Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google To Encrypt All Keyword Searches

Posted by Soulskill on from the did-you-mean-*8ahd2$-#-I3oEf7? dept.

Hugh Pickens DOT Com writes "Danny Sullivan reports that in the past month, Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity. In October 2011, Google began encrypting searches for anyone who was logged into Google. The reason given was privacy. Now, Google has flipped on encryption for people who aren't even signed-in. In June, Google was accused of cooperating with the NSA to give the agency instant and direct access to its search data through the PRISM spying program, something the company has strongly denied. 'I suspect the increased encryption is related to Google's NSA-pushback,' writes Sullivan. 'It may also help ease pressure Google's feeling from tiny players like Duck Duck Go making a "secure search" growth pitch to the media.'"

45 of 224 comments (clear)

  1. Illusion of privacy by NoImNotNineVolt · · Score: 5, Insightful

    Encrypting the connection between Google and the users isn't going to accomplish anything when the NSA already has full access to Google's servers.
    Too little, too late. Way too late.

    --
    Chuuch. Preach. Tabernacle.
    1. Re:Illusion of privacy by geek · · Score: 5, Insightful

      Encrypting the connection between Google and the users isn't going to accomplish anything when the NSA already has full access to Google's servers.

      Too little, too late. Way too late.

      Google has been very adamant that the NSA does not have access to their servers. I don't know if I believe them or not but that is the premise Google is working off of.

      It also means nothing when they cowtow to the national security letters like they do.

    2. Re:Illusion of privacy by thetoadwarrior · · Score: 4, Insightful

      Doesn't really matter. If they're encrypting it then they can decrypt it so if the NSA wants it then they'll have it.

    3. Re:Illusion of privacy by dreamchaser · · Score: 2, Insightful

      Not to mention that the NSA probably has backdoors at most major ISP's and can man-in-the-middle decrypt anything they want. As another poster said, it's more or less over.

    4. Re:Illusion of privacy by LordLimecat · · Score: 2, Insightful

      I dont think you understand how SSL works. Its entire purpose is to defeat MITM.

    5. Re:Illusion of privacy by AlphaWolf_HK · · Score: 3, Insightful

      Even if Google wanted to tell you that the NSA has access to their servers, knowing full well it would kill their bottom line (assuming it would), they'd be forbidden from telling you the truth anyways.

      That's actually the scariest thing.

      --
      Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
    6. Re:Illusion of privacy by dreamchaser · · Score: 3, Informative

      I understand how it works, and there are plenty of devices that do exactly that with SSL traffic. If they can intercept the traffic and have compromised the certificates, which is certainly possible if not definite, they can decrypt it without the user ever knowing. There are even commercial devices that do exactly that.

    7. Re:Illusion of privacy by jafiwam · · Score: 4, Informative

      I dont think you understand how SSL works. Its entire purpose is to defeat MITM.

      And YOU don't understand what would happen if "the man" in the middle has access to the certificates, either the masters or the actual certificates themselves.

      Do you really think "mysecretdomain.com" certificate from shitty ass low cost certificate provider doesn't have a duplicate key on file at Comodo, Network Solutions, GoDaddy or TwoCows or whatever?

      They don't have to brute force or hack anything if they have an appliance in the middle that automatically grabs the certificate from the certificate issuer and spoofs both sides of the connection.

      If you want your traffic encrypted, you need to generate your own certificates using software you compiled after you reviewed the code.

    8. Re:Illusion of privacy by usuallylost · · Score: 4, Interesting

      Do not put to much confidence in SSL. I have tested several firewall products that allow corporations to decrypt SSL traffic coming into their networks. Basically all they need is the ability put a trusted cert on the machine and force you to use a proxy. On a lot of corporate networks your SSL traffic is being decrypted and scanned. My guess is the NSA can do the same thing to you pretty much anytime they want.

    9. Re:Illusion of privacy by fustakrakich · · Score: 4, Funny

      ...it still is a very string possibility.

