Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google To Encrypt All Keyword Searches

Posted by Soulskill on from the did-you-mean-*8ahd2$-#-I3oEf7? dept.

Hugh Pickens DOT Com writes "Danny Sullivan reports that in the past month, Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity. In October 2011, Google began encrypting searches for anyone who was logged into Google. The reason given was privacy. Now, Google has flipped on encryption for people who aren't even signed-in. In June, Google was accused of cooperating with the NSA to give the agency instant and direct access to its search data through the PRISM spying program, something the company has strongly denied. 'I suspect the increased encryption is related to Google's NSA-pushback,' writes Sullivan. 'It may also help ease pressure Google's feeling from tiny players like Duck Duck Go making a "secure search" growth pitch to the media.'"

13 of 224 comments (clear)

  1. Illusion of privacy by NoImNotNineVolt · · Score: 5, Insightful

    Encrypting the connection between Google and the users isn't going to accomplish anything when the NSA already has full access to Google's servers.
    Too little, too late. Way too late.

    --
    Chuuch. Preach. Tabernacle.
    1. Re:Illusion of privacy by geek · · Score: 5, Insightful

      Encrypting the connection between Google and the users isn't going to accomplish anything when the NSA already has full access to Google's servers.

      Too little, too late. Way too late.

      Google has been very adamant that the NSA does not have access to their servers. I don't know if I believe them or not but that is the premise Google is working off of.

      It also means nothing when they cowtow to the national security letters like they do.

    2. Re:Illusion of privacy by thetoadwarrior · · Score: 4, Insightful

      Doesn't really matter. If they're encrypting it then they can decrypt it so if the NSA wants it then they'll have it.

    3. Re:Illusion of privacy by dreamchaser · · Score: 2, Insightful

      Not to mention that the NSA probably has backdoors at most major ISP's and can man-in-the-middle decrypt anything they want. As another poster said, it's more or less over.

    4. Re:Illusion of privacy by LordLimecat · · Score: 2, Insightful

      I dont think you understand how SSL works. Its entire purpose is to defeat MITM.

    5. Re:Illusion of privacy by AlphaWolf_HK · · Score: 3, Insightful

      Even if Google wanted to tell you that the NSA has access to their servers, knowing full well it would kill their bottom line (assuming it would), they'd be forbidden from telling you the truth anyways.

      That's actually the scariest thing.

      --
      Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
    6. Re:Illusion of privacy by Anonymous Coward · · Score: 2, Insightful

      If you want your traffic encrypted, you need to generate your own certificates using software you compiled on multiple independent compilers to counter "trusting trust" after you reviewed the code.

    7. Re:Illusion of privacy by swillden · · Score: 4, Insightful

      Even if Google wanted to tell you that the NSA has access to their servers, knowing full well it would kill their bottom line (assuming it would), they'd be forbidden from telling you the truth anyways.

      True... but I'm not so certain that they could be compelled to lie. When I look at the pattern of public statements and later revisions from all of the big players (telcos and tech companies), I don't see a single case of anyone actually contradicting an earlier statement. It seems to me that they've all been careful to tell the truth, though they've often been careful about how much truth they've told. Government agencies have been caught lying, but they don't have the same legal requirements to citizens as publicly-traded companies have to shareholders.

      Based on that, and on my viewpoint as a Google employee who builds some of the internal security systems that the NSA would have to compromise to snoop, I am completely convinced that Google is telling the truth when it says that it has not given the NSA any sort of direct or indirect access. I'm not certain that the NSA hasn't managed to insert snooping equipment into Google data centers or on Google fiber lines without Google's knowledge. But that's why Google is making a push to get everything encrypted, internally and externally.

      Just to quiet the obvious retort: Yes, I know that won't prevent the government from serving Google with warrants and NSLs and obtaining user data that way. But if they have to do it through the front door, with a request that satisfies Google's attorneys with respect to its propriety and narrow scope, then I think we (as a society) have a much more manageable problem. Still a problem, but one that can be addressed with legislation and better oversight. If the NSA is silently devouring the whole Google data stream... that's an entirely different kettle of fish.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    8. Re:Illusion of privacy by Jah-Wren+Ryel · · Score: 2, Insightful

      But to further the point, it is strongly suspected that SSL is already broken by the NSA, and having certificates is no longer necessary.

      That is outright false. I challenge you to provide a citation to a reasonably authoritative site saying that - basically anybody who isn't a kook. You can't.

      The best you can come up with is that RSA-1024 is easy enough to brute-force with modern equipment. But moving to RSA-2048, as google has already done, still provides very strong protection.

      --
      When information is power, privacy is freedom.
  2. Any different from https://google.com ? by Valdrax · · Score: 3, Insightful

    How is this different from just using HTTPS Everywhere or typing https://google.com/ into the URL bar?

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  3. One down... by 93+Escort+Wagon · · Score: 5, Insightful

    Thing about DuckDuckGo is... they promise I'm anonymous to them. There's value in that, at least to me.

    Google's move is certainly welcome, but all it means is - going forward - only Google will be collecting my information as opposed to Google + NSA.

    --
    #DeleteChrome
  4. Bullshit PR is Bullshit by Guppy06 · · Score: 5, Insightful

    Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity.

    What would encryption do when the NSA has access to the servers?

    'I suspect the increased encryption is related to Google's NSA-pushback,'

    Except that pushback itself is also pure political theater. Funny how these court challenges only started happening when stuff started to become public.

    Google has made their bed. Let them lie in it.

  5. This isn't just about the NSA by Monsuco · · Score: 4, Insightful

    SSL is there to keep common snoopers (ISPs, potential identity thieves, punks on the corporate network with wireshark, etc.) from eavesdropping on you. Yeah, the vast resources NSA may very well have the ability to break it, but they're hardly the only threat out there. I'm far more worried about the potential for an identity thief to read my traffic than for the NSA to do so.

    The NSA is hardly the biggest threat to your privacy and they're probably not the most dangerous.

    --
    The Gospel according to lolcat