Google offers encrypted Web search by default

Discussion in 'privacy general' started by JRViejo, Oct 18, 2011.

Thread Status:
Not open for further replies.
  1. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,907
    Location:
    U.S.A.
    CNET Article by Elinor Mills.​
     
  2. tooth

    tooth Registered Member

    Joined:
    May 21, 2009
    Posts:
    32
    I've been using the encrypted one simply because I have https everywhere installed. Unless I'm missing something or some other addon blocks it, the "images > maps " all the top links do not appear until AFTER a search has been entered.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I'd like to say "awesome" but until they implement it for all countries, and in particular, the countries where it actually matters (Iran, Egypt, etc), it really isn't.
     
  4. StillAlive

    StillAlive Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    42
  5. x942

    x942 Guest

    Fairly useless. All this does is encrypt the webpage itself. All of your search terms are visible in the URL.

    As you can see here:

    So if you are trying for privacy this won't help to much. The only thing it does is prevent an attacker from injecting malware into the page.

    For privacy use scroogle over ssl. There is even a page explaining this issue.

    This isn't a jab at google (I use google 90% of the time) but just a warning in case you are trying to hide your search terms.


    EDIT: Seems like it was a caching issue. Just ignore what I said :D
     
    Last edited by a moderator: Oct 21, 2011
  6. x942

    x942 Guest

    Mine used to do this but now they are all there on the top bar. Maybe google fixed it as they are launching it as default?
     
  7. strongsword

    strongsword Registered Member

    Joined:
    Oct 16, 2011
    Posts:
    36
    SSL has been hacked before, no?
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    No. Nothing is visible (sniffable) other than the domain name when using HTTPS. It would be pretty pointless otherwise.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's encrypted. Encryption happens under the application layer so you won't see it in your browser.

    Otherwise every time you visited an encrypted page everything would be unreadable.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Here is a good side-effect of using encrypted search, the website you select in Google can't see what you searched for, as it's encrypted: http://arstechnica.com/business/new...-to-secure-searches-alienates-seo-jockeys.ars

     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    No but DataMiner Google can & does :p
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    So use a different search service.
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    If you're using Google in the first place you've accepted that, HTTPS protects you from any third parties.

    P.S. My Homepage: https://ssl.scroogle.org/ Loads faster that Google, is lighter than Google, and shows more results on a page than Google. ;)
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I prefer relevant results.

    EDIT: Off-topic though.
     
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    They are as relevant as Google makes them, it's a Google scraper.
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Google makes them relevant through tracking. If it can't tell who the user is it can only give generic results.
     
  17. x942

    x942 Guest

    Your completely missing the point here. Anyone packet sniffing can see the URL and as such can see your search terms. Yes this does mean anyone on your LAN or even your ISP.

    Post is more private as the search terms are encrypted. With Get method anyone sniffing traffic can see the URL and as such see the search terms.

    If you need proof I am more than happy to post some wireshark packet dumps for you to see.


    Edit: I was wrong. The issue was on my end.
     
    Last edited by a moderator: Oct 21, 2011
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The entire URL is encrypted, POST or GET.

    As I said, the encryption is on a lower level (Layer... 3? I think that's TLS.) You won't see it. If you're sniffing your packets and picking up search terms I don't understand why. Both GET and POST are encrypted.

    GET requests are more dangerous because of logging. That's it.
     
  19. x942

    x942 Guest

  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Because I don't know how Wireshare works I can't tell you why you're seeing what you're seeing.

    I can tell you that both POST and GET are encrypted.
     
  21. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Exactly..... GOOGLE itself can still see what your searching for... (Google shouldnt be trusted)

    All this does is give a FALSE SENSE OF SECURITY!
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No.

    No one else can see the page between you and google. That's not a false sense of security that is literally security.

    If you don't trust Google that's your opinion. This is not a matter of opinion. The entire page is encrypted and your ISP is unable to see any of it.
     
  23. x942

    x942 Guest

    Well I believe you lol I can now confirm it is encrypted. I have no idea why I could grab the terms before but I can't now after completely closing FireFox. Maybe there was some caching issue.
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That sounds likely. GET is more often saved in the browser so it was probably on your browsers end.

    Glad it's all worked out.
     
  25. x942

    x942 Guest

    :thumb: I was just reading an article about it and part of the paper said exactly that.
     
Loading...
Thread Status:
Not open for further replies.