Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Google has reportedly switched all searches over to encrypted searches using HTTPS
topnews.us ^ | 09/26/2013 | Ingela Maledevic

Posted on 09/27/2013 3:40:06 PM PDT by matt1234

After having made a big push to increase the use of encrypted searches two years back, Internet search giant Google has apparently cut off keyword data altogether, and has confirmed that it is forwarding users to Google SSL Search even if they are not signed in.

In a statement made earlier this week, Google said that all its users who had logged into its service - for example, to check Gmail - would be forwarded to the Google SSL Search, if they wanted to carry out some online search.

With Google's statement revealing that the company has switched all searches over to encrypted searches using HTTPS, it is quite evident that keyword data will not be passed to site owners any more.

Given the fact that encrypted Google searches do not pass the keyword data through to websites, the ability of the sites to track users with the help of their keyword searches is eliminated. As such, it is not possible for most website owners to segment users by keywords within their web analytics software.

With regard to Google move to cut off keyword data completely, a Google spokesperson told Search Engine Watch: "We added SSL encryption for our signed-in search users in 2011, as well as searches from the Chrome omnibox earlier this year. We're now working to bring this extra protection to more users who are not signed in."



TOPICS: Business/Economy; Technical
KEYWORDS: google; https; it; ssl
Techies, please weigh in with your insights. What are the implications of this change? Does this facilitate NSA snooping?
1 posted on 09/27/2013 3:40:06 PM PDT by matt1234
[ Post Reply | Private Reply | View Replies]

To: matt1234

Bout time. Everyone should do this.


2 posted on 09/27/2013 3:41:49 PM PDT by RIghtwardHo
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

Isn’t that checkable?


3 posted on 09/27/2013 3:42:16 PM PDT by GeronL
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

What good is this if they still hand all your info over the the NSA anyway?


4 posted on 09/27/2013 3:43:07 PM PDT by arista
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

It helps keep random packet sniffers at bay. It doesn’t facilitate the NSA, in theory it stops them from doing anything without Google’s help, which of course they already get, so it doesn’t mean anything on that front.


5 posted on 09/27/2013 3:44:01 PM PDT by discostu (This is Jack Burton in the Pork Chop Express, and I'm talkin' to whoever's listenin' out there.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

Oh, sure. NOW you can trust Google, sure.

They’re sorry, and....all that stuff.

NOW they’re really worried about your privacy.


6 posted on 09/27/2013 3:44:34 PM PDT by gaijin
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

Ya think?


7 posted on 09/27/2013 3:46:23 PM PDT by RobertoinAL
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

I use Ixquick.com - no tracking. Related to startpage.

Also, everyone should check out some of the privacy and anonymity tools referenced at https://prism-break.org/


8 posted on 09/27/2013 3:47:15 PM PDT by NewHampshireDuo
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

I noticed.


9 posted on 09/27/2013 3:49:28 PM PDT by Red Steel
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234
Well okay then. Everything's fine now; we can stop worrying. It was so much easier than I thought it would be. The joke is on the NSA, that giant new building going to waste and all.

Phew. Wipes forehead.

10 posted on 09/27/2013 3:49:37 PM PDT by Bronzewound (Lost Hope & Loose Change)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL
Isn’t that checkable?

Sorry, I don't understand your question.

11 posted on 09/27/2013 3:52:34 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 3 | View Replies]

To: matt1234

https://

They didn’t use that before?


12 posted on 09/27/2013 3:54:38 PM PDT by GeronL
[ Post Reply | Private Reply | To 11 | View Replies]

To: arista
What good is this if they still hand all your info over the the NSA anyway?

I don't know that it's any good at all, except to google and their friends.

13 posted on 09/27/2013 3:56:01 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 4 | View Replies]

To: matt1234

Try https://StartPage.com and soon to come StartMail.com for a more secure experience.


14 posted on 09/27/2013 3:56:50 PM PDT by Adult Dog
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL
https://

They didn’t use that before?

They have been using it for logged-in users for a couple years. Now they are using it for all seaches, regardless of whether the user is logged in.

15 posted on 09/27/2013 3:58:39 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 12 | View Replies]

To: matt1234

No doubt the NSA has cracked HTTPS, and want to make sure foreign intel agencies with less advanced IT expertise don’t get free access to the keyword search stream without spending the money/resources to crack HTTPS on their own dime.


