Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Rolls Out Encrypted Web Search Option

Posted by CmdrTaco on from the step-in-the-right-direction dept.

KirinMercury writes "Google began offering an encrypted option for Web searchers on Friday and said it planned to roll it out for all of its services eventually. People who want to use the more secure search option can type 'https://www.google.com' into their browser, scrambling the connection so the words and phrases they search on, and the results that Google displays, will be protected from interception." Note that you need the 'www' for it to work. Dropping it redirects you to a non-ssl page. You might have read this on Saturday, but if you missed it, it's still worth knowing.

27 of 176 comments (clear)

  1. Change it in the Firefox search box: by Evro · · Score: 5, Informative

    In ~/.mozilla/firefox/(profile id).default/search.json, find this:

    {"template":"http://www.google.com/search","rels":[],"params":[{"name":"q","value":"{searchTerms}"}

    Change it to this:

    {"template":"https://www.google.com/search","rels":[],"params":[{"name":"q","value":"{searchTerms}"}

    Restart browser

    --
    rooooar
    1. Re:Change it in the Firefox search box: by MoonBuggy · · Score: 5, Informative

      You can also edit the "keyword.URL" option in about:config to change the default address bar behaviour.

  2. This will have interesting results for webmasters by JoshuaZ · · Score: 5, Interesting

    This will have an interesting impact on webmasters. If someone clicks through from a secure Google search to your webpage, the referral data is not given. That means that the person who runs the website will not only not see what the search term was they won't even see that it came from a Google search. I'm not sure how that will impact people. But if enough people use secure search, it may cause people to have to do a lot of guesswork about how much traffic they are getting from Google searches.

  3. MitM only? by sabt-pestnu · · Score: 3, Interesting

    What this means, I believe, is that your web browsing might be immune to man-in-the-middle interception.

    Interception by Google (and thus by anyone with the power to compel Google, IE USA, China, etc) will be the same as before. As well, you're still connecting TO Google, so you're still likely to be blocked from the site by the Great Firewall arrangements, even if your search terms themselves might be encrypted.

    And not to forget that China has a tame certificate authority...

    1. Re:MitM only? by Itninja · · Score: 3, Funny

      ...immune to man-in-the-middle interception

      That's adorable

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    2. Re:MitM only? by MoonBuggy · · Score: 4, Insightful

      Yes, but they need to subpoena them, which is a lot more work than automated monitoring.

      More to the point, though, I said the more of the web goes SSL, my point being that something like the great firewall of China would be much harder to implement if most sites are on secure connections, thus only endpoints are known. Dissident news pages could be replicated across 'legitimate' domains, for example. Without live packet inspection it becomes much harder to decide who to block.

      With Google providing security even for relatively non-sensitive data, there is hope of others following suit.

  4. Talking of new services ... by daveime · · Score: 4, Funny

    Slashdot began offering an dupe-free option for Web searchers on Friday (and then repeated the offer on Saturday) ... *facepalm*

    How about we just rename the site to Reddit ... I mean, every other story, we already reddit.

  5. Re:This will have interesting results for webmaste by TreyGeek · · Score: 5, Informative

    If you create a webmaster account with Google and register your site, Google will tell you how many people they send to you. They'll also give you a lot of other information like where in the list of search results was your website when it was clicked on.

  6. Re:This will have interesting results for webmaste by eln · · Score: 5, Insightful

    This seems likely, which of course has the very desirable (for Google) effect of locking website owners into Google Analytics. Of course, if you're a website owner who wants to run some other stats package, this is very bad news.

