Slashdot Mirror

← Back to Stories (view on slashdot.org)

Concerns Over Google Modifying SSL Behavior

Posted by timothy on from the hey-fellas-this-just-looks-bad dept.

Lauren Weinstein writes "Google is handling SSL search queries on https://www.google.com/ in a manner significantly different than the standard, expected SSL end-to-end behavior — specifically relating to referer query data. These changes give the potential appearance of favoring sites that buy ads from Google. Regardless of the actual intentions, I do not believe that this appearance is in the best interests of Google in the long run."

130 comments

  1. Its in the best interest of users by DarkFencer · · Score: 1, Insightful

    Regardless of what business sense this makes/doesn't make for Google - it is better for the users.

    The more traffic is sent via HTTPS, the better. The days of concern over the CPU overhead of HTTPS are long past.

    1. Re:Its in the best interest of users by Jonner · · Score: 4, Informative

      Please read TFA. The question is not over use of SSL, which the author of TFA "applauded."

    2. Re:Its in the best interest of users by lister+king+of+smeg · · Score: 0

      i have been using google ssl beta for a little over a year now it works just fine i can't tell a speed difference

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    3. Re:Its in the best interest of users by DarkFencer · · Score: 4, Insightful

      Yes, it is better for Google's users because they get to see referer data, probably even when they shouldn't.

      Oh...you thought *you* were one of Google's users? Chances are you are product, not a customer or a user.

      I know exactly who the 'product' and who the 'consumer' of Google is.

      Its irrelevant to this. When traffic is HTTP or HTTPS for Google searches, Google gets that traffic either way. When the traffic is HTTPS though, that means LESS people are getting it (wireless sniffing, routers along the way, etc.) in an unencrypted format. I really could care less what information the sites I go to are missing from the search I entered that brought me to them.

    4. Re:Its in the best interest of users by CAIMLAS · · Score: 1, Insightful

      The days of concern over the CPU overhead of HTTPS are long past.

      Really? Why do you say that? SSL still takes a fair amount of CPU overhead. Compared to an HTTP connection, HTTPS is markedly slower (aggregated over thousands of connections). I've seen a couple sites that use HTTPS exclusively throw up transparent SSL accelerator appliances in front of their servers to allow them to only need a fraction of the number of hosts for actually hosting the data.

      --
      ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
    5. Re:Its in the best interest of users by CAPSLOCK2000 · · Score: 5, Insightful

      That's not the point at all. Frankly, this has only little to do with SSL.

      The point is that if you pay for Google-ads, you will receive the referer-information, regardless of whether your site uses HTTPS or not, even when its breaks security for the user. If you don't pay you won't get the info.

    6. Re:Its in the best interest of users by Manip · · Score: 1

      Please read either the description or the article. You just look foolish.

    7. Re:Its in the best interest of users by 0123456 · · Score: 1

      I've seen a couple sites that use HTTPS exclusively throw up transparent SSL accelerator appliances in front of their servers to allow them to only need a fraction of the number of hosts for actually hosting the data.

      Yet people who've actually measured the overhead say it's more like 2% on a modern CPU. I guess if you're serving one-pixel .gif files to track people with then it would cause a lot of overhead, but if you are then who cares?

    8. Re:Its in the best interest of users by PerfectionLost · · Score: 0

      If you're running a single server not at capacity, you probably don't care. When you're running a multi-server cluster with fault tolerance at near full capacity, 2% can be the difference of needing an additional server in your cluster. When you're a poorly funded company (ex. Wikipedia) with inadequate resources on a high profile site, you care. When you're bandwidth is enough that you are combining images into css sprites, you care.

    9. Re:Its in the best interest of users by Yakasha · · Score: 1

      Yes, it is better for Google's users because they get to see referer data, probably even when they shouldn't.

      Oh...you thought *you* were one of Google's users? Chances are you are product, not a customer or a user.

      I know exactly who the 'product' and who the 'consumer' of Google is.

      Its irrelevant to this. When traffic is HTTP or HTTPS for Google searches, Google gets that traffic either way. When the traffic is HTTPS though, that means LESS people are getting it (wireless sniffing, routers along the way, etc.) in an unencrypted format. I really could care less what information the sites I go to are missing from the search I entered that brought me to them.

      Again that goes back to the "read the TFA" comment. The missing information is only part of the problem. The other problem is the presence of search data when clicking through to unencrypted sites, if they are google customers. That means google's SSL service is a lie and your unencrypted searches will be sent to certain customers regardless of using http or https.

      So back to your original comment, most geeks would agree I think that more SSL is good. However, SSL that only encrypts your data some of the time (or even most of the time) will lead people to believe they are safe when they aren't. I think that is far worse than people just assuming they are not safe.

    10. Re:Its in the best interest of users by Anonymous Coward · · Score: 0

      When you're bandwidth is enough that you are combining images into css sprites, you care.

      Nobody uses CSS sprites to save bandwidth, it's to cut down on HTTP requests. The difference between 20 SSL connections per visitor and 3 is considerable, I'm sure that was the point you were trying to make. In terms of bandwidth, the 1/3 you save with GZIP is added right back by crypto overhead and that can be an issue for some operators.

    11. Re:Its in the best interest of users by NevDull · · Score: 3, Informative

      First of all, any well-architected clustered app spends more time waiting for I/O at the web tier than it uses CPU, so the 2% "penalty" is on an underutilized resource anyway. Second, terminating SSL at your load balancers is standard practice, be they Amazon ELB SSL termination, F5 BigIPs, or reverse proxies. Again, all otherwise I/O-bound implementations which can spare the CPU.

      The fact that SSL obscures the requested URI from intermediaries seems in-line with the goals of Wikipedia for free information sharing -- with SSL operating properly, an intermediary may be able to tell that you were on Wikipedia, but not what you were looking at.

      SSL/TLS and/or its successors everywhere is in everyone's interest if maintaining privacy from ubiquitous snooping is a concern.

    12. Re:Its in the best interest of users by oakgrove · · Score: 1

      Chances are you are product, not a customer or a user.

      The three are not mutually exclusive. Furthermore, Google penalizes advertisers that don't post relevant ads to the searcher by forcing said advertiser to pay more per click. As someone that searches Google and periodically even buys stuff, I'd much rather see an ad that is relevant to my interests. In this way, the ads actually enhance the search experience because it is getting me what I want faster. And if I'm not looking to buy anything, the ads are segregated either off to the side or are in a clearly defined area at the top so I ignore them. Win/win.

