Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Rolls Out Encrypted Web Search Option

Posted by CmdrTaco on from the step-in-the-right-direction dept.

KirinMercury writes "Google began offering an encrypted option for Web searchers on Friday and said it planned to roll it out for all of its services eventually. People who want to use the more secure search option can type 'https://www.google.com' into their browser, scrambling the connection so the words and phrases they search on, and the results that Google displays, will be protected from interception." Note that you need the 'www' for it to work. Dropping it redirects you to a non-ssl page. You might have read this on Saturday, but if you missed it, it's still worth knowing.

10 of 176 comments (clear)

  1. This will have interesting results for webmasters by JoshuaZ · · Score: 5, Interesting

    This will have an interesting impact on webmasters. If someone clicks through from a secure Google search to your webpage, the referral data is not given. That means that the person who runs the website will not only not see what the search term was they won't even see that it came from a Google search. I'm not sure how that will impact people. But if enough people use secure search, it may cause people to have to do a lot of guesswork about how much traffic they are getting from Google searches.

  2. MitM only? by sabt-pestnu · · Score: 3, Interesting

    What this means, I believe, is that your web browsing might be immune to man-in-the-middle interception.

    Interception by Google (and thus by anyone with the power to compel Google, IE USA, China, etc) will be the same as before. As well, you're still connecting TO Google, so you're still likely to be blocked from the site by the Great Firewall arrangements, even if your search terms themselves might be encrypted.

    And not to forget that China has a tame certificate authority...

  3. Re:Was this posted before? by Unordained · · Score: 4, Interesting

    I'm actually intrigued by this concept of Slashdot purposefully (assumption: text in current summary implies they did this on purpose) re-posting news to make sure we see it, a form of public-service-announcement. Yes, Slashdot is a news service, but I don't generally see timestamp-based news-services prioritizing/reposting content like this. The main news sources just keep covering the same story over and over again, as if it were evolving by the minute, but that's about it. Interesting.

  4. Re:This will have interesting results for webmaste by FuckingNickName · · Score: 2, Interesting

    The client creates the referrer header... it's a privacy invasion in the same way that it would be a privacy invasion to tell you that I have a spoon fetish then complain because you heard me tell you.

    Of course, how you process that information can and will be regulated, and it is possible to store/use the information in a way that will violate my privacy. But it's not your fault that you heard it, and I can't blame you if you don't forget it providing you don't choose to write it down.

  5. I fail to see by thechemic · · Score: 2, Interesting

    I fail to see how this provides any search privacy at all. Any network administrator can see the search phrase in the URL: https://www.google.com/search?hl=en&source=hp&q=printer&aq=f&aqi=&aql=&oq=&gs_rfai= And then, you would see the very next URL the user selected ie: http://en.wikipedia.org/wiki/Printer_(computing) Sure, the search RESULTS might be encrypted... but ugh, cant administrators still see what you searched for and ultimately where you went?

    --
    Let's make like a bird... and get the flock outta here.
  6. Searches are still open to side channel attacks by amiga500 · · Score: 2, Interesting

    I study done a few months ago showed how one can easily deduce searches by looking at the size of the AJAX requests. http://www.schneier.com/blog/archives/2010/03/side-channel_at.html Yes, https should have been available a long time ago, and still isn't available for www.google.com.hk.

  7. Re:now we need encrypted /. by Mad+Merlin · · Score: 2, Interesting

    I agree, but that would require the death of IE6 (and XP), or IPv4. SSL is incompatible with name based virtual hosting unless you add in SNI, which isn't supported by IE6 (or any browser that runs on XP, for that matter).

    Don't get me wrong, I agree entirely and IE6 and IPv4 should be nothing more than a bad memory by this point, but they're not.

    --
    Game! - Where the stick is mightier than the sword!
  8. Re:This will have interesting results for webmaste by mzs · · Score: 4, Interesting

    You should look at the page source of a results page sometime. Right now the targets are to https://www.google.com/ with the rest of the URL encoded to tell google where to redirect you to. The HTTP/1.1 200 OK reply sets a cookie and then the HTML has a JS and meta refresh to send yo on your way to where you expect to go to. To get the referer to indicate it was from google, all they need to do for most browsers is have the targets still be to http://www.google.com/ instead if the real target is http instead of https. All this incidentally seems kind of pointless to me BTW, since now other parties cannot see your google searches, but they can still see the sites that you do visit from the results.

  9. Incognito? by djdanlib · · Score: 2, Interesting

    A logical next step would be to set https as the default when in Incognito mode in Chrome, or Private Browsing in Firefox.

  10. Re:SSL Wikipedia & TPB by totally+bogus+dude · · Score: 2, Interesting

    /. has supported SSL for a long time. I think it may have been a plumb for subscribers when I first subscribed, but it doesn't seem to be listed on the FAQ so maybe not.

    Here's your comment: https://tech.slashdot.org/comments.pl?sid=1664284&cid=32337858