Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Rolls Out Encrypted Web Search Option

CmdrTaco posted more than 4 years ago | from the step-in-the-right-direction dept.

Google 176

KirinMercury writes "Google began offering an encrypted option for Web searchers on Friday and said it planned to roll it out for all of its services eventually. People who want to use the more secure search option can type 'https://www.google.com' into their browser, scrambling the connection so the words and phrases they search on, and the results that Google displays, will be protected from interception." Note that you need the 'www' for it to work. Dropping it redirects you to a non-ssl page. You might have read this on Saturday, but if you missed it, it's still worth knowing.

cancel ×

176 comments

Sorry! There are no comments related to the filter you selected.

Change it in the Firefox search box: (5, Informative)

Evro (18923) | more than 4 years ago | (#32337598)

In ~/.mozilla/firefox/(profile id).default/search.json, find this:

{"template":"http://www.google.com/search","rels":[],"params":[{"name":"q","value":"{searchTerms}"}

Change it to this:

{"template":"https://www.google.com/search","rels":[],"params":[{"name":"q","value":"{searchTerms}"}

Restart browser

Re:Change it in the Firefox search box: (1)

dbrossard (911407) | more than 4 years ago | (#32337844)

This does not work for me. With firefox not running I make this change. Then when I start up firefox seearch results are still on http://www.google.com/ [google.com] and the data in search.json has reverted back to http removing my changes.

Re:Change it in the Firefox search box: (5, Informative)

MoonBuggy (611105) | more than 4 years ago | (#32338112)

You can also edit the "keyword.URL" option in about:config to change the default address bar behaviour.

Mod Parent up! Easier method (1)

blahbooboo (839709) | more than 4 years ago | (#32338160)

Great tip and much easier to do! Thanks!

Re:Mod Parent up! Easier method (1, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#32338688)

Hey, if you find opening and using a GUI easier than opening and editting a config file, you're in with the wrong crowd.

Re:Mod Parent up! Easier method (0)

Anonymous Coward | more than 4 years ago | (#32338844)

One is for the search box, one is for the context search in the address bar...

Re:Change it in the Firefox search box: (2, Informative)

surveyork (1505897) | more than 4 years ago | (#32338926)

That works for the location bar. For the search bar you can add a Mycroft search plug-in: http://mycroft.mozdev.org/search-engines.html?name=google+ssl [mozdev.org] and demote/delete the built-in google search plug-in. I guess this is the non-hacker / lazy-ass method :).

Easier Solution (3, Insightful)

datapharmer (1099455) | more than 4 years ago | (#32338166)

An easier solutions is to just install the add to search bar plugin. Details on this plugin and how to get the old google layout back can be found on my website here: how to get rid of the new Google sidebar [gainesvillecomputer.com] . You may also want to go to about:config and change http:/// [http] to https:/// [https] under keyword.URL

For Google Chrome (3, Informative)

ClosedEyesSeeing (1278938) | more than 4 years ago | (#32338188)

Tools -> Options
Basics Tab -> Manage button for default search
Add Button ->
Name: SSLGoogle (or whatever you want)
Keyword: sslGoogle (or whatever you want)
Url: https://www.google.com/search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q=%s

Simple Chrome and Firefox howtos: (3, Informative)

catmistake (814204) | more than 4 years ago | (#32338764)

instructions for chrome & firefox:

firefox [simplehelp.net]

chrome [coolgeex.com]

Cue in fucktard sopssa trolling in 3, 2, 1 ... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32337600)

Sopssa is a troll. Remember it moderators.

So much for "do no evil" (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32337624)

Now pedophiles and terrorists will be able to search the web with impunity. I'm sure all the dead heroes of 9/11 and all those children who are sexually tortured will thank you for this, google!

Re:So much for "do no evil" (2, Informative)

longacre (1090157) | more than 4 years ago | (#32337708)

No. Google can and will log all your searches, just like they do now.

