Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome 25 Will Serve Searches Over SSL From the Omnibox For All Users

Posted by timothy on from the defaults-matter dept.

An anonymous reader writes "Google on Friday announced yet another security improvement for Chrome 25. In addition to killing silent extension installation, the omnibox in Google's browser will send all searches over a Secure Sockets Layer (SSL) connection. Chrome already does this for users who are signed in to Google: when they search from the address bar, their queries are sent over HTTPS. As of Chrome 25, however, the same will happen for users who aren't signed in to Google."

101 comments

  1. Great by Spy+Handler · · Score: 3, Funny

    good to know that Google values our privacy so much.

    Not like that other internet site that sells everything about you except your underwear to the highest bidder, and forces you to use your real name for everything.

    1. Re:Great by Anonymous Coward · · Score: 0

      good to know that Google values our privacy so much.

      Not like that other internet site that sells everything about you except your underwear to the highest bidder, and forces you to use your real name for everything.

      Huh? Privacy? You do know that your searches go to Google one way or another, so they know what you search for, SSL or no SSL.

    2. Re:Great by fish+waffle · · Score: 2

      Yes, it's a double-edged sword. On one hand, snooping on what you search for by intermediaries is a bit harder, but on the other hand attributing a specific search to you is now just a bit easier.

    3. Re:Great by Anonymous Coward · · Score: 3, Informative

      Not like that other internet site that sells everything about you except your underwear to the highest bidder, and forces you to use your real name for everything.

      I think you mean to imply that Google do in fact sell information about you and I don't think there's any evidence of that. They gather as much info as they can, they use it and aim to profit from it by advertising to you - and that may be bad enough - but as far as I can tell they don't sell it to anyone else, rather they hoard it and preserve it as their own goldmine. Am I wrong?

    4. Re:Great by Bing+Tsher+E · · Score: 1

      Yes. It's good to know that Google is insuring they are the only party that will be eavesdropping on your searches. They'll protect you, and as a value-add prevent their competitors from eavesdropping.

      Ummm...

    5. Re:Great by Anonymous Coward · · Score: 0

      In relation to the article, how is it easier, exactly?

    6. Re:Great by Spy+Handler · · Score: 1

      i was being sarcastic.

    7. Re:Great by PopeRatzo · · Score: 1

      Huh? Privacy? You do know that your searches go to Google one way or another, so they know what you search for, SSL or no SSL.

      We've got to tell Google to keep it's hands off of our searches!

      --
      You are welcome on my lawn.
    8. Re:Great by craigminah · · Score: 1

      Secure or not, your searches are still stored indefinitely in Google's hollowed-out volcano...

    9. Re:Great by Anonymous Coward · · Score: 0

      Because now they know that when the person they think is Alice (previously known to search for "why does my Mum hate my boyfriend", and "best cars for back seat action") searched for "morning-after pill" and that it was really her doing it, and not Malloy interfering with the stream, and the value of the information increases. Also, prevents Malloy Advert Inc. stealing search information passing though thir equipment. Even if it's not going to make much practical difference, they can still tell investors about it.

    10. Re:Great by Anonymous Coward · · Score: 0

      good to know that Google values our privacy so much.

      It doesn't. But it exists in a competitive marketplace, which proportionately forces it to provide people what they value.

      This includes both end-users and developers, as Chromium is the most free major Web browser existence.

      If Google doesn't provide a certain feature (boosting its own PR in the process), then a competing browser or an add-on or a fork will.

      --libman

  2. How does firefox handle searches? by ZiakII · · Score: 2

    Now I'm interested in how Firefox handle searches? Anyone know?

    1. Re:How does firefox handle searches? by Anonymous Coward · · Score: 1

      Current versions(from 14 forward I think, but no definitely not older than that without an addon/changed search) uses HTTPS for the default Google search bar. Don't know about searches from the Awesome bar.

    2. Re:How does firefox handle searches? by Anonymous Coward · · Score: 1

      I always remove the search bar, and have all address bar suggestions turned off, but TFS has me worried. It mentions searching from the address bar.
      When I type or paste a URL into the address bar, it doesn't get sent to a search engine, does it?