      --
      The soylentnews experiment has been a dismal failure.
    13. Re:Its in the best interest of users by ColdWetDog · · Score: 1

      i have been using google ssl beta for a little over a year now it works just fine i can't tell a speed difference

      You would if you would just switch to a proportional font. Things would flow much faster.

      --
      Faster! Faster! Faster would be better!
    14. Re:Its in the best interest of users by Anonymous Coward · · Score: 0

      No, that's just the excuse that gets this "issue" talked about. Google very obviously needs to communicate the source of traffic to ad customers for conversion tracking. Expecting Google not to rat out visitors to ad customers is beyond naive.

      The actual reason for the article is that normal sites no longer get referer information, HTTPS or not. Webmasters who have been infected with SEO are kinda whiny that way.

    15. Re:Its in the best interest of users by PerfectionLost · · Score: 1

      That is true, I forgot that our load balancers do handle all the SSL. That said, we recently had to upgrade ours so that they could handle 2048bit ssl certificates (I believe) since the higher level of encryption was slowing down the devices (or maybe the web interface--not sure not my department).

    16. Re:Its in the best interest of users by Raenex · · Score: 2

      I really could care less

      How much less could you care?

    17. Re:Its in the best interest of users by CaptainJeff · · Score: 1

      2% overhead PER SESSION. When you're talking about a server dealing with thousands upon thousands of simultaneous connections, that's a heckuva lot of overhead.

    18. Re:Its in the best interest of users by Anonymous Coward · · Score: 0

      That's over 2000% overhead!!!

    19. Re:Its in the best interest of users by Yakasha · · Score: 1

      No, that's just the excuse that gets this "issue" talked about. Google very obviously needs to communicate the source of traffic to ad customers for conversion tracking.

      Duh.

      Expecting Google not to rat out visitors to ad customers is beyond naive.

      Ok. Not sure the relevance of this comment.

      The actual reason for the article is that normal sites no longer get referer information, HTTPS or not. Webmasters who have been infected with SEO are kinda whiny that way.

      Well I'm glad you read the article. However, it is completely irrelevant to this thread as we're discussing the benefit of providing the ssl service in that it increases ssl usage overall. I merely brought up the point that making people think their data is encrypted, when in fact it is not, is more harmful than just making people use an unencrypted service and knowing their data is unencrypted. At least then they won't search for gay beastiality porn if its illegal in their state.

    20. Re:Its in the best interest of users by kurls · · Score: 1

      Well, my car would go faster (probably more than 2%) without the brakes and seatbelts, but that doesn't seem like a good idea. The question should be is there a cheaper, easier way to achieve the same security as SSL.

    21. Re:Its in the best interest of users by iluvcapra · · Score: 1

      The other problem is the presence of search data when clicking through to unencrypted sites, if they are google customers. That means google's SSL service is a lie and your unencrypted searches will be sent to certain customers regardless of using http or https.

      It seems sorta common sense that if you click on a link to a site, that site will know you clicked on it and where you're going. Similarly, if you have a cookie on a site, that site will know when you've been there and will be able to correlate all kinds of things you typed into that site with links, etc.

      Google possesses this information, they can sell it. That your request travelled over HTTPS means it's secret between you and google, what either side of the transmission does with the information it obtained is strictly the business of either party.

      Anything you can do with a search result from https://google.com/, like for instance, sharing a search result with a friend, google can do with your click stream, like, for instance, sharing it with their friend.

      --
      Don't blame me, I voted for Baltar.
    22. Re:Its in the best interest of users by F.Ultra · · Score: 1

      Learn math, 2% per session is the same as 2% total.

    23. Re:Its in the best interest of users by Anonymous Coward · · Score: 0

      A margin of two percent is very low. If you are worried that your servers can't handle that load then what will happen if the load increases in other ways, like when you have more users than expected?

    24. Re:Its in the best interest of users by Galestar · · Score: 1

      YAY someone who read the article!!

      --
      AccountKiller
    25. Re:Its in the best interest of users by BestNicksRTaken · · Score: 2

      and it should be "i couldn't care less"

      --
      #include <sig.h>
    26. Re:Its in the best interest of users by FireFury03 · · Score: 1

      Also, https prevents caching of objects such as images, css, javascript, which is a concern on large networks that routinely employ caching proxy servers to reduce uplink bandwidth requirements.

      --
      http://blog.nexusuk.org
    27. Re:Its in the best interest of users by makomk · · Score: 1

      It seems sorta common sense that if you click on a link to a site, that site will know you clicked on it and where you're going.

      What's not common-sense or obvious is that Google only give sites information on what SSL search query lead users to that site if the site paid money to Google for that click, and that they do so regardless of whether it causes the search terms used to be sent across the user's connection as plaintext or not.

    28. Re:Its in the best interest of users by bonch · · Score: 1

      As has been said, you need to stop karma-whoring and RTFA. The use of SSL isn't the issue. It's not even the headline of the submission.

    29. Re:Its in the best interest of users by Anonymous Coward · · Score: 0

      2000 overheads? That is a lot of projector bulbs!

    30. Re:Its in the best interest of users by Anonymous Coward · · Score: 0

      If I have 10 processes each using 2% CPU cycles, together they use 20%. For it to stay at 2%, each time I start a new process, I would also have to add a CPU.

      Unless you are trying to claim that those 2% are 2% of the CPU cycles actually used, no matter if I'm doing hugely complex DB queries, resulting in a very small web page, or serving huge static files, which require next to no CPU power, but lots of data needing encryption. Which is basically saying that the amount of CPU used for encryption does not depend on the amount of data being encrypted. Brute forcing passwords suddenly became a lot faster.

    31. Re:Its in the best interest of users by F.Ultra · · Score: 1

      No, because that is not what GP claimed, he claimed that each process had an INCREASE of 2%. If you have 10 processes that each increase by 2% then you still have a total increase of 2%.

    32. Re:Its in the best interest of users by Yakasha · · Score: 1

      The other problem is the presence of search data when clicking through to unencrypted sites, if they are google customers. That means google's SSL service is a lie and your unencrypted searches will be sent to certain customers regardless of using http or https.

      It seems sorta common sense that if you click on a link to a site, that site will know you clicked on it and where you're going. Similarly, if you have a cookie on a site, that site will know when you've been there and will be able to correlate all kinds of things you typed into that site with links, etc.

      Google possesses this information, they can sell it. That your request travelled over HTTPS means it's secret between you and google, what either side of the transmission does with the information it obtained is strictly the business of either party.

      Anything you can do with a search result from https://google.com/, like for instance, sharing a search result with a friend, google can do with your click stream, like, for instance, sharing it with their friend.

      I don't care if customers get my search results. That is google's business model. My problem is they offer an ssl service, but ignore expected ssl behaviors in favor of their business model. If you perform a search using the ssl service, then your search should be encrypted. Always. However, google forwards your search request in the referer header to their customers, regardless of their customer's usage of ssl. That means if you click through to an unencrypted site, the fact that you logged into google to use their ssl service was meaningless.

      So saying google's ssl service is a good thing because it promotes a greater adoption of ssl, imo, is wrong. SSL adoption is only a good thing if implemented properly.

  2. You're the product, not the customer. by Animats · · Score: 0

    Google is an ad agency. What do you expect? Google has to pass the referrer to their advertisers or monetization won't work properly.

    Expecting ad sites to run SSL is unreasonable. That would run up the cost of operating a content farm substantially. Made-for Adsense sites would have to have their own IP addresses; virtual hosting wouldn't work.

    1. Re:You're the product, not the customer. by stanlyb · · Score: 0

      You may think that killing is reasonable, but the law is pretty explicit about it. DO NOT KILL.

    2. Re:You're the product, not the customer. by oakgrove · · Score: 2

      Google is an ad agency. What do you expect?

      To put things in perspective, isn't it fair to say that the vast majority of the web is financed through ads? Something as fantastic as Google which basically equates to a modern day Oracle of Delphi has to be financed somehow. Would you prefer they extract .001/$YOUR_LOCAL_CURRENCY from your bank account everytime you use it? Or if you don't use Google, how about Slashdot? Or any other ad financed website/service?

      --
      The soylentnews experiment has been a dismal failure.
    3. Re:You're the product, not the customer. by Anonymous Coward · · Score: 0

      I don't think it's unreasonable.

      I think it's about time that Ad providers take security a lot more seriously. Compromised Ad networks are a major (if not the biggest) vector for the spread of malware. They're juicy targets because one ad network will touch many many clients across huge numbers of sites, while banking on the reputation of an otherwise known good website.

      If, say, an ad network were hijacked via a DNS exploit, HTTPS might provide extra mechanisms to keep bad actors from posing as an ad network in order to spread their malware. Seriously, it shocks me how many people are not worried about how your average modern web page has your browser load and execute scripts from dozens of different domains. The attack surface on a facebook page is staggering!

      I say that sites should demand that advertisers use HTTPS. Advertisers that have bad behavior can have their certificates revoked by cert authorities, providing hard incentive to take security seriously.

    4. Re:You're the product, not the customer. by Anonymous Coward · · Score: 1

      You may think that killing is reasonable, but the law is pretty explicit about it. DO NOT KILL.

      Crap. The law is far far more nuanced than that on the subject of killing.

    5. Re:You're the product, not the customer. by Anonymous Coward · · Score: 2, Insightful

      I would love to pay for Google. I would rather pay, get zero ads (without ad blocking), and BE the customer. Let the company's interest align with pleasing me rather than USING me. Today, there is rarely an option to pay for services directly. So you're only choice is often a "free" service where your every movement is harvested for ad dollars.

    6. Re:You're the product, not the customer. by sexconker · · Score: 3, Insightful

      This is why you disable third party cookies, and use ad block plus and noscript.

      Users have to be proactive about security. Nearly every fucking site out there is actively working against good security practices even when they're not compromised by an attacker. The browsers are all in a race to reach stupid version numbers, pass some arbitrary and ridiculously convoluted css benchmark, and enable javascript bloat by endlessly tweaking the performance of the js engine.

    7. Re:You're the product, not the customer. by praxis · · Score: 1

      . Would you prefer they extract .001/$YOUR_LOCAL_CURRENCY from your bank account everytime you use it?

      Yes and no.

      The problem with ad-supported the searcher-is-the-product Google is that it is exploitative to those that don't realize the ramifications since it's not in Google's best interest to be completely honest with how they operate and monetize. Those in the know can prevent some of those techniques they understand from harvesting their every bit, but the majority are in the dark. To me, that feels a bit underhanded.

      The problem with for-pay the searcher-is-the-customer Google is that any payment scheme that is easy and secure to use today will require tying all those searches to an account, giving Google not only revenue from searchers, but unavoidable information about them too. That's double-dipping, and feels a bit overmuch.

      One could I suppose sell anonymous search codes at the local cash shop and have them be good for 100 searches or whatnot. Or some other scheme, but that's not very cheap in a cost per payment method nor is it very convenient.

    8. Re:You're the product, not the customer. by oakgrove · · Score: 1

      The problem with ad-supported the searcher-is-the-product Google is that it is exploitative to those that don't realize the ramifications since it's not in Google's best interest to be completely honest with how they operate and monetize.

      Google spells out very clearly how adwords works. I'd make the argument that in many ways the relevant ads actually enhance the search experience. Often times people use Google for just that, buying stuff. If an ad sucks and misrepresents the product, I might click it but then I'm going to hit faster than you can say it. Google clues into this and charges the advertiser more next time around as the ad is obviously not relevant. The advertiser feels the pain and fixes the ad. Everybody wins. I search for "linux laptop" and see a very relevant ad for system76.com so I win. If I searched for that and saw an ad for dell.com that took me to "We recommend Windows 7" landing page, believe me, Dell will be spending more money on Google in the future.

      For the other 90 percent of the time when I'm not wanting to buy anything, I can easily ignore the right hand side of the page and the little bar at the top where the ads are.

      --
      The soylentnews experiment has been a dismal failure.
    9. Re:You're the product, not the customer. by tomtomtom · · Score: 2

      Even with ABP and noscript and disabling third-party cookies this behaviour will still bite you. Refcontrol is what you need to stop Google telling the sites you visit what your search terms were.

    10. Re:You're the product, not the customer. by oakgrove · · Score: 2

      I search for "linux laptop" and see a very relevant ad for system76.com so I win. If I searched for that and saw an ad for dell.com that took me to "We recommend Windows 7" landing page, believe me, Dell will be spending more money on Google in the future.

      Well, damn. I used that purely as an example and just for shits and giggles, I tested it. Sure enough, the Dell ad at the top takes you to a "recommend Windows 7" page and the system76.com ad at the right is actually relevant. Ain't that a bitch. Maybe I'm wasting my talent as should get into advertising!

      --
      The soylentnews experiment has been a dismal failure.
    11. Re:You're the product, not the customer. by sexconker · · Score: 1

      Passing on referral information isn't really a security concern (unless some shitty site relies on referral headers for any sort of user action or authentication).
      It's a privacy concern.

      Important, but no where near as important to an end user as stopping every random ad and script from loading and firing.

    12. Re:You're the product, not the customer. by Anonymous Coward · · Score: 0

      Sorry to tell you, but Google does this already via Local Search History and the Eternal Cookie.

    13. Re:You're the product, not the customer. by praxis · · Score: 1

      What exactly did they share and with whom when I searched for "occupy seattle". And what did they store, and when and with whom did they share that stored data.

      If you cannot answer that question in the specific, it's not clear enough. 'We share data with people' is not very clear.

    14. Re:You're the product, not the customer. by oakgrove · · Score: 1

      I just searched for "occupy seattle". There is not a single ad on the page. If you searched for that and saw an ad subsequently clicking on it, the site you clicked on knows you searched for that. It's not really that complicated. As far as I know, if you are using the https google page, none of the organic search results you click on know you found them buy typing "occupy seattle" into google. You are up in arms over nothing. Really.

      --
      The soylentnews experiment has been a dismal failure.
    15. Re:You're the product, not the customer. by Anonymous Coward · · Score: 0

      Your talent of being a fucking troll?

    16. Re:You're the product, not the customer. by Anonymous Coward · · Score: 0

      No, my talent of entertaining myself standing in line waiting to buttfuck your mother.

  3. overriding browser how? by Hazel+Bergeron · · Score: 3, Interesting

    Google passes Referer info from https to http how?

    1. Re:overriding browser how? by davidbrit2 · · Score: 1

      I'm wondering exactly the same thing. Isn't this behavior a function of the web browser? How would Google be altering it without some elaborate HTTP redirect tricks?

    2. Re:overriding browser how? by Anonymous Coward · · Score: 0

      I suspect it is an elaborate HTTP redirect trick. They're only doing it for advertisers, so the ads probably link to an http Google site, which then further redirects the user to the real site.

    3. Re:overriding browser how? by EvanED · · Score: 1

      Google has been using "elaborate" HTTP redirection tricks for ages.

    4. Re:overriding browser how? by hedwards · · Score: 1

      I'm trying to figure out how this is somehow unexpected. My understanding was that traffic between me and Google was being done via SSL, not traffic from Google to the site.

      Ultimately, this is a significant improvement over how it was previously, done, but shy of requiring all traffic to be over SSL, I'm not really sure how much better this could be.

    5. Re:overriding browser how? by Anonymous Coward · · Score: 0

      Browsers normally don't send the referer if you request an insecure resource from a referral from a secure resource. This is to avoid leaking the pages you visit over SSL in the clear. However, if Google redirects you to an outbound link shim that's served over HTTP and provided with the details of the query, then the referral from that to the target site WILL contain those details.

  4. Winded and pointless by Anonymous Coward · · Score: 2, Insightful

    The gist: Google actively hides referer data when linking from the new SSL site, even if the site that is linked to is also an SSL site, except when the link is an ad.

    Well, tough titties. It's Google's site, they can link to you any way they want. If they want to redirect the visitor in a way that hides the query from the linked-to site, that's their prerogative. They could simply make their whole search engine POST the query and you'd never see the search terms, not even with plain HTTP. What are you gonna do about it? Oh right, whine on your blog and have Slashdot link to it.

    I turn off the referer header in all browsers and proxies I set up. With the exception of a few shady third-rate direct download web sites whose hotlinking protection trips over this, nobody requires it. One information leak less to worry about. Eat shit, SEO scum.

    1. Re:Winded and pointless by TheLink · · Score: 3, Insightful

      I don't see why it's such a big problem.

      Solutions/workarounds:
      a) just don't click on the ads
      b) block google ads from their search page.

      Should be easy to do a) right?

      --
    2. Re:Winded and pointless by makomk · · Score: 1

      Unlike with normal search results there's intentionally no way to find out what URL a Google ad goes to without clicking on it, which means that if the ad is relevant people probably will click it.

  5. Summary by sakdoctor · · Score: 1

    Both TFA itself, and the summary could do with a summary.

    ...a manner significantly different than the standard, namely, passing the refer to a non-secure site with Google ads, whilst withholding it from another secure site, going against normal browser behavior.

    1. Re:Summary by Anonymous Coward · · Score: 3, Informative

      Summary for the security conscious: since you switched to using https://encrypted.google.com months ago, you're fine, nothing new here. Move along.

      Summary for the masses: Google is now using security by default (if you're logged in), but it isn't quite as secure as is possible.

  6. Definitely sucks for search keywords by youn · · Score: 1, Insightful

    https move in itself is not bad... but the way it is implemented messes up statistics (you know that stuff came from google but no search keywords) and operation of some sites (display a page with the queried keyword to boost relevance). They say it affects less than 1% of the queries only logged on users).. but I think that is a low number.... who is not logged into gmail? maybe not everybody but I suspect figure is higher than 1%

    Among others, they could in theory fix that with a redirect to an http site they own, then redirect to the final site.. I am sure there are other ways if they sit around long enough.

    definitely a lot of webmasters pissed, that is sure

    --
    Never antropomorphize computers, they do not like that :p
    1. Re:Definitely sucks for search keywords by mmcuh · · Score: 1

      Does this mean that "webmasters" will stop trying to optimise their pages after search word hits? That can't possibly be a bad thing.

  7. Yawn by TheEyes · · Score: 5, Insightful

    You know, I'd be a lot more concerned about this kind of thing if we weren't hearing Slashdot stories crying wolf practically every day. I'm just not impressed with people trying to call Google evil anymore; none of these so-called revelations have panned out so far, so how likely is this one to go any differently?

    1. Re:Yawn by youn · · Score: 1

      Google may be evil... but it is definitely not black or white... it's blue red yellow and green (well at least its logo is lol)

      --
      Never antropomorphize computers, they do not like that :p
    2. Re:Yawn by Anonymous Coward · · Score: 0

      No, black is grey, white is grey and google are a for profit company. Good or evil don't come into it.

    3. Re:Yawn by amicusNYCL · · Score: 1

      Regardless of the actual intentions, I do not believe that this appearance is in the best interests of Google in the long run.

      Slashdot: Opinions of nerds. Does this matter?

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    4. Re:Yawn by Nimey · · Score: 1

      Yeah, this. Slashdot's "journalism" isn't trustworthy.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    5. Re:Yawn by Raenex · · Score: 1

      "See no evil, hear no evil, speak no evil."

    6. Re:Yawn by Anonymous Coward · · Score: 0

      So if somebody is seen murdering somebody, and then he's seen again, and again and again, at some point you STOP believing he's a murderer?

      Because that's the analogy of what you just said.

      It really made you *stop* believe that you're the product and money is made off of selling your privacy to the highest bidder??

      Listen. If they wouldn't do it, they would be replaced in a couple of days in your industrial-feudalism-based economy. Only the biggest dick wins.

      Blind ignorance FAIL

    7. Re:Yawn by TubeSteak · · Score: 2

      FTC Gives Final Approval to Settlement with Google over Buzz Rollout
      http://www.ftc.gov/opa/2011/10/buzz.shtm

      The settlement resolves charges that Google used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. The [FTC] alleged that the practices violate the FTC Act. The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.

      Google has made numerous mistakes and misteps with regard to "don't be evil"
      If you bothered to read the follow up stories, you'd see that the boy is crying wolf because there is a wolf.

      --
      [Fuck Beta]
      o0t!
    8. Re:Yawn by stanlyb · · Score: 1

      It is a fable. If you see a guy running out of the special medical center, screaming: Black is Black and White is White, and you see some guys in white chasing him, then you could say Black is Gray, White is Gray, Google is NOT evil. And the end is near.

  8. a bit confused... by CheshireDragon · · Score: 1

    I have not reached the security/SSL stuff in my IT course yet so could someone explain this a bit?
    I did RTFA, but I am still at a loss as to how and where the problem lies. I typically don't use the HTTPS portion of the Google searches because I don't really care what they know I am searching for. Other places that are slightly more important, like FaceBook, I do browse using HTTPS.

    --
    "That's right...I said it."
    1. Re:a bit confused... by Anonymous Coward · · Score: 0

      The overall idea here has almost NOTHING to do with SSL.

      When you are served a webpage, and you click on a link on that page, most browsers by default include a "Referrer" tag to let the site you're going to know where you came from. This is not the case with SSL enabled sites, browser behavior by default does not include a referrer field if you click on an unencrypted link on an encrypted page, (to prevent the store advertising on your bank's website know what exact page on their site you came from for example).

      The point behind this is that Google appears to be circumventing that default behavior, and sending referrer information from both HTTP:// and HTTPS:// search pages to ad-sense buyers, but only sending HTTP:// referrer information to non-buyers.

      IMHO: it's a value added service. I see no problem with this whatsoever. All google is doing is setting a global non encrypted cookie for non-secure sites to read when you're searching using the encrypted search engine. Personally, I'm in favor of the referrer field in any case! (I enjoy seeing people end up on a computer parts website having come from youporn. :P

    2. Re:a bit confused... by Galestar · · Score: 1

      Yes but they are also NOT sending the referrer information when you click on a link that is secure.

      --
      AccountKiller
  9. How they do it... by Manip · · Score: 1

    If anyone was wondering how they do it, they're using JavaScript when you click a link instead of allowing the browser to open the link "normally." e.g.

    window.open("").location.href = "http://www.example.com";

    This results in the page opening as if it was a "new page" rather than as if it came from any

  10. So? by Anonymous Coward · · Score: 0

    And who the hell is Lauren Weinstein and why the hell would anyone give a shit what he thinks about Google in the long run?

  11. The site should get this data by dracocat · · Score: 4, Interesting

    If I am paying per click for certain search terms, then this data SHOULD be passed along. The other alternative is to just get a bill from google and trust that it is accurate?

    As an advertiser I need this information. First to make sure I get the clicks google is charging for me, and more importantly to determine which words don't have a conversion rate worth paying for.

    1. Re:The site should get this data by Anonymous Coward · · Score: 0

      Mod up parent, this make complete sense...

    2. Re:The site should get this data by Galestar · · Score: 1

      Yes but they are also NOT sending the referrer information when you click on a link that is secure. Those that SHOULD be getting the information, but since they didn't pay Google for it, Google doesn't send it to them.

      --
      AccountKiller
    3. Re:The site should get this data by icebraining · · Score: 1

      Those that SHOULD be getting the information

      Why? Who decided that?

      --
      Dilbert RSS feed
    4. Re:The site should get this data by Anonymous Coward · · Score: 0

      No, it doesn't. He is only seeing half the picture

    5. Re:The site should get this data by Galestar · · Score: 1

      according to SSL specifications. go RTFA ... but of course the "score 4 interesting" grandparent obviously didn't, why would anyone expect you to

      --
      AccountKiller
    6. Re:The site should get this data by icebraining · · Score: 1

      The spec only says that if it's a link, which it isn't (it's a Javascript redirect). In fact, Google can't break the SSL spec, since it's the browser, which they don't control, that has to abide by it.

      So again, why?

      --
      Dilbert RSS feed
  12. Bad meme by Anonymous Coward · · Score: 2, Informative

    You're the product, not the customer.

    This meme needs to die. It superficially seems to have a message which rings true with slashdotters, but really doesn't deliver.

    Just because a company is ad funded, doesn't allow a free-pass to provide crap service, whether that be search, or a social network.
    You seem to be forgetting that this isn't television, and power users have unprecedented control over how content is displayed, if at all.

    The second mistake you people make, is to think yourself part of some geek elite, where actually every kid or gamer can download the tools to control their web experience.

    "You're the product, not the customer." basically says that an ad funded company is expected to act as evilly as possible, just because of the way it's funded. The reality is that sometimes there are conflicts of interest, getting it wrong tends to cause a backlash among more technically minded, and generally loud users. Facebook will tend to get away with more than google in this case, because of the technical experience of their users.

    Do your part. Add to the conversation, and don't be a sheep by modding this meme up.

    1. Re:Bad meme by aix+tom · · Score: 1

      >"You're the product, not the customer." basically says that an ad funded company is expected to act as evilly as possible, just because of the way it's funded.

      Of course Google isn't acting as evil as possible. Google is nice to us. The same way a hunter is nice to the game by not scaring it off by making a ruckus in the woods, or a fisherman will never splash around in the water, and even thrown in a couple of nice yummy bait bits before putting the fishing rod in.

    2. Re:Bad meme by sexconker · · Score: 2, Funny

      Trollpost is trollpost.

      A search company that sells ads has a fundamental conflict of interest:

      Provide better search results to get more users.
      vs.
      Inject more ads into search results to get more money, and sell more user information to get more money.

      There is no getting around this.
      When Google started out, their product was the search results.
      When Google got big, they switched to being an ad company.

      The only company with more fanboy zealots than Google is Apple. Google will never have to pay the piper after screwing users over because the zealots will blindly defend them, and they'll be louder than any opponents. People who get fed up with Google's shit won't rage about it - they'll quietly stop using Google's services.

      Remember Google Buzz? Me either. But apparently some people were mad about it, and there were even the usual bullshit stories about "I got caught cheating on my husband because of Buzz!", just like how there's always a bullshit story of someone getting tracked when a location service is turned on (like the recent "Find my iPhone" shit, or a story of someone getting nerd justice against a laptop thief a week after an Apple iMac conference, etc.).

      So what did Google lose? A few people disabled Buzz. Well not really, they hid the Buzz tab. Because the language for the option to truly disable Buzz says it will delete your Google profile. What's that? Does that include your Gmail address? Your calendar? What about your youtube account that they forced you to link? Picasa? Who knows, better not click it, just hide all the Buzz notifications and sharing options.
      And now they're killing off Buzz because they have Google Plus. And Google Plus has far more users than Buzz ever did. Nobody got mad enough to stop using Google. Everyone got kind of annoyed and said no to Buzz. Then Plus came out, invite-only as usual, (to create a false sense of scarcity / exclusivity, thus increasing demand) and nobody learned anything.

    3. Re:Bad meme by gutnor · · Score: 2

      "You're the product, not the customer." basically says that an ad funded company is expected to act as evilly as possible, just because of the way it's funded.

      Actually, it means exactly the opposite. Google does everything to provide better product to their client. That means, not annoying people, giving them the ads they are most likely to click on, giving them tons of excellent free tools so that they stay within the Google network and therefore helps Google getting the best value for its ads placements. However, as you said, ...

      The reality is that sometimes there are conflicts of interest

      So that is important to remember and why the meme is somewhat useful.

    4. Re:Bad meme by oakgrove · · Score: 1

      A search company that sells ads has a fundamental conflict of interest:

      Provide better search results to get more users. vs.

      Inject more ads into search results to get more money, and sell more user information to get more money.

      Google penalizes advertisers with irrelevant ads by charging them more. When someone searches for something they want to buy, clicking on ads is a perfectly natural thing to do. If the ads represent the product well and you end up buying, your needs have been met. That is most certainly not a conflict of interest. If an ad misrepresents a product then if some hapless searcher clicks on it, they are probably going to very quickly hit the back button. Google notes this and charges the advertiser more the next time. The advertiser then wises up and makes a better more contextually relevant ad. This makes sense and everybody wins.

      --
      The soylentnews experiment has been a dismal failure.
    5. Re:Bad meme by sexconker · · Score: 1

      Wrong.
      Users go to a search engines to find things and expect unaltered results.
      No user ever wants to see ads, no matter how well "targeted".

      Charging more for misplaced ads simply highlights the conflict of interest - Google recognizes that it's something users don't want, so they balance the other side of the conflict by charging advertisers more and allow the behavior to continue.

    6. Re:Bad meme by oakgrove · · Score: 2

      Users go to a search engines to find things

      You got that much correct. The error in your reasoning is assuming that what you want is what everybody else wants. You may never type in "wholesale flea market merchandise" but, I assure you, many people do. Wading through the organic search listings for a real wholesaler that will actually give you the time of day for an order under 20,000 dollars and who isn't a scam is an exercise in pure frustration. But if a legitimate business can buy a relevant ad and that ad can allow Google to connect that buyer to that business...everybody wins. The buyer can cut to the chase and get the merchandise they want, Google wins because their search engine just got .0000001 percent better based on the quality of that ad and of course the wholesaler wins because they just made a sale.

      Google handles ad placement very well. They are shoved off to the side to be ignored when you want or to be clicked on if you choose to do so. No flash, no blink, no marquee or whatever. That's why Google wins and the other search engines that want to be competitive end up looking and working like Google. But I digress.

      Charging more for misplaced ads simply highlights the conflict of interest Google recognizes that it's something users don't want, so they balance the other side of the conflict by charging advertisers more and allow the behavior to continue.

      That is so backwards. If you pollute Google's results with crap, they charge you. They don't have a heuristics engine to tell if your ad sucks or not. They use how fast a user clicks away from it to tell. Then you pay more. Crowd sourcing in action and it works.

      --
      The soylentnews experiment has been a dismal failure.
    7. Re:Bad meme by Lincolnshire+Poacher · · Score: 1

      > Just because a company is ad funded, doesn't allow a free-pass to provide
      > crap service, whether that be search, or a social network.

      Yes it does, if the alternatives are ( 1 ) no service or ( 2 ) a paid-for service.

      You and I would likely pay for a search engine tailored to our needs, with Alta Vista-style boolean logic and no ads.

      Joe Public won't, so we're landed with the crapfest that is Google and Bing search results.

      Joe Public will be content with a craptastic Facebook experience just because it is free.

      Joe Public will be happy with Google harvesting his e-mail content because IT IS FREE.

    8. Re:Bad meme by sexconker · · Score: 1

      I think you're misunderstanding the function of advertising.
      Advertising is used to promote a product or service that can't promote itself on its own merits.

      Every single time, "organic" search results will be better than ads.

      If Google cared about search quality, they would ban advertisers who foist such ads onto users. Instead, they just charge them more and let them continue doing it.

    9. Re:Bad meme by FireFury03 · · Score: 1

      I think you're misunderstanding the function of advertising.
      Advertising is used to promote a product or service that can't promote itself on its own merits.

      Some advertising does as you say. But a lot of advertising is actually just about making people aware of a product so that it can promote itself on its own merits. It doesn't matter how good the merits are of your product if no one knows about it in the first place.

      Every single time, "organic" search results will be better than ads.

      Untrue. If I search for a piece of hardware, a lot of the search results are going to be people discussing how to make some software work with that hardware, reporting problems with the hardware, praising the hardware, etc. Whilst I might find these things useful, they don't fundamentally answer the question of where to buy that hardware (at least, not without sorting though a miriad of crap first). A well targeted ad will do this.

      If Google cared about search quality, they would ban advertisers who foist such ads onto users. Instead, they just charge them more and let them continue doing it.

      Google has to make money from somewhere, an unlike other search engines of the past they have always done a pretty good job of making it visually obvious when something is an ad and keeping it separate from the impartial search results. This makes it easy for you to choose which you are interested in and ignore the rest.

      --
      http://blog.nexusuk.org
    10. Re:Bad meme by bonch · · Score: 1

      Can I ask something? Why are there so many anonymous Google supporters who post on Slashdot? Does anyone else find it somewhat suspicious how they appear in every single Google article in which they get criticized?

      "You're the product, not the customer." basically says that an ad funded company is expected to act as evilly as possible, just because of the way it's funded.

      No, it simply describes a truth about their behavior and their business model. Google's source of revenue is web advertising, and their customers are advertisers. Your identity is their product, which is why Eric Schmidt described Google+ as an identity service rather than a social network.

    11. Re:Bad meme by Anonymous Coward · · Score: 0

      Can I ask something? Why are there so many anonymous Google supporters who post on Slashdot? Does anyone else find it somewhat suspicious how they appear in every single Google article in which they get criticized?

      No, we don't find it "suspicious". Nor do you, because you know perfectly well that there are always anonymous posters on all sides of EVERY topic.

      Furthermore, absolutely nothing your parent poster said was in support of Google. You cannot and will not show a single word of that post that says any such thing.

      You are not the gadfly you so desperately want Slashdot to see you as, and you never will be.

  13. Gripe by Nom+du+Keyboard · · Score: 2, Interesting

    This just sounds like an individual gripe that somehow got accepted here at /. You don't like it, Google does, move along there's nothing more to see.

    You know, if people don't like how Google runs their business: 1) Don't use it. 2) Start your own competitor. Google wasn't the first search engine. You can go somewhere else, but don't tell them how they should run their own business. That's nebby.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  14. I hate Referer by andymadigan · · Score: 5, Interesting

    I hate referer information when I come from google, mostly because of sites that either:

    1) Highlight my search terms in the page. You don't need to highlight every instance of 'of' in the page, and even highlighting the keywords is distracting.

    2) Put a big fat "Welcome Google User!" (often with horribly colored letters for Google) that beg you to subscribe to the RSS feed.

    I wish there was a chrome extension to hide referrer data just so that I could avoid that.

    BTW: If you want an example of useless highlighting, google for VirtualBox and click on the VirtualBox website. I can't believe someone thought that people who can comprehend what VirtualBox is don't know how Ctrl+F works.

    --
    The right to protest the State is more sacred than the State.
    1. Re:I hate Referer by Anonymous Coward · · Score: 0

      I wish there was a chrome extension to hide referrer data just so that I could avoid that.

      Something like, say, this?

    2. Re:I hate Referer by Anonymous Coward · · Score: 0

      There will be people that take advantage of key functionality, just as there are people that use it to make information more accessible.

      If you don't like the sites that do stupid things like that, google also recently added the "Block all [address-you-just-bounced-from] results" links to sites.. when you bounce off the pages. feel free to sign in and block sites that do stupid things like that, and you'll quickly stop looking at sites that do it!

    3. Re:I hate Referer by Anonymous Coward · · Score: 0

      I wish there was a chrome extension to hide referrer data just so that I could avoid that.

      http://lee-phillips.org/norefBookmarklet/

    4. Re:I hate Referer by Anonymous Coward · · Score: 0

      Fuck you, I think it's a usefull feature.

    5. Re:I hate Referer by wigbold · · Score: 1

      I've grown to really like NoScript for this. VirtualBox was simple when I clicked, and only got distractedly highlighted when I temporarily allowed it to execute scripts. Cheers!

    6. Re:I hate Referer by NovaSupreme · · Score: 1

      >> I wish there was a chrome extension to hide referrer data just so that I could avoid that.

      You can do it on firefox by setting following key network.http.sendRefererHeader to 0. Not sure if Chrome has something similar, though.

  15. Follow the Money! by mrnick · · Score: 1

    Google is no more Evil than any company out there trying to make a buck. Do they care about their users? Sure, but only up to the point where it hurts the bottom line to do so.

    This new tactic moves along the same line as their view on SEO. Do they want to make it more difficult to obtain better ranking in their site? Yes, but only to the point where they make it easier to pay to get better position within listings.

    Is this new process for handling SSL information biased towards their paying customers? Obviously, they are looking to differentiate their free and paid service. If this were to move into larger deployment, say all users (logged in or not), they would be able to offer, as a premium, to their paying customers rereferer data exclusively.

    Follow the money! Does the fact that Google is out there to make a buck surprise anyone? I understand that's their goal and I don't consider them to be Evil because of it.

    With that said it seems clear that they are not using standard SSL and therefore they should not be able to advertise that their site uses SSL or HTTPS, IMHO.

    --

    Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
    1. Re:Follow the Money! by Todd+Knarr · · Score: 1

      They're using SSL in a standard way. What the article gets confused is the difference between SSL (the protocol used to encrypt connections) and HTTP Referrer header handling (used to pass referrer information to the target site). Note that the two have nothing to do with one another.

      The convention has been that when the source page is https: and the target page is http: the Referrer header is suppressed, while if both are https: the Referrer header is passed normally. Google's changed this to a different rule: if it's an organic seach link the Referrer header is suppressed always, if it's a paid placement link the Referrer header is sent always. That's a change from conventional HTTP Referrer behavior, but not a change in SSL at all.

      And I'd note that it also has nothing to do with paying for position within the organic listings. You can't pay for placement there. All you can buy is advertising space separate from the organic listings.

  16. how is this breaking anything? by shadowrat · · Score: 1

    TFA implies that google is somehow causing my browser to send unencrypted data? I'm not an ssl expert, but i thought the expectation set by ssl is that communication between my browser and google would be encrypted. What google chooses to do with the data i sent them (my request headers, form inputs, etc) has nothing to do with ssl. As far as i know there is no SSL standard that says all data posted over ssl must only be transmitted via ssl from then on.

    Google can take my referers and post them on the good year blimp at the superbowl. How is that significantly different from expected end to end behavior?

    1. Re:how is this breaking anything? by Galestar · · Score: 1

      How about you try reading TFA before asking stupid questions.

      --
      AccountKiller
  17. When a service is provided for free... by sirwired · · Score: 1

    When a service is provided for free, you aren't the customer, you are the product.

    Google handed out my referrer data before, to everybody, for free. Now they restrict it to clicks on ads. My overall privacy has increased. I imagine ad buyers would revolt if they didn't get the referrer data they have always gotten from Google. Google, quite properly, doesn't give a flying *bleep!* about webmasters collecting referrer data on clicks they are getting for free.

  18. Actual question by Bengie · · Score: 1

    Outside of advertisement info, why is this "referrer" data important?

    If this is somehow reducing my security, I can see a problem, but if it's just data to help websites know who their customers are, then why should I care?

    Google provides a service. They give it free to the customer and if you want your website to have an advantage, then you pay a premium for access to Google's services.

    To me this sounds more like a QQ, but I am interested to know if there's something I'm missing as I am not knowledgeable in this area.

    1. Re:Actual question by maxwell+demon · · Score: 1

      The point is, if you are using SSL, you probably do so because you don't want someone in between to read your search terms. Now the referer contains your search terms (as part of the URL), therefore if the referer is sent to a non-SSL site, your search terms can be read in the clear.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  19. SSL is a red herring here by psydeshow · · Score: 1

    This isn't Google somehow modifying the way SSL and referrers work in your browser -- after all, in the normal course of things, you browser is in charge of deciding whether to send a Referer header or not.

    This is Google using a JavaScript method to intercept and handle clicks on their site. In some cases the JavaScript does a redirect through non-HTTPS Google so that the referer is sent. In other cases it goes directly to the result site, no referer (as expected).

    They could (and probably do?) use a similar trick for non-HTTPS search users.

    1. Re:SSL is a red herring here by Galestar · · Score: 1

      Well, except they also do not send the referrer to https website that do not pay. That is the 2nd problem.

      --
      AccountKiller
  20. IE on XP needs an IP per site by tepples · · Score: 1

    The days of concern over the CPU overhead of HTTPS are long past.

    But the days of concern over the IP address overhead of HTTPS are still with us, and they will remain with us until Windows XP and Android 2.x go away. IE on XP and Android Browser on Android 2.x don't support Server Name Indication (SNI). And without SNI, a user agent can see only the first certificate on port 443 of a given IP address, not the certificates for any of the other dozens or hundreds of domains that may be hosted on that server.

  21. Google has become unreliable by msobkow · · Score: 1

    Lately I'm finding Google is getting increasingly unreliable about finding references I want, specifically regarding politics, the economy, and Occupy.

    Ask has been filling in the gap quite nicely, but I don't like what seems to be censorship by Google.

    --
    I do not fail; I succeed at finding out what does not work.
  22. Actually Google didn't touch your Referrer before by realxmp · · Score: 1

    Referrer information is typically a function of the browser and is passed in your HTTP headers you're sending to the site you're going to. Normally referrer information doesn't persist when you click a HTTP link from a HTTPS page but do when you click a HTTPS link from a HTTPS page. According to the article what Google are doing here is ACTIVELY interfering with the normal functioning of this information. Adding javascript tricks to prevent it being passed to HTTPS pages when it's not a paid link and using similar tricks to ensure advertisers do get that information, regardless of HTTP(S) status. If google didn't give a beep about web masters collecting referrer data on non-paid links, they wouldn't be using the javascript tricks.

  23. Looks like all pages get referers, not just ads by brion · · Score: 2

    Excellent question -- I was very surprised to see absolutely no analysis of this in TFA!

    Doing a very quick test googling my own blog from https://google.com/ the referer I end up seeing is like this:

    "http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CBwQFjAA&url=http%3A%2F%2Fbrionv.com%2F&ei=fjynTpC4KoSqiQLFvezYDQ&usg=AFQjCNHi_Ia5lQINhrMRGTJyRLFc4ZOajw"

    I don't have any Google ads on my site, so I guess this would be in the "Ordinary Site (http: = non-SSL)" category, which TFA claims gets no referer -- but I do get a referer, and it's an intermediary redirect that's on http, leading the browser to happily send that as referer info.

    Following the same link from https://encrypted.google.com/ shows no referer, indicating that it either went through no intermediate redirect, or an https one (you can see by testing that there is one, also on https://encrypted.google.com/) that didn't pass on referer info from the browser.

    SSL pages on my own site don't seem to be in index, but the intermediate redirects I see on other things like mailing list archives that are in there look the same -- http: redirects from https://google.com/ and https: redirects from https://encrypted.google.com/

    I think it's just sending everything through an http redirect so everyone sees referer data, unless you search from encrypted.google.com.

    --

    Chu vi parolas Vikipedion?

    1. Re:Looks like all pages get referers, not just ads by makomk · · Score: 1

      If you'd clicked on a paid link, apparently you'd have seen a referrer which told you which search terms the user got there from. That's what this is about.

    2. Re:Looks like all pages get referers, not just ads by brion · · Score: 1

      Ah, who gives a rat's ass then? As a user I don't want my search keywords going to third-party sites to begin with, and I don't click on paid links in search results. (It wasn't clear from the original article that this referred to *ad links on the Google page* and not *links to sites with google ads*.)

      Far more worrying is that the redirect always goes through HTTP, giving a chance for MitM attacks to sniff or alter your target traffic -- for instance redirecting you from what you thought was a nice safe HTTPS link to a phishing site.

      --

      Chu vi parolas Vikipedion?

  24. In other Google Search news... by AlienIntelligence · · Score: 1

    I submitted a post that Google has stopped using the + symbol
    to denote boolean AND, (ie specifically to require the word in
    the results.)

    It has been replaced with double quotes.

    I for one find it EXTREMELY annoying after a decade and a half
    of the 'correct way' to have to completely relearn the new way.

    http://slashdot.org/firehose.pl?op=view&id=24913740

    -AI

    --
    For me, it is far better to grasp the Universe as it really is than to persist in delusion
    1. Re:In other Google Search news... by makomk · · Score: 1

      Oh dear. That explains why I've been failing to get their over-active autocorrect not to "correct" my queries as of late.

  25. Isn't referer sent by the browser? by Anonymous Coward · · Score: 0

    I thought referer was sent by the browser. How does google interfere with this process? The referer is sent as part of your HTTP requests. They come from you, not from the site you were previously on.

    Does this have something to do with link redirectors?

  26. Re:First post trolls by Aighearach · · Score: 0

    lol dorkus you want to waste your mod points defending whatever passes for "honor" in clan Coward, here is another one for you! Cowards suck, get an account... if you can afford it! lololol