16 posted on 09/27/2013 4:00:17 PM PDT by JerseyHighlander
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234
Does this facilitate NSA snooping?

It prevents anyone from snooping on your web searches, unless they have the private key for Google's SSL certificate.

Whether anyone but Google has the private key is open to discussion. However, you can configure Firefox (and perhaps Chrome) to only use Diffie-Hellman key exchange. There's no known man-in-the-middle attack for that, even if you have the private key.

Unfortunately, you will find that you can't connect to some secure websites. If I turn off all cipher suites without Diffie-Hellman key exchange, I can't access my bank's website.

17 posted on 09/27/2013 4:02:32 PM PDT by justlurking (tagline removed, as demanded by Admin Moderator)
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

could this have anything to do with why
stuff in the google search box (on my
cell) loads really slow? ...for the last 10
days to two weeks


18 posted on 09/27/2013 4:02:37 PM PDT by krunkygirl (force multiplier in effect...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RIghtwardHo
Bout time. Everyone should do this.

Why?

19 posted on 09/27/2013 4:03:22 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 2 | View Replies]

To: matt1234
I don't see this as protecting you from governments at all

This look like a money grab on google's end and a tremendous blow to small online businesses that analyze keywords to bring in customers.

20 posted on 09/27/2013 4:05:06 PM PDT by ClaytonP
[ Post Reply | Private Reply | To 1 | View Replies]

To: krunkygirl
could this have anything to do with why stuff in the google search box (on my cell) loads really slow?

Could be. HTTPS is slower than standard HTTP. Google searches on my computer are much slower now that they are using HTTPS for all searches.

21 posted on 09/27/2013 4:07:55 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 18 | View Replies]

To: JerseyHighlander
No doubt the NSA has cracked HTTPS

HTTPS/TLS is not one cipher. Depending on how your browser and the server are configured, you may use 128 or 256 bit AES encryption, or 168 bit triple-DES.

However, if you can obtain the private key for the SSL certificate (by legal or illegal means), you may be able to decode all of the encrypted data. The question is whether you can capture the key.

When you connect to a secure website, you go through a key exchange, and then that symmetric key is used to encrypt the connection. Periodically, the connection resyncs and negotiates a new symmetric key.

So, you have to be able to capture that symmetric key that is exchanged. Even with the private key for the SSL certificate, that's not guaranteed. There is no known man-in-the-middle attack for certain types of key exchanges. But, without the technical knowledge to choose them, you really don't know which key exchange and cipher your browser and the server will negotiate.

22 posted on 09/27/2013 4:09:28 PM PDT by justlurking (tagline removed, as demanded by Admin Moderator)
[ Post Reply | Private Reply | To 16 | View Replies]

To: justlurking
It prevents anyone from snooping on your web searches, unless they have the private key for Google's SSL certificate.

Maybe Google wants to corner the market on internet marketing via keyword?

23 posted on 09/27/2013 4:11:28 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 17 | View Replies]

To: matt1234

I’ve noticed for me it’s been that way for awhile.


24 posted on 09/27/2013 4:11:54 PM PDT by dfwgator
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234
Techies, please weigh in with your insights.

I guess I'm a "techie."

I quit using Google search a long time ago. I use https://startpage.com/, a completely private search engine. More info here.

Note the startpage URL starts with https. This indicates it is using the same "protection" that Google now offers. Except startpage.com does not record your IP address, does not scan your searches for marketing purposes and doesn't have a special deal with the NSA to pass your info along to them.

I have several Gmail email accounts. All 100% fake and used when some website insists I "sign up" to get something I want.

Google be damned!

25 posted on 09/27/2013 4:12:38 PM PDT by upchuck (nobamacare must be stopped before it can live down to our expectations.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: matt1234

Great story, but unfortunately I am left with no idea of what was done, why it was done, are there any negative consequences, and, if so, is there any fix.


26 posted on 09/27/2013 4:31:24 PM PDT by Marylander
[ Post Reply | Private Reply | To 1 | View Replies]

To: NewHampshireDuo

Just because they say there isn’t tracking doesn’t make it true.

If our overlords want the info they will get it. They care not about any law or the 4th Amendment. We have allowed it to happen and now we pay the price.