    3. Re:How does firefox handle searches? by Hatta · · Score: 2

      However you want it to. Just click the drop down arrow at the left of the search box, and it will give you a selection of engines. If you want Google SSL, it's there. If you want Duck Duck Go, it's there. Mine even has Wikipedia, Twitter, and Amazon entries.

      I'm not sure how comprehensive the default install is, this particular selection of search engines might have been configured by the person who packages it for Debian.

      --
      Give me Classic Slashdot or give me death!
    4. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      TLS

    5. Re:How does firefox handle searches? by mrheckman · · Score: 4, Insightful

      Use the HTTPS-anywhere addon, from the EFF (https://www.eff.org/https-everywhere). It has rules that cause Firefox to automatically use HTTPS for dozens of web sites, including Google Search and APIs.

    6. Re:How does firefox handle searches? by Blimbo · · Score: 1

      Good call. Added Google SSL to the search bar. I use https://encrypted.google.com/ as my normal Google page. Main reason for that is i prefer the results opened a new tab rather then showing in whatever page i happen to search from, or having open a new tab.

    7. Re:How does firefox handle searches? by markdavis · · Score: 2

      I think that one using Google would worrying about security of their searches a little funny and ironic. The Google way: Give us access to all your Email, all your contacts, your location, your calls, the apps you install, all your searches, all your comments on Google+, your research on Google Maps, your shopping, all your purchases with Google Wallet, tracking you with Adsense from millions of sites, storing your passwords in Google's browsers, recording your network passwords in your Android accounts, sniffing the neighborhood's WiFi, storing your photos and comments in Picasa, holding pictures of your house and cars/property in Google Earth and Streetview, recording your viewing habits on Google TV, sifting through your files stored on Google Drive, following your movements with location history, who you chat with on Google Talk and Hangouts, etc, etc, etc, etc, etc, etc, etc

      Anyway, if you ARE concerned about the privacy of your searches, this visit this site in *ANY* browser: https://startpage.com/ And note that when you visit there in Firefox, they will provide a link called "Add to Firefox" and that will install their info into your search box which is always encrypted. But most importantly, you are not giving away all your searching to Google, even though you get most of the same results as if you went to Google directly. One should never have all their eggs in one basket.

    8. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      By default I think Firefox uses plain HTTP for searches. However, it is easy to change the default behaviour in Firefox and Opera (probably in other browsers too) by changing your search settings. When I install a browser I generally check this to make sure searches are covered by HTTPS.

    9. Re:How does firefox handle searches? by similar_name · · Score: 1

      If you hit alt enter instead of just enter it will open another tab. Also middle click will open links in a new tab.

    10. Re:How does firefox handle searches? by farble1670 · · Score: 1

      One should never have all their eggs in one basket.

      WTF does that mean? i should spread my personal information across a variety of website. yeah, good advice.

      do i trust google more than whatever nefarious entity runs startpage.com? i sure do. i know google will do everything possible not to expose my persona info, because if they did, their business would go down the toilet. how many people would keep using gmail, search, etc if they knew google was leaking personal data to 3rd party companies? they have a financial interest in protecting my data. sure that doesn't mean they won't screw up, but if it comes to that, i think the odds are better at google than say startpage.com.

    11. Re:How does firefox handle searches? by markdavis · · Score: 3, Insightful

      I will explain what it means...

      You might trust Google, but do you really want to trust them with EVERYTHING? If you separate off your searching to something else, it greatly enhances your privacy, especially since you are not "signed in" to something like Startpage. I am not saying that Startpage is some great, perfect system (pick something else, then). All I am saying is that from a privacy standpoint, it makes sense to not to give ALL your data to one entity. Hence- not putting all your eggs in one basket.

    12. Re:How does firefox handle searches? by Hadlock · · Score: 1

      Until recently (October 2012?) their google searches were sent in plaintext. Now they're sent via SSL.

      --
      moox. for a new generation.
    13. Re:How does firefox handle searches? by BZ · · Score: 1

      SSL by default for Google since Firefox 14, back in July 2012. See https://bugzilla.mozilla.org/show_bug.cgi?id=633773

      For other search engines it depends. For example, Wikipedia has asked that the search through their search plugin keep happening over HTTP for now (see https://bugzilla.mozilla.org/show_bug.cgi?id=758857 ).

    14. Re:How does firefox handle searches? by swillden · · Score: 1

      I'm not sure how comprehensive the default install is, this particular selection of search engines might have been configured by the person who packages it for Debian.

      It probably comes with a few out of the box, but Chrome also automatically adds other sites to the list as you use them. I'm not sure how it works, exactly, but I think Chrome uses some sort of heuristic to recognize sites that provide a search function of some sort, and adds them to the list. My browser has several dozen different "search" sites in the list, including many that I didn't even realize had a search function.

      Another non-obvious and really useful feature is that you can edit the "keyword" for each "search engine". I have several configured. For example, the web-based employee directory at work is called "teams" so I set that keyword to "t". To find someone I type "t" and then a space in the omnibox, then the name, or whatever search terms, then hit enter. I use amazon a lot, so I set its keyword to "a". "b" searches the bug tracker, "m" searches the internal corporate search engine, "bh" searches B&H photo, "map" searches Google Maps, "w" searches Wikipedia -- but since Google does a better job of searching Wikipedia than Wikipedia's search engine, I put in a URL that searches Google with a "site:wikipedia.org" added to the query.

      Of course, if I don't type a shortcut and hit space, then the omnibox does its normal thing of trying to figure out if what I typed is a search or a URL.

      If there's a site that is searchable that Chrome doesn't add to the list automatically, you can add it manually, just figure out the search URL and then put "%s" in where your search terms should go.

      Chrome rocks.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    15. Re:How does firefox handle searches? by arth1 · · Score: 1

      I always remove the search bar, and have all address bar suggestions turned off, but TFS has me worried. It mentions searching from the address bar.
      When I type or paste a URL into the address bar, it doesn't get sent to a search engine, does it?

      It can, depending on your browser and typing skills. Some browsers, if they can't find a server matching what you typed, they will send the string to your "default" search engine, or in one case Google no matter what.
      So when you by mistake enter http;//www.redtube.com/, chances are good that Google will log that you tried to access that site.

      Wonderful, isn't it?

    16. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      I solved that problem my making redtube.com my homepage.

    17. Re:How does firefox handle searches? by klui · · Score: 1

      It's been a while but I used an addon called Add to Search Bar and I think I just right click on the search field while I was at https://encrypted.google.com/ then it gave an option for me to add this field to the search engines. It doesn't provide real time suggestions but I don't care about that.

    18. Re:How does firefox handle searches? by timeOday · · Score: 1

      Google is the one with billions in profits to safeguard, not you. Connecting to them securely will safeguard their proprietary database of your every move from the prying eyes of competitors such as Comcast (unless of course they pay tribute to google first, like anybody else who wants to know what you've been up to). And you don't find that terribly exciting?

    19. Re:How does firefox handle searches? by Dwedit · · Score: 1

      HTTPS Everywhere breaks a LOT of sites. Every time I find a site broken by that addon, I need to disable it there so it works again.

    20. Re:How does firefox handle searches? by Ginger+Unicorn · · Score: 1

      Do you have any examples? - I've never encountered this (unless I have and didn't realise).

      --
      (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
    21. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      I'd rather have websites use http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security than rely on some (buggy I read) addon which only works in a single browser.

    22. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      xhamster.com is way better.

    23. Re:How does firefox handle searches? by water-and-sewer · · Score: 1

      You forgot a big one (although your list is great and somewhat frightening). Use their Google DNS server and they have access to every site you browse to in the course of the day. Another one: give them access to your calendar and to-do list and they can do even more fine-grained profiling of what ads to show you that may be more closely aligned with your shopping habits.

      It scares me, and I own a Google Nexus 7 tablet, which I love. I'm trying to mitigate the risk by surfing the web with Opera, searching using DuckDuckGo, storing my email at Fastmail.fm, my calendar at Fruux.com, and my to-do list on toodledo.

      But it shouldn't be so damned hard. I'm sick of monetizing crap and all the frenzy around advertizements. I almost miss the days of Usenet, text web browsers, and dial up. The user was still winning back in those days.

      --
      If this were Usenet, I'd killfile the lot of you.
    24. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      Firefox?? What's a firefox?

    25. Re:How does firefox handle searches? by RulerOf · · Score: 1

      I've experienced what he's talking about, though I can't remember if it was with HTTPS Everywhere for Chrome or Firefox. I think that what happens is that the HTML (and maybe the JS) for a particular page come down over the HTTPS link, but for some reason, the CSS and/or various other pieces don't, and get pulled down over HTTP... or perhaps they fail entirely. Like they come from a CDN or something that doesn't do HTTPS but that shares a root DNS name that HTTPS Everywhere is programmed to re-write.

      Anyway, the pages look like a website designed by a badger in 1996: Line after line of links at the top of the page corresponding to what would have been a site navigation bar. Stuff like that.

      The funny part is that sometimes the content you were looking for never even shows up. You just get the outline of the page and the JS that was supposed to pull it all down never got to run :P

      --
      Boot Windows, Linux, and ESX over the network for free.
    26. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      Cool story bro.

      Now, what was that about an example ?

    27. Re:How does firefox handle searches? by markdavis · · Score: 1

      +1 on everything you just said.

      Older generation = Know what privacy means but have no clue about the dangers of computers and how they relate to privacy.

      Around my generation = Most know about privacy, and even how computers can erode it, but most don't quite care enough to do anything about it because it is inconvenient or just difficult.

      Younger generation = Have no concept at all as to what privacy is. Think anyone concerned about privacy is totally paranoid and til foil hat.

    28. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      Never had this problem. Maybe on government sites/corporate intranet and other badly engineered crap which I luckily never have to deal with.

    29. Re:How does firefox handle searches? by Anonymous Coward · · Score: 0

      Larry Page is pretty cool but he won't be the CEO forever, you know...

      The problem with trusting your personal information to a company is that companies sometimes get in a situation (due to declining profits/new greedy CEO/greedy stock holder demands) where it is a good idea (from company perspective) to sell private data to... Russia/North Korea/Spain or some shit.

  3. 64-bit by Bigby · · Score: 1

    But is the browser 64-bit yet? Do I still have to have 32-bit Java installed? Or do I still have to prefer to use IE when remoting into work (which requires Java)?

    1. Re:64-bit by JSG · · Score: 0

      What are you on about?

      $ file /opt/google/chrome/chrome
      /opt/google/chrome/chrome: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, BuildID[sha1]=690874ce18d973267436f04ec75877f26a6af0f1, stripped

      Chrome and Firefox have both been 64 bit for years

      Cheers
      Jon

    2. Re:64-bit by ChunderDownunder · · Score: 1

      On linux, sure.

      On Windows, Chrome and Firefox are 32bit.

    3. Re:64-bit by farble1670 · · Score: 1

      Chrome and Firefox have both been 64 bit for years

      chrome is only 64 bit on linux. mac and windows are 32 bit only.

  4. Version 25??? by Sebastopol · · Score: 2

    All those background updates and I never once stopped to think about what rev we were on.

    Huh.

    Well played, google. Well played.

    --
    https://www.accountkiller.com/removal-requested
    1. Re:Version 25??? by markdavis · · Score: 2

      Yeah, because there is something just so classy and sexy about a browser that doesn't tell you what is going or and is resistant to customizations. Even sexier when it is tied to Google, is closed source, and does who-knows-what with all that stuff you do/see/search (Chrome is secret, like IE... at least Chromium you can see inside the code, like Firefox).

      Well played, indeed.

      People using Chrome and who are also worried about a third party seeing their search queries: priceless.

    2. Re:Version 25??? by Anonymous Coward · · Score: 0

      I take it you run only open source software you built yourself from sources you audited, otherwise you're... well, let's say, rather arbitrary in your trustee choices.

    3. Re:Version 25??? by markdavis · · Score: 1

      Of course not- nobody does that (or do they?) But the point is that there is MUCH smaller chance that anyone outside of Google knows what is going on inside their Chrome code when compared to an open-source browser.

    4. Re:Version 25??? by ahabswhale · · Score: 1

      You do realize that Chrome and the javascript and rendering engines it's built on are open source, right? You also realize that Chrome is just a release version of Chromium (with a few extra goodies thrown in like flash player and PDF viewer), right? You also realize you can use a tool like Fiddler to see exactly what Chrome sends over the wire if you don't trust what it reports in it's own dev tools, right? The only part of Chrome that could be considered sketchy is RLZ, but they made that open source so you can see exactly what it does.

