Slashdot Mirror
Google To Encrypt All Keyword Searches
Hugh Pickens DOT Com writes "Danny Sullivan reports that in the past month, Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity. In October 2011, Google began encrypting searches for anyone who was logged into Google. The reason given was privacy. Now, Google has flipped on encryption for people who aren't even signed-in. In June, Google was accused of cooperating with the NSA to give the agency instant and direct access to its search data through the PRISM spying program, something the company has strongly denied. 'I suspect the increased encryption is related to Google's NSA-pushback,' writes Sullivan. 'It may also help ease pressure Google's feeling from tiny players like Duck Duck Go making a "secure search" growth pitch to the media.'"
Encrypting the connection between Google and the users isn't going to accomplish anything when the NSA already has full access to Google's servers.
Too little, too late. Way too late.
Chuuch. Preach. Tabernacle.
How is this different from just using HTTPS Everywhere or typing https://google.com/ into the URL bar?
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
So even if Google encrypts all keyword searches, what's to prevent the NSA from pulling an MiTM? Isn't this really just one big false sense of security?
If the goal is to provide privacy for end users in day-to-day browsing from onlookers on a private network or WiFi, I can see this making some sense. To prevent NSA snooping. Not so much.
I'm highly interested in the power consumption implications of this move. I remember reading somewhere that Facebook faced a nontrivial increase in power usage when they switched to https for everything, and for a website like Google, those extra cycles are definitely going to add up.
Anyone from a data center care to comment on this?
Too Late Google, Trust is like a Mirror, Once Broken, It can Never Be as it Once Was...
sorry, ya blew it!
And how this will protect privacy.
Google knows it. NSA shows up at the doors, or dedicated link and gets what it wants.
This may protect against ISP, and other than NSA organizations from getting your searches by old fashionable wire taping.
Thing about DuckDuckGo is... they promise I'm anonymous to them. There's value in that, at least to me.
Google's move is certainly welcome, but all it means is - going forward - only Google will be collecting my information as opposed to Google + NSA.
#DeleteChrome
Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity.
What would encryption do when the NSA has access to the servers?
'I suspect the increased encryption is related to Google's NSA-pushback,'
Except that pushback itself is also pure political theater. Funny how these court challenges only started happening when stuff started to become public.
Google has made their bed. Let them lie in it.
It's called "sleight of hand"
All the same spying equipment is still in use, except now Google has them stuffed up their sleeves instead of in their hands.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Google may be doing this not for privacy reasons at all, but because they intend to sell the exclusive organic click information and don't want third parties having access to the same information they have about those clicks.
I am officially gone from
Still, half of the reason to use Duck Duck Go or some other privacy oriented search engine is not just HTTPS but the fact they don't feed everything you search for into an enormous data mining effort.
Anyway, doesn't the alleged NSA backdoor into Google as part of the PRISM program make any supposed "anti-NSA" stance a completely empty gesture?
The intense backtracking that the PRISM providers have done since the revelations seems very disingenuous.
Look, the actual encryption itself already has an NSA backdoor, both on the sender (you) and receiver end (Google).
Not including the chipset traps built into the waypoints.
This is just so you don't feel like gullible trusting fools while the NSA steals your copywritten information without a court order permitting it to quarter troops (NSA bots) in your house (mobile device, home computer, game console).
But you'll still be gullible trusting fools.
The main reason they did this was the recent hack attacks, actually.
-- Tigger warning: This post may contain tiggers! --
Google is already making my searches https, which is a cruel joke. Google and the NSA have the search on the other side of that https. All it does is make my CPU run hotter. I wonder if Intel asked them to do that.
I've switched to https/ssl DDG, and am much more comfortable searching there because I know that my Google account - which has tentacles everywhere - is not going to magically forget my "don't track my browsing history" setting. The idea that Google could still store the search and connect it to my account is a problem.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
so what are Google going to do when the NSA come to them and demand that they decrypt that data? unless they commit themselves to giving the spooks the finger then this reassurance is worthless.
ixquick already does that with google without any login.
The cynical amongst web analytics professionals accuse Google of hiding organic keyword searches from website operators in order to force them into paying for AdWords with its paid keywords.
When you no longer trust the endpoints, how exactly does this help? Not to mention that SSL itself isn't looking too trustworthy any more.
Many don't know https:// from Google is available, and many advertisers banked on this
to perform deep packet inspection, basically pulling from Google's revenue stream.
This simply stops that from happening; it's not about privacy for Google's user base.
The NSA already has cooper to Goole's servers after things are decrypted.
Just sayin'
Will they make it so that if you arrive on a web page via a google search, the operator of that web page cannot see the search terms that lead you there ? I think that would be an improvement.