Re:So much for "do no evil" (1)

MrNaz (730548) | more than 4 years ago | (#32338700)

So yea, our searches are protected from everyone except the people who are already the ones most interested in mining your data.

Great. Google is getting into the security theater game.

Dupe (0, Redundant)

Nimloth (704789) | more than 4 years ago | (#32337626)

Summary mentions it is a dupe (0)

Anonymous Coward | more than 4 years ago | (#32337904)

The summary is quite clear that this story is a dupe. But this = /., so reading a summary is not required nor expected.

Re:Dupe (0)

Anonymous Coward | more than 4 years ago | (#32338066)

Hey doofus, read the summary.

--
Slashdot: No brains required

Was this posted before? (0, Redundant)

ThoughtMonster (1602047) | more than 4 years ago | (#32337636)

Re:Was this posted before? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32337682)

And it still works! Damn, google is gude....

Re:Was this posted before? (4, Interesting)

Unordained (262962) | more than 4 years ago | (#32337928)

I'm actually intrigued by this concept of Slashdot purposefully (assumption: text in current summary implies they did this on purpose) re-posting news to make sure we see it, a form of public-service-announcement. Yes, Slashdot is a news service, but I don't generally see timestamp-based news-services prioritizing/reposting content like this. The main news sources just keep covering the same story over and over again, as if it were evolving by the minute, but that's about it. Interesting.

Re:Was this posted before? (1)

Volante3192 (953645) | more than 4 years ago | (#32337956)

Kinda strange, I check /. maybe only slightly less during the weekend as during the week, but somehow I completely missed the original post so I liked the dupe here.

Re:Was this posted before? (1)

PopeRatzo (965947) | more than 4 years ago | (#32338846)

. Yes, Slashdot is a news service, but I don't generally see timestamp-based news-services prioritizing/reposting content like this.

Just another free service that Slashdot provides in order to add value.

I can't tell if you're complaining or not, but I'm grateful that they'll post a story like this a second time.

Re:Was this posted before? (0)

Anonymous Coward | more than 4 years ago | (#32338444)

Yeah, they eluded to that fact in the summary, I think they wanted to make sure that those that only peruse this site on weekdays (read: at work) got to see this important notice.

This way I can search on google and be sure that only google and those paying google are aware of my actions. I think this is as good of a contract as we can get at this stage, they are a business not a charity. I wish I knew if they were doing this to protect users' data for users/goodwill or so they can keep it for themselves/not allow snoops to get 'their' info.

Either way, it is still a step in the right direction. If I want to trust google, I want to trust them and only them, not anyone in the middle.

Don't Be Evil (1)

el3mentary (1349033) | more than 4 years ago | (#32337644)

Glad to see Google are living up to their motto

Re:Don't Be Evil (3, Insightful)

hedwards (940851) | more than 4 years ago | (#32338006)

Technically, this just restricts the evil to mostly Google.

Re:Don't Be Evil (1)

Mordok-DestroyerOfWo (1000167) | more than 4 years ago | (#32338096)

Maybe this just means the motto is actually "do less evil"

This will have interesting results for webmasters (5, Interesting)

JoshuaZ (1134087) | more than 4 years ago | (#32337646)

This will have an interesting impact on webmasters. If someone clicks through from a secure Google search to your webpage, the referral data is not given. That means that the person who runs the website will not only not see what the search term was they won't even see that it came from a Google search. I'm not sure how that will impact people. But if enough people use secure search, it may cause people to have to do a lot of guesswork about how much traffic they are getting from Google searches.

Re:This will have interesting results for webmaste (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32337714)

Google will know which sites it returned to a given search user. If the sites that are selected by the user are using Google Analytics, then Google will also know which sites the user's clicked on. Perhaps they will make this information available to site owners via Analytics?

Re:This will have interesting results for webmaste (5, Insightful)

eln (21727) | more than 4 years ago | (#32337740)

This seems likely, which of course has the very desirable (for Google) effect of locking website owners into Google Analytics. Of course, if you're a website owner who wants to run some other stats package, this is very bad news.