  7. 12/14/2010 log #3342 by circletimessquare · · Score: 5, Funny

    session id #4ddr-tg62-hh89

    12:30 https initiated begin session

    12:31 "divorce lawyer"
    12:34 "divorce lawyer low cost"
    12:34 "hitman hire"
    12:36 "hitman low cost"
    12:37 "assassination do-it-yourself"
    12:40 "polonium-210 availability"
    12:41 "legal anthrax"
    12:41 "ricin suppliers"
    12:42 "arsenic wholesale"
    12:43 "legal mustard gas"
    12:43 "cheap readily available poisons"
    12:46 "antifreeze toxicity"
    12:49 "brainstorming murder scenarios"
    12:52 "how to run hose from exhaust to passenger compartment"
    12:55 "wits end"
    12:41 "chloroform wholesalers"
    12:45 "shovel hacksaw garbage bags"

    12:45 interrupt: preemptive googlebot legal log crawler has identified a high criminal behavior correlation index in session id #4ddr-tg62-hh89. log and ip address forwarded to google-inbox@fbi.gov

    1:05 "stalling law enforcement"
    1:06 "good indoor hiding places"
    1:06 "proper handgun usage"

    1:26 session timed out

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  8. SSL Wikipedia & TPB by cffrost · · Score: 5, Informative

    Wikipedia and TPB have SSL versions available as well:

    English Wikipedia: https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page

    The Pirate Bay: https://thepiratebay.org/

    Still waiting on Slashdot to join the 21st century.

    --
    Thank you, Edward Snowden.

    "Arguments from authority are worthless." —Carl Sagan
  9. now we need encrypted /. by Darth+Sdlavrot · · Score: 5, Insightful

    Encrypted should be the default for every web site IMNSHO.

  10. Re:Now we just need Google itself to stop retainin by natehoy · · Score: 4, Informative

    And turning off Javascript will help you how?

    The links themselves are google links, regardless of whether JS is on or off, your click goes to something like:

    http://www.google.com/url?sa=t&source=web&ct=res&cd=3&ved=0CBoQFjAC&url=http%3A%2F%2Fblah.blah.com%2Fbyu%2Findex.php%3Fp%3D15365%26more%3D1%26c%3D1%26tb%3D1%26pb%3D1&ei=2fn7S4mMEsGBlAem2fTBDw&usg=AFQjCNHWjfNi_UtFFF-vpxP0qcH9eQKvzg&sig2=pjkVdJt9EijRDfi3g7eMsA

    And Google captures the bits they want then sends you to the page they showed you in the first place.

    Retype the URL from orbit, it's the only way to be sure.

    --
    "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  11. Re:Was this posted before? by Unordained · · Score: 4, Interesting

    I'm actually intrigued by this concept of Slashdot purposefully (assumption: text in current summary implies they did this on purpose) re-posting news to make sure we see it, a form of public-service-announcement. Yes, Slashdot is a news service, but I don't generally see timestamp-based news-services prioritizing/reposting content like this. The main news sources just keep covering the same story over and over again, as if it were evolving by the minute, but that's about it. Interesting.

  12. Default by fulldecent · · Score: 4, Funny

    Wake me up when they enable a default option like in Gmail.

    --

    -- I was raised on the command line, bitch

  13. Re:Don't Be Evil by hedwards · · Score: 3, Insightful

    Technically, this just restricts the evil to mostly Google.

  14. Easier Solution by datapharmer · · Score: 3, Insightful

    An easier solutions is to just install the add to search bar plugin. Details on this plugin and how to get the old google layout back can be found on my website here: how to get rid of the new Google sidebar. You may also want to go to about:config and change http:/// to https:/// under keyword.URL

    --
    Get a web developer
  15. For Google Chrome by ClosedEyesSeeing · · Score: 3, Informative

    Tools -> Options
    Basics Tab -> Manage button for default search
    Add Button ->
    Name: SSLGoogle (or whatever you want)
    Keyword: sslGoogle (or whatever you want)
    Url: https://www.google.com/search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q=%s

  16. Re:I fail to see by Anonymous Coward · · Score: 5, Informative

    No, that's not how https works. All a network administrator will see is what host was connected to. After the secure socket is opened, only then is the command sent out over the encrypted stream to "GET someresource".

  17. Simple Chrome and Firefox howtos: by catmistake · · Score: 3, Informative

    instructions for chrome & firefox:

    firefox

    chrome

    --
    The Admin and the Engineer
  18. Re:This will have interesting results for webmaste by hawguy · · Score: 3, Insightful

    Since most people don't know about the referer header, I don't think your analogy is correct. It would be more like if I taped a note on your back that says "I have a spoon fetish". The note is easy for you to find and remove (or alter) if you really want to.. but most people wouldn't even think to look there.

  19. Re:I fail to see by SharpFang · · Score: 3, Funny

    otherwise the admin would easily see https://login.yourbank.com/?login=you&password=hunter2

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  20. Re:This will have interesting results for webmaste by mzs · · Score: 4, Interesting

    You should look at the page source of a results page sometime. Right now the targets are to https://www.google.com/ with the rest of the URL encoded to tell google where to redirect you to. The HTTP/1.1 200 OK reply sets a cookie and then the HTML has a JS and meta refresh to send yo on your way to where you expect to go to. To get the referer to indicate it was from google, all they need to do for most browsers is have the targets still be to http://www.google.com/ instead if the real target is http instead of https. All this incidentally seems kind of pointless to me BTW, since now other parties cannot see your google searches, but they can still see the sites that you do visit from the results.

  21. Re:So much for "do no evil" by Dumnezeu · · Score: 3, Informative

    But at least your ISP won't.

    --
    Yes, it's sarcasm. Deal with it!
  22. Re:Mod Parent up! Easier method by Anonymous Coward · · Score: 5, Funny

    What real people see in these instructions:

    1. Go to address bar.
    2. Type about:config.
    3. Type "keyword.URL" in the search bar.
    4. Double-click.
    5. Edit result.
    6. Click OK.

    What apparently "real" geeks see in these instructions:

    1. Pry your hands away from keyboard. Use chisel to remove Cheeto dust encrusting fingers there if need be.
    2. Locate mouse.
    3. Mutter profanities to poster for suggesting this primitive means of interface (this step is important, as later steps depend on it).
    4. Increase volume of profanities as you are forced to wrench your eyes away from the relaxing phosphor glow of monitor to locate mouse.
    5. Increase volume of profanities as you wait for eyes to adjust to the otherwise pitch-black room to locate mouse.
    6. Increase volume of profanities as you look for the mouse cable coming out of the computer to find mouse.
    7. Increase volume of profanities as you remember you have a wireless mouse.
    8. Go back to keyboard and type up scathing dissertation against the clearly inferior intelligence that suggested this.
    9. Realize you have now returned to step 1. Repeat from there, remembering to skip over step 8 this time.
    10. Give up on finding mouse and, grumbling, go to Fry's Electronics to find a new mouse (NOTE: if there is no Fry's nearby, you are clearly not a "real" geek, and most likely do not even exist, as the modern world ceases to exist outside the range of Fry's).
    11. Return home. Allow eyes to readjust to pitch blackness after being out in the big blue-ceiling room.
    12. Install new mouse.
    13. Reinstall new mouse.
    14. Update operating system. Mouse might work this time. Whoever heard of this new technology, anyway? "USB"? Why couldn't you find any serial port mice? Those are way more l33t.
    15. Train hand-eye coordination enough to use mouse. Try not to reflexively touch keyboard, else you will be back at step 1.
    16. Go to address bar.
    17. Increase volume of profanities.
    18. Stubbornly type "about:config".
    19. Stare at new interface.
    20. Back to Fry's to find a book on how modern interfaces work. You never had to deal with all this confusing nonsense with a keyboard, dadgummit!
    21. Type "keyword.URL" into search bar.
    22. Realize you are just bashing your precious keyboard at this point due to soaring blood pressure due to anger at having to use a mouse.
    23. Wait a few hours to calm down. Don't touch keyboard in that time.
    24. Type "keyword.URL" into search bar.
    25. Double-click.
    26. Edit result.
    27. Click OK.
    28. Make muttering comments to yourself, passively-aggressively asking if the person who suggested this is happy now.
    29. Go to IRC and detail this harrowing experience to your l33t friends.

    See? That's WAY more steps than locating and editing a config file!

  23. Re:I fail to see by StikyPad · · Score: 3, Informative

    All I saw was https://login.yourbank.com/?login=********&password=********

    --
    https://www.eff.org/https-everywhere
  24. Re:This will have interesting results for webmaste by barzok · · Score: 3, Insightful

    Ask them to sign a visitor's book

    It's 1996?