Parker Higgins writes:
This week, Google activated a web privacy feature called “forward secrecy”, becoming one of the web’s first major players to put this important component in place. It’s an important step, and other sites should follow suit. In order to understand why enabling forward secrecy is so important, it’s helpful to know how HTTPS works in the first place.
HTTPS encrypts requests that your browser makes to web servers, and then encrypts the resulting pages. That makes the exchanged messages incomprehensible to anybody in between, such as your ISP or an eavesdropper. Each web server has a secret key, and only somebody with that secret key can decrypt the messages.1 That arrangement provides a basic layer of security from many online threats to your privacy.
(It’s worth noting that some websites that allow HTTPS connections don’t use them by default. To tell your browser to default to encrypted connections with over 1,000 sites, you can use our Firefox extension HTTPS Everywhere.)
Read more on EFF.