Slashdot Mirror
Google Chrome 25 Will Serve Searches Over SSL From the Omnibox For All Users
An anonymous reader writes "Google on Friday announced yet another security improvement for Chrome 25. In addition to killing silent extension installation, the omnibox in Google's browser will send all searches over a Secure Sockets Layer (SSL) connection. Chrome already does this for users who are signed in to Google: when they search from the address bar, their queries are sent over HTTPS. As of Chrome 25, however, the same will happen for users who aren't signed in to Google."
good to know that Google values our privacy so much.
Not like that other internet site that sells everything about you except your underwear to the highest bidder, and forces you to use your real name for everything.
Use the HTTPS-anywhere addon, from the EFF (https://www.eff.org/https-everywhere). It has rules that cause Firefox to automatically use HTTPS for dozens of web sites, including Google Search and APIs.
Google does this because they value privacy: the privacy of the data of every aspect of your personal and professional life. The privacy of this data has great value ($$$). Some other company getting hold of this data would certainly lessen its value.
Look where all this talking got us, baby.
I will explain what it means...
You might trust Google, but do you really want to trust them with EVERYTHING? If you separate off your searching to something else, it greatly enhances your privacy, especially since you are not "signed in" to something like Startpage. I am not saying that Startpage is some great, perfect system (pick something else, then). All I am saying is that from a privacy standpoint, it makes sense to not to give ALL your data to one entity. Hence- not putting all your eggs in one basket.
Using SSL for searches will prevent tragedies such as this.
(Not the wife and mistress teaming up which can sometimes lead to tragedy. I'm talking about the IT department discovering searches for making poison.)
--
Joe
1) Chrome is not open source. It is based on Chromium, which is open sourced, but the build Google takes is not identical code. They can put anything in it they wish.
2) Fiddler is a proxy, as such, the browser will know it is not directly connected.
3) Even if one could capture all data as it would normally travel, it doesn't mean one would be able to understand everything it sends. If a blob of data goes to Google at some point, especially when already connecting to their servers with every other page doing adsense, exactly how are we mere, non-Google mortals going to know it is all above-the-board?
4) Again, RLZ might be open source, but their COMPILE of CHROME that contains it is not... so what you see might not be what you get. Open-source projects, like Firefox, Linux, OpenOffice, etc, are examined and compiled by third parties and not primarily distributed as a owner/maker binary. Even Chromium seems to be obfuscated in ways that make it unsuitable for others to compile and distribute: http://ostatic.com/blog/making-projects-easier-to-package-why-chromium-isnt-in-fedora
I am not saying Chrome *is* spyware. But I am saying it has the ability to be, and it might be, and we can't really know. It is being released by a company who has a lot to gain by gathering as much info as possible, and a lot of practice doing so (and a huge, unquestioning following).
For a couple of weeks I tried being a DuckDuckGo rebel, but the search results were so often so much worse than of Google's that it eventually just got too clunky.