I'll still stick with Startpage/Ixquick/Gibiru
Duck Duck Go will never take off until it replaces its absurdly dumb name.
"Yeah just go on the computer and Duck Duck Go that restaraunt"
umm....yeah right.
They do provide a work-around if you define www.google.com as a CNAME for nosslsearch.google.com (for schools, etc, that need to filter things). I implemented this w/o updating DNS or my hosts file by adding a proxy rule that alters the "Host" field in outgoing headers to nosslsearch.google.com to be "www.google.com". It's not perfect, but along with disabling Javascript for Google, it helps a lot.
FWIW, I'm switching to use Startpage and DuckDuckGo - not because of extra privacy, but because they let me customize my results to remove all the crap that Google adds.
It must have been something you assimilated. . . .
A multibillion dollar business cares? SIN
So long as google creates profiles based on those searches, they are still accessable to the Feds, either by purchasing them, even through a strawman if needbe, or by force via subopenea, or other legal sanctions.
"... and possibly to block NSA spying activity."
Take that NSA !
Encrypting the connection between Google and the users isn't going to accomplish anything when the NSA already has full access to Google's servers.
Too little, too late. Way too late.
Plus five on this. Furthermore, Google is trying to make you feel like your searches are private, not recorded and fed to advertisers.
'Ooh, I'm safe because the channel between me and the WORST PRIVACY OFFENDER, outside of Facebook, is encrypted by a technology that recent stories say might be broken by the NSA.'
I notice that all Google search results are actually links that route back through Google before forwarding you to the final target page.
Is there a way to disable that, and have the links go directly to the final target page?
And how can Google possibly claim to offer any privacy as long as the result links go to Google first? Even with encryption, your entire result click history is still sitting on Google servers waiting to be abused by someone.
Google store all searchs in their databases.
Agencies of the US Goverment (NSA, FBI, etc) can access those databases by legal fiat.
So what difference does it make if you encrypt the search as it goes to/from Google?
Well, it's a step in the right direction. If legal fiat can be blocked, then snooping - which the NSA would most likely continue - is also already blocked.
but then I realized I was using chrome :sigh: sometimes I feel like a cat lapping up anti-freeze.
Suppose the NSA gets blocked effectively from my searches, Google and its advertising and data mining machine still have access. In my book of trust private corporations are (just) below government agencies.
SSL is there to keep common snoopers (ISPs, potential identity thieves, punks on the corporate network with wireshark, etc.) from eavesdropping on you. Yeah, the vast resources NSA may very well have the ability to break it, but they're hardly the only threat out there. I'm far more worried about the potential for an identity thief to read my traffic than for the NSA to do so.
The NSA is hardly the biggest threat to your privacy and they're probably not the most dangerous.
The Gospel according to lolcat
Based on that, and on my viewpoint as a Google employee who builds some of the internal security systems that the NSA would have to compromise to snoop, I am completely convinced that Google is telling the truth when it says that it has not given the NSA any sort of direct or indirect access.
I don't know if they are intentionally being this clever - but if the execs were to claim daily that they aren't bending over for the NSA, the day they stop claiming it is the day you know they are bent over by the NSA. In effect, their denials become a "dead man's switch" of sorts that circumvents the inability to tell the world that you have to comply with the NSA's tentacles.
This is foolproof unless the NSA can either 1) forbid the entire populace to cease speaking about the entire topic of surveillance, or 2) compel people to lie.
But even though they've switched on encryption, they still log my IP and my searches, don't they? No, thanks.
I don't trust you anymore
I swear to God...I swear to God! That is NOT how you treat your human!
If I search for "cipher revelation" I get this in the url bar -
https://www.google.com/webhp?hl=en&tab=ww#hl=en&q=cipher+revelation
Does all of this travel in the clear or are the http request args seperated from the dns query and encrypted?
I still can't trust them anymore.
And Google would then turn around ad give the NSA the key to that encryption
Web analytics allow companies and institutions to know what drives traffic to their sites. What is critical to understand is that encrypted search terms do not port to analytics.
In this act of public theater, Google is blinding analytics users by obfuscating search terms.
When users no longer know what search terms drive traffic to their sites, it increases their reliance on AdWords.
And AdWords of course equals profit for Google.
Except that VPN is *not* an encryption method. VPN's use various forms of encryption, but the types/algorithms themselves depend on the VPN itself and/or sometimes user choice.
Saying that the NSA has cracked - say - IPSEC encryption makes sense. Saying that they've cracked "VPN" doesn't make so much sense, unless one specifies the type of VPN.