Google adds default end-to-end encryption to search
Google is rolling out default end-to-end encryption to people who use the site to seek for images, news and general webpages, a change that will better protect search queries and results from eavesdroppers. The SSL, or secure sockets layer, service will be offered by default to users who are signed into their Google accounts, …
This topic is closed for new posts.
Fit me for a tinfoil hat
But I feel like searching while logged into my G account is quite a bit bigger privacy risk than some random sniffer catching my search terms at starbucks.
Significant Milestone
This presumably means that the US gov have perfected trivial SSL eavesdropping, and will have their kit up and running in the next weeks.
May I be the first to welcome our... oh.. wait.. that already happened.
Why eavesdrop?
Why break in when you have a back door key?
When on google.co.uk ?
As the title says. If you put in https:// for google.co.uk, it just reverts to a normal http:// connection.
What will be interesting is whether the search terms still appear in Google Analytics from these
searches. Can't imagine they're going to drop that info if they can help it.
But if they do include the info, and no other analytics type package can see it (due to not being connected into big G's database) then doesn't that steer them into hot water over stifling analytics competition?
Actually pretty sure if it comes via SSL the referrer isn't sent, thus seriously breaking most analytics systems?
so?
You think this is a problem? If I go to https://www.google.com and search for 'Trev 2' (for example) and I click on the link to your website, you'll get the connection, but you won't get a referral header. This is what the current HTML spec says is supposed to happen.
I think what you'll see is that sites will start sending search-engine specific urls, so where formerly you'd get this link in google:
www.somesite.com/page1/index.html
now you'll get
www.somesite.com/g/page1/index.html
Until google drops these sites from its index.
Alternately, Google could decide to add a variable to the url:
www.somesite.com/page1/index.html?secure-referral-header=www.google.com
although this could break things worse.
Wait, let me get this straight.
This "security" feature means people must now buy ads from Google to know which search terms drove people to their sites?
Interesting.
no
it means that you have to ask them yourself, instead of simply being able to parse your webserver logs.
besides, if all search engines implement https, you won't know if they found your site via google.com, bing.com or mypornsearch.com, so you'll have to buy from the equivalent of google adwords on from every search engine.
Why the quotes?
Using SSL is not a "security" feature...it IS a security feature.
The beneficial side-effects for google and subsequent stuffing of website hosts and analytics packages do not detract from the increased security offered to end users.
Security of what?
Your search terms? Why? The search result you then click on probably won't be https, so it'll be out there for any to see.
Bit pointless compared to the real baddies: malware pages that spam the search itself. Google should really be working on that, but that probably doesn't help to sell more ads. Actually many of those malware sites even run Google ads...
Re: Security of what?
> Security of what? Your search terms?
Yes, well done! It means that no one can snoop on what I am searching.
> Why?
Because I don't want anyone snooping on my searches, I am not sure if I can be any more obvious...
> The search result you then click on probably won't be https, so it'll be out there for any to see.
Not Google's problem or responsibility. They are making THEIR service HTTPS which is a good thing for the users of their search.
Just because you don't give a damn doesn't mean others don't and Google has decided to cater to those people.
That's all very well...
...but it's Google I don't want to give information to.
but it's Google I don't want to give information to
So use the Scroogle add on if you are using Firefox, (don't know if its available for other browsers).
You can configure scroogle as the web search of choice for any browser, including, but not limited to, Opera, IE, Konqueror, Chrome, ...
It may not be as easy as installing a new add-on, but it is possible.
So let me get this right
This is great!
So let me get this.
Don't sign in, random people can see my searches, but still be fairly "anon"
Sign in, Google know EXACTLY who I am and track everything I search for.
Are the search terms not sent in the address bar unencrypted anyway? They do here: https://encrypted.google.com/
No.
Just because you see them in the address bar doesn't mean they go over the wire exactly like that.
http://en.wikipedia.org/wiki/HTTPS#Network_layers
Domain and source/dest IP addresses are the only things not encrypted in transit.
wireless
Surely anyone using wireless hotspots who cares about their security would be signed up with a VPN service already? That way, all your traffic is encrypted rather than you having to pick and choose which sites you use based on them providing SSL or not.
I am pretty sure that the security angle is being used to justify this, but the motives, as pointed out by comments above, are more commercial.
most IT workers don't do this, I really can't see a starbucks hipster using VPN
Internet as a whole should have moved to HTTPS years ago.
Firefox
As previously commented, using Firefox (7.01) it removes the 'https://' and just shows google.co.uk If you use IE (8) then it doesn't. Anyone know a way round this?
assuming you're wanting firefox to show the protocol, go to about:config and change browser.urlbar.trimURLs to false..
Hotmail
You haven't checked recently then, writer-of-article, because the Microsoft apps that communicate with the Hotmail servers were updated ages ago to work with SSL-enabled accounts.
This topic is closed for new posts.