      Only in theory...

      --
      “He’s not deformed, he’s just drunk!”
    10. Re:Illusion of privacy by X0563511 · · Score: 2

      The NSA doesn't have to have access to the servers if all network traffic is also sent into the NSA's special rack...

      Back when I worked in a hosting center the FBI had a little group of machines that were theirs and we were hands-off. Our network admin would occasionally get requests to have traffic to/from particular IPs routed to their "playpen" and he would comply - while this meant they got everything they wanted, nobody was granted any access to someone's server.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    11. Re:Illusion of privacy by Anonymous Coward · · Score: 2, Insightful

      If you want your traffic encrypted, you need to generate your own certificates using software you compiled on multiple independent compilers to counter "trusting trust" after you reviewed the code.

    12. Re:Illusion of privacy by icebike · · Score: 4, Informative

      I dont think you understand how SSL works. Its entire purpose is to defeat MITM.

      And YOU don't understand what would happen if "the man" in the middle has access to the certificates, either the masters or the actual certificates themselves.

      Do you really think "mysecretdomain.com" certificate from shitty ass low cost certificate provider doesn't have a duplicate key on file at Comodo, Network Solutions, GoDaddy or TwoCows or whatever?

      They don't have to brute force or hack anything if they have an appliance in the middle that automatically grabs the certificate from the certificate issuer and spoofs both sides of the connection.

      If you want your traffic encrypted, you need to generate your own certificates using software you compiled after you reviewed the code.

      Was going to post exactly this!.

      But to further the point, it is strongly suspected that SSL is already broken by the NSA, and having certificates is no longer necessary.

      Google publishes its own certificate. I don't think its signed by anyone but Google, a sign they have totally given up on corrupt certification companies.
      They also have changed it occasionally. I notice this when my more selective operating systems prompt me to accept new certificates for some Google Services, that they were happy to use yesterday. (These are always sort of scary events that warrant close inspection).

      --
      Sig Battery depleted. Reverting to safe mode.
    13. Re:Illusion of privacy by swillden · · Score: 4, Insightful

      Even if Google wanted to tell you that the NSA has access to their servers, knowing full well it would kill their bottom line (assuming it would), they'd be forbidden from telling you the truth anyways.

      True... but I'm not so certain that they could be compelled to lie. When I look at the pattern of public statements and later revisions from all of the big players (telcos and tech companies), I don't see a single case of anyone actually contradicting an earlier statement. It seems to me that they've all been careful to tell the truth, though they've often been careful about how much truth they've told. Government agencies have been caught lying, but they don't have the same legal requirements to citizens as publicly-traded companies have to shareholders.

      Based on that, and on my viewpoint as a Google employee who builds some of the internal security systems that the NSA would have to compromise to snoop, I am completely convinced that Google is telling the truth when it says that it has not given the NSA any sort of direct or indirect access. I'm not certain that the NSA hasn't managed to insert snooping equipment into Google data centers or on Google fiber lines without Google's knowledge. But that's why Google is making a push to get everything encrypted, internally and externally.

      Just to quiet the obvious retort: Yes, I know that won't prevent the government from serving Google with warrants and NSLs and obtaining user data that way. But if they have to do it through the front door, with a request that satisfies Google's attorneys with respect to its propriety and narrow scope, then I think we (as a society) have a much more manageable problem. Still a problem, but one that can be addressed with legislation and better oversight. If the NSA is silently devouring the whole Google data stream... that's an entirely different kettle of fish.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    14. Re:Illusion of privacy by vadim_t · · Score: 2

      It's got nothing to do with the private key.

      NSA goes to Verisign (for instance). Says "please sign our key for google.com". Verisign signs it. NSA intercepts traffic between google.com and you. Browser deems cert as valid, as Verisign signed it, and you seem to be connecting to google.com.