      --
      Are agnostics skeptical of unicorns too?
    5. Re:Version 25??? by markdavis · · Score: 3, Informative

      1) Chrome is not open source. It is based on Chromium, which is open sourced, but the build Google takes is not identical code. They can put anything in it they wish.

      2) Fiddler is a proxy, as such, the browser will know it is not directly connected.

      3) Even if one could capture all data as it would normally travel, it doesn't mean one would be able to understand everything it sends. If a blob of data goes to Google at some point, especially when already connecting to their servers with every other page doing adsense, exactly how are we mere, non-Google mortals going to know it is all above-the-board?

      4) Again, RLZ might be open source, but their COMPILE of CHROME that contains it is not... so what you see might not be what you get. Open-source projects, like Firefox, Linux, OpenOffice, etc, are examined and compiled by third parties and not primarily distributed as a owner/maker binary. Even Chromium seems to be obfuscated in ways that make it unsuitable for others to compile and distribute: http://ostatic.com/blog/making-projects-easier-to-package-why-chromium-isnt-in-fedora

      I am not saying Chrome *is* spyware. But I am saying it has the ability to be, and it might be, and we can't really know. It is being released by a company who has a lot to gain by gathering as much info as possible, and a lot of practice doing so (and a huge, unquestioning following).

    6. Re:Version 25??? by ahabswhale · · Score: 1

      1) Fair point.

      2) Fine, don't trust Fiddler either. Use Wireshark or similar tools. There's no rocket science involved here.

      3) Blob? Are you referring to some encrypted transmission? It's pretty damn easy to detect adsense transmissions. There could just as easily be secret transmissions in any Firefox build as well since whoever is doing the build can inject anything they want in there. At the end of the day, you're still putting trust in some third-party to not steal your keystrokes or do whatever the hell they want. There's nothing unique to Chrome about this.

      4) Same deal as 3. Of course, you can always just use Chromium if you don't trust RLZ.

      Finally, I completely disagree with your assertion that we cannot know whether it's spyware. Keep in mind, I can easily make the same argument that we can never know whether Firefox is spyware. If someone really cares to research it and has a clue, they can figure it out. In short, it's unfair to declare that Chrome is some potentially evil spyware project while also questioning Firefox, or any other browser, or any other damn program for that matter.

      Thanks for the FUD with absolutely no evidence to back it up.

      --
      Are agnostics skeptical of unicorns too?
    7. Re:Version 25??? by Anonymous Coward · · Score: 0

      Firefox is FULLY open source. That is a hell of difference when you try to compile your own executable and diff it against the "official" one. You can't "inject" much in Firefox.

    8. Re:Version 25??? by Anonymous Coward · · Score: 0

      Usually I absolutely hate the rhetorical device of making statements beginning "you do realize." But in this case, yeah the GP does fully realize. Acknowledging that would, however, get in the way of one heck of a multi-post crazy rant.

    9. Re:Version 25??? by Anonymous Coward · · Score: 0

      So, when did you last do that? It's not impossible for a rogue maintainer or a hijacked repository mirror to distribute "fixed" packages. When did you last rebuilt your FF and checked the md5sum (and did you check the md5sum's md5sum?)

      There _might_ be spyware in any binary. Unless you watch over your traffic zealously, you can't be sure whether any program phones home or not. OTOH, there are people who do just that - like those who discovered CarrierIQ on the phones - and if they'd find such undocumented feature in Chrome you'd surely know by now.

      You either trust the soft you run, or you build it all yourself and put everything in sandboxes. Running around shouting "But they could!" is like arbitrarily treating men as potential rapists (they sure could, what with penises and all those icky bits).

    10. Re:Version 25??? by Anonymous Coward · · Score: 0

      If it's SSL encrypted with DH key exchange, Wireshark can't decrypt it.

    11. Re:Version 25??? by swillden · · Score: 1
      Reflections on Trusting Trust.

      The paper is very interesting, but if you don't want to read the whole thing, just read the section under the heading "Moral".

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    12. Re:Version 25??? by Sebastopol · · Score: 1

      That sounds like "security through ignorance":

      "I don't know who is watching me, ergo, I am safer."

      Hmmm....

