Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Rolls Out Encrypted Web Search Option

Posted by CmdrTaco on from the step-in-the-right-direction dept.

KirinMercury writes "Google began offering an encrypted option for Web searchers on Friday and said it planned to roll it out for all of its services eventually. People who want to use the more secure search option can type 'https://www.google.com' into their browser, scrambling the connection so the words and phrases they search on, and the results that Google displays, will be protected from interception." Note that you need the 'www' for it to work. Dropping it redirects you to a non-ssl page. You might have read this on Saturday, but if you missed it, it's still worth knowing.

13 of 176 comments (clear)

  1. Re:This will have interesting results for webmaste by Anonymous Coward · · Score: 1, Insightful

    Google will know which sites it returned to a given search user. If the sites that are selected by the user are using Google Analytics, then Google will also know which sites the user's clicked on. Perhaps they will make this information available to site owners via Analytics?

  2. Re:This will have interesting results for webmaste by eln · · Score: 5, Insightful

    This seems likely, which of course has the very desirable (for Google) effect of locking website owners into Google Analytics. Of course, if you're a website owner who wants to run some other stats package, this is very bad news.

  3. now we need encrypted /. by Darth+Sdlavrot · · Score: 5, Insightful

    Encrypted should be the default for every web site IMNSHO.

    1. Re:now we need encrypted /. by totally+bogus+dude · · Score: 2, Insightful

      It's similar to the theory that people surfing [legit] porn through tor are doing the people who actually need the anonymity a favour: if the only things that are encrypted are things that are sensitive, then it becomes easier to target interesting sites. If everything is encrypted, then you have to decrypt everything in order to find out what bits are interesting. And that's a much harder nut to crack.

  4. Re:Don't Be Evil by hedwards · · Score: 3, Insightful

    Technically, this just restricts the evil to mostly Google.

  5. Re:MitM only? by quantumplacet · · Score: 2, Insightful

    It's a bit of a stretch to say Google is "intercepting" the traffic since they are in fact the intended recipient.

  6. Easier Solution by datapharmer · · Score: 3, Insightful

    An easier solutions is to just install the add to search bar plugin. Details on this plugin and how to get the old google layout back can be found on my website here: how to get rid of the new Google sidebar. You may also want to go to about:config and change http:/// to https:/// under keyword.URL

    --
    Get a web developer
  7. Re:This should be the default, not a special thing by Anonymous Coward · · Score: 1, Insightful

    Turning it on by default breaks sites which use referer (WSJ, experts-exchange, are two which come to mind). You might (legitimately) argue that such sites deserve it for being evil, but launching breaking features in an on-by-default state is bad, especially when it's done by a company with as many users as Google.

    Also, I suspect they wanted to see what the effect of lots of SSL usage for their search product would be before turning it on and watching their web site fall down on its knees.

  8. Re:MitM only? by MoonBuggy · · Score: 4, Insightful

    Yes, but they need to subpoena them, which is a lot more work than automated monitoring.

    More to the point, though, I said the more of the web goes SSL, my point being that something like the great firewall of China would be much harder to implement if most sites are on secure connections, thus only endpoints are known. Dissident news pages could be replicated across 'legitimate' domains, for example. Without live packet inspection it becomes much harder to decide who to block.

    With Google providing security even for relatively non-sensitive data, there is hope of others following suit.

  9. Re:This will have interesting results for webmaste by hawguy · · Score: 3, Insightful

    Since most people don't know about the referer header, I don't think your analogy is correct. It would be more like if I taped a note on your back that says "I have a spoon fetish". The note is easy for you to find and remove (or alter) if you really want to.. but most people wouldn't even think to look there.

  10. Re:This will have interesting results for webmaste by PopeRatzo · · Score: 2, Insightful

    If someone clicks through from a secure Google search to your webpage, the referral data is not given.

    Good. That's the point.

    You want to know about the people who visit your site? Ask them to sign a visitor's book. Just because having background information on web visitors makes companies' lives easier doesn't mean that people don't have the right to surf anonymously.

    --
    You are welcome on my lawn.
  11. Re:So much for "do no evil" by melikamp · · Score: 2, Insightful

    A centralized search provider cannot help but have complete information about searches coming from a given IP. Even if we use a P2P search, the peers we end up using can profile us. To increase privacy, one could generate more searches. It is trivial to write a shell script to wget a bogus google search every minute or so, pick a few words at random out of the result and use them for the next request.

  12. Re:This will have interesting results for webmaste by barzok · · Score: 3, Insightful

    Ask them to sign a visitor's book

    It's 1996?