      The CA system is weak because so long the connection is signed by a CA in the browser's list, the browser doesn't care which it is, even if it changes on a daily basis. If you can convince any CA in the list to sign what you need, you have a way to set up a MITM attack the browser won't warn you about.

    15. Re:Illusion of privacy by Jah-Wren+Ryel · · Score: 2, Insightful

      But to further the point, it is strongly suspected that SSL is already broken by the NSA, and having certificates is no longer necessary.

      That is outright false. I challenge you to provide a citation to a reasonably authoritative site saying that - basically anybody who isn't a kook. You can't.

      The best you can come up with is that RSA-1024 is easy enough to brute-force with modern equipment. But moving to RSA-2048, as google has already done, still provides very strong protection.

      --
      When information is power, privacy is freedom.
    16. Re:Illusion of privacy by headhot · · Score: 2

      if the RNG that the RSA encryption is based on is compromised, the encryption is compromised.

    17. Re:Illusion of privacy by icebike · · Score: 4, Informative

      That is outright false. I challenge you to provide a citation to a reasonably authoritative site saying that - basically anybody who isn't a kook. You can't.

      Clearly you phrased it that way so you could reject any site I offered, based on your own myopic view point.

      So here are the rules:
      You don't get to reject any source! You have to invalidate every one of these and all of their claims.
      After all, extraordinary claims of something being "outright false" require extraordinary proof.

      http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=2&_r=0
      http://nakedsecurity.sophos.com/2013/03/16/has-https-finally-been-cracked/
      http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
      http://www.theregister.co.uk/2013/09/05/nsa_gchq_ssl_reports/
      http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/
      http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/

      --
      Sig Battery depleted. Reverting to safe mode.
    18. Re:Illusion of privacy by bertok · · Score: 2

      The weak point is not with the mathematics. It's like claiming nobody can break into your house because you have a solid steel door, but at the same time you have glass windows.

      The weakness in SSL is the trust you have to place in the CA infrastructure, none of which is really that secure. Your browser will trust any valid certificate rooted in a trusted CA. There's no need to crack the keys of the certificates issued by Google. Keys have leaked, CAs have been hacked, intermediate authority certificates are often very weak (512bits), and the NSA could simply issue an order to a US corporation under national security to provide them with whatever key material they desire. The Stuxnet worm is a great real-world example of this happening: its creators used private keys stolen by intelligence agencies to create fake device driver code signing certificates.

      Not to mention that it wouldn't be a difficult for an agency with the resources of the NSA or the CIA to simply infiltrate larger IT organisations such as Google and make copies of their private keys. That way they could man-in-the-middle without having to change the certificate fingerprint.

      That's all academic anyway, the rumours are that the NSA doesn't have to bother decrypting anything because they have moles inside all large organisations that provide them with the plain text content directly whenever they want. This wouldn't even require that many people. Just by having someone in the top-5 ISPs, Apple, Google, Microsoft, IBM, Oracle, and Amazon you'd basically ensure coverage of the core "cloud" services that most computers connect to on a daily basis.

    19. Re:Illusion of privacy by icebike · · Score: 3, Informative

      Exactly as predicted, you toss out the evidence and strut off snorting.

      Here it is direct from Snowden:

      http://swampland.time.com/2013/09/05/five-revelations-from-snowdens-newest-leak/

      The full extent of the NSA’s highly classified encryption cracking program Bullrun is only known by top officials in the NSA and its counterpart agencies in Britain, Canada, Australia and New Zealand. Bullrun has successfully foiled several of the world’s standard encryption methods, including SSL (Secure Sockets Layer), VPN (virtual private networks), and the encryption on 4G (fourth generation) smartphones.

      Care to refute Snowden?

      We are going back to my rules:

      Prove your point about it being outright false or STFU.

      --
      Sig Battery depleted. Reverting to safe mode.
    20. Re:Illusion of privacy by iiiears · · Score: 2

      Always pleased to read an informed opinion on slashdot.

      I was fascinated by the news of stuxnet and persistent rootkits. Nearly everything connected to a data bus has firmware. How likely is it that embedded devices would be compromised?

      It was surprising to me even the simplest hard disk has three controller CPUs, RAM and ROM.

      Thank you again for making slashdot a site about technology.
       

      --
      15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
    21. Re:Illusion of privacy by LordLimecat · · Score: 2

      The amount of outright ignorance in this thread is staggering-- from faulty assumptions that Dual EC DRBG usage was widespread, to the implication that TuCows somehow has a copy of your private key, to the assumption that SSL can just be "MITM'd".

    22. Re:Illusion of privacy by slimjim8094 · · Score: 2

      Chrome has certificate pinning. Basically it means that if you access a Google property, it's checking for a specific certificate - not just any old cert signed by any old CA. Sure, this doesn't help you if you're not using Chrome, but if the NSA was trying to do a blanket MITM, all Chrome browsers would blow up and you'd definitely hear about it.

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
    23. Re:Illusion of privacy by TheGratefulNet · · Score: 3, Interesting

      I personally interviewed at places that were proud of their MitM ssl cert attacks. this was more than 5 yrs ago, too, when almost no one believed this was happening. (no, I didn't take the job, it sickened me to think of myself helping them out).

      if you are using a work-provided computer that had the IT group installed o/s, you can't trust it. if you installed your own o/s and never gave root privs to anyone, you may be able to trust it and it should find a 'fishy' cert being pushed on you when you go thru the corp firewall.

      I tell people this: if you use a work-provided system, you should not do anything personal on it (no banking, etc). that little lock icon means nothing anymore and we should all be aware of this.

      --

      --
      "It is now safe to switch off your computer."
    24. Re:Illusion of privacy by russotto · · Score: 2

      Verisign's roots are included by default. If you think the NSA doesn't have the private key for all US based certificate authorities, you're not nearly paranoid enough. And there's no way they don't have Verisign's; Verisign is far too cozy with the government.
       

    25. Re:Illusion of privacy by matthewv789 · · Score: 2

      Not even that. The US Government has certificate signing power already. They don't need to copy any existing certificates, they can just generate and sign a certificate for whatever domain they want to MITM, and it will be accepted by the major browsers. If they don't have the cooperation of the ISP, they can easily hack a router.

      Reference: http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf

      We really need a new system of trust. Some mechanisms are in place to be more trustworthy, but they're not being used. For instance, the US Government COULD be empowered to sign certificates only for .gov or .mil domains. But, like nearly all entities with signing authority, they can sign certificates for ANY domain.

    26. Re:Illusion of privacy by matthewv789 · · Score: 2

      SSL can be MITM'd so long as you can sign a certificate in a way trusted by web browsers. And it turns out quite a number of branches of the US Government are among the nearly 2000 entities with the ability to sign certificates for any domain that will be accepted by web browsers as valid and trusted (which I did not know previously). See http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf

      And RSA did recently ask developers to stop using all versions of the BSAFE toolikit (including Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, and SSL-C), which default to using Dual EC DRBG, and for all customers of RSA Data Protection Manager (DPM) server and clients to change the pseudo random number generator in use, since it also defaults to using Dual EC DRBG. See http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/

    27. Re:Illusion of privacy by matthewv789 · · Score: 2

      Yes, this.

      "We also saw a number of commercial authorities that provided a smaller number of certificates to seemingly unrelated entities. For example, VeriSign, Inc. provided intermediates for Oracle, Symantec, and the U.S. Government"

      Source: http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf

      Your browser trusts VeriSign, so your browser trusts the US Government, and not just one signing certificate, a bunch of them:

      "All but a handful of the authorities 4 or more intermediates away from a browser-trusted root belonged to agencies within the U.S. Federal Government."

      In all, their most recent survey found that 85 government agencies (from around the world, not just US, but quite probably MOSTLY US) had signed 17,865 certificates in active use. In almost all cases, any entity with signing authority is able to sign certificates for ANY domain. And of course such a survey is unlikely to notice any targeted MITMs against a particular suspect.

    28. Re: Illusion of privacy by LordLimecat · · Score: 2

      Why would it surface? They do not need to fake anything if they have all the keys incl. private keys.

      THEY DONT HAVE the private keys. NOONE has the private keys except for the individual or company who initiated the certificate request. You create a CSR and a private key, you send the CSR to GoDaddy, they provide you with a signed public cert.

      The ONLY way for them to intercept SSL is to create their own certificate for google.com and sign it with their own root cert. When they do that, and you go to google, you can EASILY verify who signed the cert, and if its the DoD you can just rip that root CA out of your list. Problem solved, and noone will ever trust DoD root certs again.

      People need to stop talking about SSL when they dont understand it-- its seriously annoying that people seem to assume that they understand cryptography better than the folks who set the system up, when they havent even bothered to research how it works.

  2. Any different from https://google.com ? by Valdrax · · Score: 3, Insightful

    How is this different from just using HTTPS Everywhere or typing https://google.com/ into the URL bar?

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
    1. Re:Any different from https://google.com ? by bill_mcgonigle · · Score: 2

      It's actually pretty important, due to a design problem with Chromium - the unified search and URL field.

      Let's say you want to search. You type 'news for nerds' in the field, and Google auto-completes as it goes. Each keypress you send to Google gives you updated search results. OK, you were going to send it to Google anyway, so you kinda accept that.

      Now, instead, you type: s-l-a-s-h-d--o-t-.-o-r-g and those are all sent to Google. Suddenly Google knows about all the *non-Google* websites you're visiting. And if it's not encrypted, NSA's PRISM scoops it up too. They don't have to tap your ISP, they've got it at Google's end. aka, "Dude, you've got Chrome!"

      Encrypted is better, but only because the NSA is out of the equation (maybe), but Google isn't. If you're going to visit a website you don't want Google to know about, then you better not use Chrome, or find the knowledgebase article about how to disable it. To their credit, it's called out explicitly in their privacy policy, but in reality hardly anybody reads those (perhaps we need a privacy policy taxonomy).

      Firefox's approach is better - there's a box where you can tell your search engine stuff, and there's a box where you can put in website addresses without anybody but your ISP and their ISP knowing about it. Well, unless the NSA has that tapped too.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  3. Power Implications by Anonymous Coward · · Score: 4, Interesting

    I'm highly interested in the power consumption implications of this move. I remember reading somewhere that Facebook faced a nontrivial increase in power usage when they switched to https for everything, and for a website like Google, those extra cycles are definitely going to add up.

    Anyone from a data center care to comment on this?

    1. Re:Power Implications by Anonymous Coward · · Score: 5, Informative

      According to one of the head Google staffers responsible for their SSL/TLS operations, it's pretty much a non-issue: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

      It basically ended up adding less than 1% to the CPU overhead for their servers, didn't require special hardware, and didn't involve any new systems.

  4. One down... by 93+Escort+Wagon · · Score: 5, Insightful

    Thing about DuckDuckGo is... they promise I'm anonymous to them. There's value in that, at least to me.

    Google's move is certainly welcome, but all it means is - going forward - only Google will be collecting my information as opposed to Google + NSA.

    --
    #DeleteChrome
    1. Re:One down... by ortholattice · · Score: 2

      Doesn't DuckDuckGo have US servers? I would trust ixquick.com more.

  5. Bullshit PR is Bullshit by Guppy06 · · Score: 5, Insightful

    Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity.

    What would encryption do when the NSA has access to the servers?

    'I suspect the increased encryption is related to Google's NSA-pushback,'

    Except that pushback itself is also pure political theater. Funny how these court challenges only started happening when stuff started to become public.

    Google has made their bed. Let them lie in it.

    1. Re:Bullshit PR is Bullshit by Anonymous Coward · · Score: 2, Informative

      STFU and do your research,

      >Funny how these court challenges only started happening when stuff started to become public.

      https://www.eff.org/who-has-your-back-2013

      Why don't you read about the companies that were pushing back before this even got announced. There are similar tables for 2012 and 2011. You'll note that Google was up there, but few others were.

      The moderators need to be sacked again... Any by sacked, I also mean "kicked in the balls".

    2. Re:Bullshit PR is Bullshit by Seumas · · Score: 2

      The whole Google/Yahoo/Facebook/Whoever + NSA thing is like this:

      You're making out with a chick that is maybe not so hot. You're having a good time and you're both getting your rocks off, but you wouldn't want your friends and family to catch you.

      One day, your buddies drop on by early and catch you mac'n on said girl. Startled, you push her away and are very vocally all "eeew yuck! Get off me! what are you doing?!" and telling your friends (who keep teasing you about it for the next month) about how you two totally were not making out and how you totally are not into her and you didn't want to make out with her and would never do so in a million years.

      But you go back to making out with her, anyway. You're just way more careful about making sure you don't get caught.

  6. Different reason cited in TFA by dkleinsc · · Score: 3, Informative

    Google may be doing this not for privacy reasons at all, but because they intend to sell the exclusive organic click information and don't want third parties having access to the same information they have about those clicks.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  7. Better than nothing, I suppose. by gallondr00nk · · Score: 2

    Still, half of the reason to use Duck Duck Go or some other privacy oriented search engine is not just HTTPS but the fact they don't feed everything you search for into an enormous data mining effort.

    Anyway, doesn't the alleged NSA backdoor into Google as part of the PRISM program make any supposed "anti-NSA" stance a completely empty gesture?

    The intense backtracking that the PRISM providers have done since the revelations seems very disingenuous.

  8. Too little too late by intermodal · · Score: 2

    I've switched to https/ssl DDG, and am much more comfortable searching there because I know that my Google account - which has tentacles everywhere - is not going to magically forget my "don't track my browsing history" setting. The idea that Google could still store the search and connect it to my account is a problem.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
    1. Re:Too little too late by intermodal · · Score: 2

      it's crazy to me that I'm left thinking how much better off we were when we had pre-Microsoft hotmail and geocities, all from public terminals. I was basically untraceable, as I didn't even have Internet at home. At best, they could have come up with a city...if the hosts even had enough storage devoted to logs for that data to even exist.

      --
      In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  9. Actually... by fahrbot-bot · · Score: 4, Interesting

    ...what it does is prevent my proxy/filter (Proxomitron) from altering queries and result pages, like stripping out the link redirects, disabling the Toolbar, Suggestions, Instant, etc...

    They do provide a work-around if you define www.google.com as a CNAME for nosslsearch.google.com (for schools, etc, that need to filter things). I implemented this w/o updating DNS or my hosts file by adding a proxy rule that alters the "Host" field in outgoing headers to nosslsearch.google.com to be "www.google.com". It's not perfect, but along with disabling Javascript for Google, it helps a lot.

    FWIW, I'm switching to use Startpage and DuckDuckGo - not because of extra privacy, but because they let me customize my results to remove all the crap that Google adds.

    --
    It must have been something you assimilated. . . .
  10. This isn't just about the NSA by Monsuco · · Score: 4, Insightful

    SSL is there to keep common snoopers (ISPs, potential identity thieves, punks on the corporate network with wireshark, etc.) from eavesdropping on you. Yeah, the vast resources NSA may very well have the ability to break it, but they're hardly the only threat out there. I'm far more worried about the potential for an identity thief to read my traffic than for the NSA to do so.

    The NSA is hardly the biggest threat to your privacy and they're probably not the most dangerous.

    --
    The Gospel according to lolcat
  11. Nice try by GodfatherofSoul · · Score: 2

    I don't trust you anymore

    --
    I swear to God...I swear to God! That is NOT how you treat your human!