for around a year and a half now but starting this summer Microsoft will be rolling it out as a standard.

This means that the search terms, cookies and other data you send to Bing, and the responses it sends to your browser, will be encrypted as they travel over the internet, making them much harder to eavesdrop on.

Bing will also be dropping search data from its referrer headers – meta data that reveals the last page a web visitor looked at.

Microsoft announced the plan to use HTTPS by default on Monday via a post on its Bing Blogs website:

At Microsoft, we're committed to helping users keep their data safe and secure. That's why we support the industry's move to use of TLS protocols as part of our effort to expand encryption across our networks and services.

Bing is the number two player in the US search market and is the third biggest search engine in the world – sitting just behind Chinese search engine Baidu in the global rankings.

It handles around 10% of the world’s web search traffic so switching to HTTPS means that billions more web searches (and all they can reveal to anyone listening in and storing them up) will suddenly go dark.

It’s not the only party that Microsoft has arrived at better late than never in the last week – on 9 June it finally brought users of Internet Explorer 11 on Windows 8.1 and Windows 7 under the protective wing of HSTS (HTTP Strict Transport Security).

HSTS protects users from a chink in the web’s armour that allows attackers to downgrade their victims from HTTPS to HTTP so they can be spied upon.

All the other major browsers have supported HSTS for years and, perhaps predictably, users of Google Chrome got it first, almost five years ago.

The web is undergoing a gear-shift that’s been gathering pace since Firesheep embarrassed people into into using HTTPS, and turbo-charged since we learned about PRISM and XKeyscore.

HTTPS was once reserved for the most sensitive web pages but it’s fast becoming the web’s new normal (yes, even news websites are getting in on the act).

A very important part of that process is getting massive websites like Bing to adopt HTTPS because they account for so much of the total activity on the web.

Microsoft’s announcement about Bing follows hot on the heels of two other significant moves towards encryption everywhere.

On 12 June the Wikimedia Foundation announced it was in the process of implementing HTTPS and HSTS to encrypt all Wikimedia traffic.

Just four days before that the US Federal Government took the plunge (at Federal Government speed, of course). Its websites and services will be required to support HTTPS and HSTS by the end of 2016.