      --
      https://www.accountkiller.com/removal-requested
  5. How about adding a search box? by Anonymous Coward · · Score: 0

    Firefox has one, and even MSIE had one until Microsoft decided to remove it to screw Google. It's so annoying to have to go to google.com and then do a search. Firefox does it the right way.

    1. Re:How about adding a search box? by ArcadeNut · · Score: 2

      The address bar is a search bar. Type in what you're searching for in place of the URL and it will search for you, or are you referring to something else?

      --
      Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
    2. Re:How about adding a search box? by Anonymous Coward · · Score: 0

      You don't know that you can search from the address bar? I mean okay, not everybody knows, but it's in the summary on this very page you're commenting on.

    3. Re:How about adding a search box? by Anonymous Coward · · Score: 0

      Type your search into the address bar. Usually it will do a Google search. Of course sometimes it's annoying and will take you to a web site that has the same TLD as your search term, but it works sometimes.

    4. Re:How about adding a search box? by Anonymous Coward · · Score: 0

      The address bar isn't a real search bar. It's limited to Google web search. You can replace that but you can't have more than one. I'm using around 100 search engines in Firefox (organized), so being limited to one is really not an option. How do you do it to look up things in dictionaries, search movies, places, people, porn, fora, slashdot, stackexchange, software, books, ...? Google can't do all that. Don't tell me you browse to some site and then click on a randomly placed search box.

    5. Re:How about adding a search box? by Omestes · · Score: 1

      Add keywords, just like in Firefox?

      When I type "wiki foo" it searches for "foo" at Wikipedia.
      When I type "def foo" it searches for the definition of "foo"
      When I type "imdb foo" it searches on IMDB for the movie or show "foo"
      Etc...

      I find this easier than using a dedicated search box, since I never have to use the mouse. Ctrl-L, and start typing, or Ctrl-N for a new tab with the "omnibar" selected. I probably have 25 or keyword searches set up, though I only use around 5 of them commonly. And with Chrome my keywords are magically on my mobile devices as well, which is a nice time saver.

      I don't actually miss search bars that much. In Firefox I just use the address bar (what are they calling it these days?), and the same keywords as in Chrome, I never touch the search bar.

      --
      A patriot must always be ready to defend his country against his government. -edward abbey
  6. Google values privacy by pitchpipe · · Score: 5, Funny

    Google does this because they value privacy: the privacy of the data of every aspect of your personal and professional life. The privacy of this data has great value ($$$). Some other company getting hold of this data would certainly lessen its value.

    --
    Look where all this talking got us, baby.
    1. Re:Google values privacy by Anonymous Coward · · Score: 0

      It's like the US president calling up Moscow over the super-encrypted red telephone during the height of the cold war, and going "Hey, how ya doughin'? ... Yeah, uum, look... we're currently missin a few spy planes over Yakutsk. ...So... can you, ya knoh, look if you see them somewhere? ... Here, let me give ya the location of our base: ..."

    2. Re:Google values privacy by ahabswhale · · Score: 1

      Good point. After all, they could make all this stuff that they give away for free and still make a profit without it, right?

      --
      Are agnostics skeptical of unicorns too?
    3. Re:Google values privacy by Anonymous Coward · · Score: 2, Interesting

      I know you're just trying to get a cheap laugh from the paranoid crowd, but this is actually one of the best arguments about why Google will never sell your data to anyone. Analyzing it to make their own services better is the most valuable use for it, so they'd be stupid to let it out of the company.

  7. Effect on Mass Surveillance? by terbeaux · · Score: 1

    One of the main benefits of increasing the amount of encrypted traffic on the Internet is that it makes illegal mass surveillance more difficult. The EFF did this with HTTPS Everywhere.

    Do surveillance agencies have some way of accessing all of this data in spite of it being encrypted in transport?

    1. Re:Effect on Mass Surveillance? by NeilJacklin · · Score: 1

      Potentially, on the other end. That is, we still have to trust the service (search, etc.) provider to not allow snooping of what we, the users, have submitted to them.

    2. Re:Effect on Mass Surveillance? by Anonymous Coward · · Score: 0

      Don't worry, Commander Shepard will storm the Google Offices and get that information. He'll be rewarded with War Assets and an item to give to someone on the Citadel.