27 posted on 09/27/2013 4:32:13 PM PDT by unixfox (Abolish Slavery, Repeal the 16th Amendment)
[ Post Reply | Private Reply | To 8 | View Replies]

To: unixfox

Obama-loving Google happily sells/gives the info to the gov when asked, no warrants needed


28 posted on 09/27/2013 4:33:36 PM PDT by GeronL
[ Post Reply | Private Reply | To 27 | View Replies]

To: Marylander
Great story, but unfortunately I am left with no idea of what was done, why it was done, are there any negative consequences, and, if so, is there any fix.

what was done

Previously at google.com, anonymous searches (by non-logged-in users) used the standard protocol for web browsing, namely HTTP. Now they use the HTTPS protocol, which is purportedly more secure because it transmits encrypted data.

why it was done,

Google alleges that it makes your web searches more secure.

are there any negative consequences,

I'm hoping FReeper techies will answer this.

and, if so, is there any fix

I'm hoping FReeper techies will answer this.

29 posted on 09/27/2013 4:44:58 PM PDT by matt1234 (The NRA: Redefining "Too big to fail.")
[ Post Reply | Private Reply | To 26 | View Replies]

To: upchuck

It sez it is enhanced by Google.


30 posted on 09/27/2013 5:25:47 PM PDT by headstamp 2 (What would Scooby do?)
[ Post Reply | Private Reply | To 25 | View Replies]

To: ClaytonP

You are right. The only people who will be able to determine keywords used in Google searches for your site are Google tools.


31 posted on 09/27/2013 5:31:08 PM PDT by RightGeek (FUBO and the donkey you rode in on)
[ Post Reply | Private Reply | To 20 | View Replies]

To: headstamp 2
It sez it is enhanced by Google.

Yeah. Google enhances your stuff by passing it all to the NSA.

32 posted on 09/27/2013 5:53:49 PM PDT by upchuck (nobamacare must be stopped before it can live down to our expectations.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: NewHampshireDuo
I use Ixquick.com - no tracking.

Been using Ixquick for some time - but Uaoo mail won't support it anymore - they did "updates - and I couldn't even open my Yahoo! mail through IE/yahoo.

Said I'd have to download GOOGLE serach.

I said NO

Then they said Chrome

I said HELL NO - and then "FireFox" - Well, after having everything go haywire - and into the wee-wee hours of pulling my hair out - I did a restore and back to what I h ad innitially - got to my emial thru Ixquick and parked an cion on my desktop.

Within 2 days, Yahoo was again blocking me re email box - BUT, the icon works.

However, I'm looking for other safe search sites - I like Ixquick as it was set up in the '90's, and still use it for everythig else... hopefully less likely to be a gov't bait 'n switch...ie, a new "SAFE" search engine that is actualy a direct 'extension cord' to Utah.

33 posted on 09/27/2013 6:24:40 PM PDT by maine-iac7 (Christian is as Christian does - by their fruits)
[ Post Reply | Private Reply | To 8 | View Replies]

To: matt1234

Does this facilitate NSA nosiness?
Yes.


34 posted on 09/27/2013 8:26:56 PM PDT by Darksheare (Try my coffee, first one's free..... Even robots will kill for it!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Adult Dog

How do you know those aren’t just NSA honey traps?


35 posted on 09/27/2013 9:41:12 PM PDT by 1010RD (First, Do No Harm)
[ Post Reply | Private Reply | To 14 | View Replies]

To: upchuck

How do you know they’re safe?


36 posted on 09/27/2013 9:43:30 PM PDT by 1010RD (First, Do No Harm)
[ Post Reply | Private Reply | To 25 | View Replies]

To: 1010RD
How do you know they’re safe?

I don't. Go to their web site, look around and make your own decision. Google startpage and read some of the articles on it. Your decision.

37 posted on 09/27/2013 10:01:21 PM PDT by upchuck (nobamacare must be stopped before it can live down to our expectations.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: matt1234
Does this facilitate NSA snooping?

If it didn't, would they bother?

38 posted on 09/28/2013 10:40:50 AM PDT by JimRed (Excise the cancer before it kills us; feed & water the Tree of Liberty! TERM LIMITS NOW & FOREVER!)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson