Skip to comments.Google has reportedly switched all searches over to encrypted searches using HTTPS
Posted on 09/27/2013 3:40:06 PM PDT by matt1234
After having made a big push to increase the use of encrypted searches two years back, Internet search giant Google has apparently cut off keyword data altogether, and has confirmed that it is forwarding users to Google SSL Search even if they are not signed in.
In a statement made earlier this week, Google said that all its users who had logged into its service - for example, to check Gmail - would be forwarded to the Google SSL Search, if they wanted to carry out some online search.
With Google's statement revealing that the company has switched all searches over to encrypted searches using HTTPS, it is quite evident that keyword data will not be passed to site owners any more.
Given the fact that encrypted Google searches do not pass the keyword data through to websites, the ability of the sites to track users with the help of their keyword searches is eliminated. As such, it is not possible for most website owners to segment users by keywords within their web analytics software.
With regard to Google move to cut off keyword data completely, a Google spokesperson told Search Engine Watch: "We added SSL encryption for our signed-in search users in 2011, as well as searches from the Chrome omnibox earlier this year. We're now working to bring this extra protection to more users who are not signed in."
Bout time. Everyone should do this.
Isn’t that checkable?
What good is this if they still hand all your info over the the NSA anyway?
It helps keep random packet sniffers at bay. It doesn’t facilitate the NSA, in theory it stops them from doing anything without Google’s help, which of course they already get, so it doesn’t mean anything on that front.
Oh, sure. NOW you can trust Google, sure.
They’re sorry, and....all that stuff.
NOW they’re really worried about your privacy.
I use Ixquick.com - no tracking. Related to startpage.
Also, everyone should check out some of the privacy and anonymity tools referenced at https://prism-break.org/
Phew. Wipes forehead.
Sorry, I don't understand your question.
They didn’t use that before?
I don't know that it's any good at all, except to google and their friends.
Try https://StartPage.com and soon to come StartMail.com for a more secure experience.
They didnt use that before?
They have been using it for logged-in users for a couple years. Now they are using it for all seaches, regardless of whether the user is logged in.
No doubt the NSA has cracked HTTPS, and want to make sure foreign intel agencies with less advanced IT expertise don’t get free access to the keyword search stream without spending the money/resources to crack HTTPS on their own dime.
It prevents anyone from snooping on your web searches, unless they have the private key for Google's SSL certificate.
Whether anyone but Google has the private key is open to discussion. However, you can configure Firefox (and perhaps Chrome) to only use Diffie-Hellman key exchange. There's no known man-in-the-middle attack for that, even if you have the private key.
Unfortunately, you will find that you can't connect to some secure websites. If I turn off all cipher suites without Diffie-Hellman key exchange, I can't access my bank's website.
could this have anything to do with why
stuff in the google search box (on my
cell) loads really slow? ...for the last 10
days to two weeks
This look like a money grab on google's end and a tremendous blow to small online businesses that analyze keywords to bring in customers.
Could be. HTTPS is slower than standard HTTP. Google searches on my computer are much slower now that they are using HTTPS for all searches.
HTTPS/TLS is not one cipher. Depending on how your browser and the server are configured, you may use 128 or 256 bit AES encryption, or 168 bit triple-DES.
However, if you can obtain the private key for the SSL certificate (by legal or illegal means), you may be able to decode all of the encrypted data. The question is whether you can capture the key.
When you connect to a secure website, you go through a key exchange, and then that symmetric key is used to encrypt the connection. Periodically, the connection resyncs and negotiates a new symmetric key.
So, you have to be able to capture that symmetric key that is exchanged. Even with the private key for the SSL certificate, that's not guaranteed. There is no known man-in-the-middle attack for certain types of key exchanges. But, without the technical knowledge to choose them, you really don't know which key exchange and cipher your browser and the server will negotiate.
Maybe Google wants to corner the market on internet marketing via keyword?
I’ve noticed for me it’s been that way for awhile.
I guess I'm a "techie."
Note the startpage URL starts with https. This indicates it is using the same "protection" that Google now offers. Except startpage.com does not record your IP address, does not scan your searches for marketing purposes and doesn't have a special deal with the NSA to pass your info along to them.
I have several Gmail email accounts. All 100% fake and used when some website insists I "sign up" to get something I want.
Google be damned!
Great story, but unfortunately I am left with no idea of what was done, why it was done, are there any negative consequences, and, if so, is there any fix.
Just because they say there isn’t tracking doesn’t make it true.
If our overlords want the info they will get it. They care not about any law or the 4th Amendment. We have allowed it to happen and now we pay the price.
Obama-loving Google happily sells/gives the info to the gov when asked, no warrants needed
what was done
Previously at google.com, anonymous searches (by non-logged-in users) used the standard protocol for web browsing, namely HTTP. Now they use the HTTPS protocol, which is purportedly more secure because it transmits encrypted data.
why it was done,
Google alleges that it makes your web searches more secure.
are there any negative consequences,
I'm hoping FReeper techies will answer this.
and, if so, is there any fix
I'm hoping FReeper techies will answer this.
It sez it is enhanced by Google.
You are right. The only people who will be able to determine keywords used in Google searches for your site are Google tools.
Yeah. Google enhances your stuff by passing it all to the NSA.
Been using Ixquick for some time - but Uaoo mail won't support it anymore - they did "updates - and I couldn't even open my Yahoo! mail through IE/yahoo.
Said I'd have to download GOOGLE serach.
I said NO
Then they said Chrome
I said HELL NO - and then "FireFox" - Well, after having everything go haywire - and into the wee-wee hours of pulling my hair out - I did a restore and back to what I h ad innitially - got to my emial thru Ixquick and parked an cion on my desktop.
Within 2 days, Yahoo was again blocking me re email box - BUT, the icon works.
However, I'm looking for other safe search sites - I like Ixquick as it was set up in the '90's, and still use it for everythig else... hopefully less likely to be a gov't bait 'n switch...ie, a new "SAFE" search engine that is actualy a direct 'extension cord' to Utah.
Does this facilitate NSA nosiness?
How do you know those aren’t just NSA honey traps?
How do you know they’re safe?
I don't. Go to their web site, look around and make your own decision. Google startpage and read some of the articles on it. Your decision.
If it didn't, would they bother?