    3. Re:Effect on Mass Surveillance? by Anonymous Coward · · Score: 0

      You mean "she"

    4. Re:Effect on Mass Surveillance? by fa2k · · Score: 1

      Do surveillance agencies have some way of accessing all of this data in spite of it being encrypted in transport?

      As the other commenter said, they can probably get it from Google et al.

      As for "in flight": It is quite likely (by my own paranoid estimation only) that governments have access to a SSL root CA. OSes and browsers come installed with hundreds of Root CA certificates, and the gov't would only have to get a private key from one of them to be able to decrypt your SSL tracffic. For example, the makers of Stuxnet got themselves a root CA cert for installing applications (it may not have been strictly needed for that). They would also need to do a man-in-the-midlle attack or DNS poisoning, as in placing a box at the ISP or somewhere between you and Google.

    5. Re:Effect on Mass Surveillance? by fa2k · · Score: 1

      gov't would only have to get a private key from one [CA] to be able to decrypt your SSL tracffic.

      Correction: if you are one of the diligent people who actually clicks on the SSL information dialogue and checks the certificate chain, then they would have to get the right CA in order to fool you.

    6. Re:Effect on Mass Surveillance? by russotto · · Score: 1

      Correction: if you are one of the diligent people who actually clicks on the SSL information dialogue and checks the certificate chain, then they would have to get the right CA in order to fool you.

      I think it's safe to assume that the surveillance agencies of any given government have the private keys of every CA located within their borders. And probably those of their allies, and as many others as they've been able to obtain.

  8. Good news... by QuietLagoon · · Score: 1

    It's great that google continues to put these security improvements into Chrome. But what I also would like to see would be the ability to set a proxy that is not the system proxy, something that IE, Opera and Firefox have been able to to from day 1. Why is Chrome so far behind in this aspect?

    1. Re:Good news... by jones_supa · · Score: 1

      They want to keep the browser simple.

    2. Re:Good news... by Intropy · · Score: 1

      I like to use Proxy Switchy for that.

      https://chrome.google.com/webstore/detail/proxy-switchy/caehdcpeofiiigpdhbabniblemipncjj

  9. SSL for searches is a good idea by dubner · · Score: 3, Interesting

    Using SSL for searches will prevent tragedies such as this.

    (Not the wife and mistress teaming up which can sometimes lead to tragedy. I'm talking about the IT department discovering searches for making poison.)

    --
    Joe

  10. Firefox 14 did this earlier by Anonymous Coward · · Score: 0

    https://bugzilla.mozilla.org/show_bug.cgi?id=633773

    1. Re:Firefox 14 did this earlier by ahabswhale · · Score: 1

      Actually, Chrome has been doing this for a while for users who log into Chrome with their google account. This is just a new thing they are adding for users who are not logged in.

      --
      Are agnostics skeptical of unicorns too?
  11. Security? by Anonymous Coward · · Score: 0

    Oh please. The only thing this secures is the G monopoly.

    Chrome puts us into the digital dark ages - just try to change the default search to DDG or install an addon using a mobile version - doesn't happen.

    Chrome is a scum of the earth browser designed to enslave joe user. EVERYTHING you type into chrome, assume it is logged by G.

  12. DuckDuckGo by Anonymous Coward · · Score: 0

    ...or Chrome users could change their default search engine to DuckDuckGo. I only use Google when I can't find what I'm looking for on DuckDuckGo. In those instances I simply add a !g to my search string, which queries Google -- over SSL, I might add.

    1. Re:DuckDuckGo by jones_supa · · Score: 4, Informative

      For a couple of weeks I tried being a DuckDuckGo rebel, but the search results were so often so much worse than of Google's that it eventually just got too clunky.

    2. Re:DuckDuckGo by Anonymous Coward · · Score: 0

      but the search results were so often so much worse than of Google's that it eventually just got too clunky.

      That's the awkward thing about principles, sometimes they require a little inconvenience. That's why few people exhibit any principles these days, unless the law demands it.

      The more people that stick with DDG the better it will become.

    3. Re:DuckDuckGo by sco08y · · Score: 1

      but the search results were so often so much worse than of Google's that it eventually just got too clunky.

      That's the awkward thing about principles, sometimes they require a little inconvenience. That's why few people exhibit any principles these days, unless the law demands it.

      The more people that stick with DDG the better it will become.

      What principle was this, again?

  13. Works for Chromium? by Compaqt · · Score: 1

    Will this work in the latest Chromium (for Win and for Lin)? Or is it just for the closed-source version of Chrome?

    --
    I'm not a lawyer, but I play one on the Internet. Blog
  14. I don't install Google Products by Frankie70 · · Score: 1

    I use google web stuff, but I don't uninstall their native products. I can't imagine why GTalk client or Chrome require multiple services to be installed on Windows. I don't see any other Browsers or Chat clients installing Windows services.

    1. Re:I don't install Google Products by Frankie70 · · Score: 1

      but I don't uninstall their native products.

      Meant to write "but I don't install their native products".

    2. Re:I don't install Google Products by Anonymous Coward · · Score: 0

      They figured that we can neutralize the services, and decided to dump yet another way of updating their browser silently.
      Chrome and its derivative Rockmelt will drop a plugin into Firefox to try the same update trick.

  15. we promise, no one is gonna by Anonymous Coward · · Score: 0

    see your searches, except us.

    -google

  16. This is not a troll by trifish · · Score: 0

    I'll ask you Googlers out there a simple question:

    Why is Chrome not fully open source? What are you trying to hide?

    BTW, this is not a troll but a reason why I keep using Firefox.

  17. Don't use HTTPS-Everywhere by andreyv · · Score: 1

    It has a major flaw that allows spoofing website addresses: https://trac.torproject.org/projects/tor/ticket/5477

    1. Re:Don't use HTTPS-Everywhere by Anonymous Coward · · Score: 0

      It's just a redirect.
      Why is it any different than any other redirect ?

  18. Re:Translation service by Jorgensen · · Score: 1

    Rubbish. "Omni" comes from Latin, meaning "all"... Surely you must have encountered this prefix before.... "Omnibus", "Omnivor", "Omnidirectional microphone", "Omnipresent Gods" etc etc

  19. I'm Starting To Get Sick Of Google by Anonymous Coward · · Score: 0

    The latest is that most of the youtube videos stopped working with a window of fake "snow" demanding that I download and install a new flash player. No. Get bent.

  20. Not for my work by Mikkeles · · Score: 1

    Where I work, https is, by default, suppressed as they can't do a deep packet analysis of the data exchange. A specific site can be whitelisted for https for work related reasons after vetting.

    --
    Great minds think alike; fools seldom differ.
  21. Great by um...+Lucas · · Score: 1

    I'm not concerned with other actors, I'm concerned with google. When will they release a setting that allows us to prevent them from gathering information on us? Shouldn't be too hard to dish out results without logging them. But yeah, I'd say google is the biggest privacy threat, not "other actors"

  22. They're forcing Google Analytics on webmasters by water-and-sewer · · Score: 1

    I think this is a double edged sword, as everything Internet-related seems to be these days. Yes, they protect the users' search. Sort of. Really, they're just denying access to that data to everyone except themselves, since Google knows damned well what you're searching for. Yes, the user is protected, but they've actually just heightened the walled garden a bit.

    I also wonder if this isn't a push to get web-masters to use their stupid Google Analytics service. I use www.statcounter.com on my websites, and now statcounter can't tell me what searches led users to my site because the things are encrypted. They point out helpfully if I want that information to use Google Analytics' code on my sites instead of statcounter.

    Nice move of a would-be monopolist. I think over all, Analytics is basically good service, but it's sometimes slow, which is why I chose statcounter instead. I hate loading up some guy's blog only to find it pause while it sends out a request to Google analytics. So really what they're doing here is denying data to web-masters that don't sign up for their service....

    Which is a bastard move, if you think about it.

    --
    If this were Usenet, I'd killfile the lot of you.
  23. GoogleSharing add-on by SD-Arcadia · · Score: 1

    I now use the https://addons.mozilla.org/en-us/firefox/addon/googlesharing/ add-on for FF. This is basically a proxy that is used only for your google searches. It stops Google from profiling you based on your IP address when you search by inserting a middle-man. Together with HTTPS-Everywhere and no logins to Google in the browser I think it's a pretty good setup. You have to trust the GoogleSharing people for not doing what Google does to begin with though :)

    --
    https://dalgamotor.wordpress.com/ - Elektronik beyinlere ozgurluk asisi (Turkish)