Re:This will have interesting results for webmaste (5, Informative)

TreyGeek (1391679) | more than 4 years ago | (#32337736)

If you create a webmaster account with Google and register your site, Google will tell you how many people they send to you. They'll also give you a lot of other information like where in the list of search results was your website when it was clicked on.

Re:This will have interesting results for webmaste (0)

Anonymous Coward | more than 4 years ago | (#32337750)

from secure links in general. Of course the whole concept of a referer header is a privacy invasion in its own right--it's not the website's business what you got their url from--but it's a historical relic left over from a less evil age of the web, and people are unaware of it or have gotten used to it.

Re:This will have interesting results for webmaste (2, Interesting)

FuckingNickName (1362625) | more than 4 years ago | (#32337950)

The client creates the referrer header... it's a privacy invasion in the same way that it would be a privacy invasion to tell you that I have a spoon fetish then complain because you heard me tell you.

Of course, how you process that information can and will be regulated, and it is possible to store/use the information in a way that will violate my privacy. But it's not your fault that you heard it, and I can't blame you if you don't forget it providing you don't choose to write it down.

Re:This will have interesting results for webmaste (3, Insightful)

hawguy (1600213) | more than 4 years ago | (#32338828)

Since most people don't know about the referer header, I don't think your analogy is correct. It would be more like if I taped a note on your back that says "I have a spoon fetish". The note is easy for you to find and remove (or alter) if you really want to.. but most people wouldn't even think to look there.

Re:This will have interesting results for webmaste (1)

PopeRatzo (965947) | more than 4 years ago | (#32338958)

The client creates the referrer header

That's bogus. How many people know that their "client" is sending information about them to the sites they visit? How many people know what a "referrer header" even is?

You use the metaphor that information sent via a referrer header is like a conversation overheard. If that's the case, then I have the right to whisper when I talk so you can't "overhear" me.

Re:This will have interesting results for webmaste (2, Informative)

Pharmboy (216950) | more than 4 years ago | (#32337874)

It doesn't work for images after trying a few different ways, ie: changing the address to https after an image search, or doing a true https search, to which you don't have the option of choose "images" as a search type. You *can* search videos, news and blogs with SSL but not images at this time. Wonder why?

Re:This will have interesting results for webmaste (0)

Anonymous Coward | more than 4 years ago | (#32338000)

The original blog posting from google explained that it would take time to roll this out to all services, explicitly mentioning that Image searches were still not supported. At the time video and news were not supported either, though it appears they are now.

Re:This will have interesting results for webmaste (1)

Zerth (26112) | more than 4 years ago | (#32338136)

Because then schoolchildren could imagesearch porn without being blocked by filters?

Re:This will have interesting results for webmaste (2, Insightful)

PopeRatzo (965947) | more than 4 years ago | (#32338918)

If someone clicks through from a secure Google search to your webpage, the referral data is not given.

Good. That's the point.

You want to know about the people who visit your site? Ask them to sign a visitor's book. Just because having background information on web visitors makes companies' lives easier doesn't mean that people don't have the right to surf anonymously.

Re:This will have interesting results for webmaste (1)

Dan667 (564390) | more than 4 years ago | (#32338978)

People also abuse this information and they will be screwed as well. I for one like that I have the option to prevent those few that would like to abuse it no data.

They didnt have an SSL cert before? (0)

Anonymous Coward | more than 4 years ago | (#32337648)

They didnt have an SSL cert before? Seems like more like an oversight being corrected than something newsworthy.

MitM only? (3, Interesting)

sabt-pestnu (967671) | more than 4 years ago | (#32337656)

What this means, I believe, is that your web browsing might be immune to man-in-the-middle interception.

Interception by Google (and thus by anyone with the power to compel Google, IE USA, China, etc) will be the same as before. As well, you're still connecting TO Google, so you're still likely to be blocked from the site by the Great Firewall arrangements, even if your search terms themselves might be encrypted.

And not to forget that China has a tame certificate authority...

Re:MitM only? (1)

phantomcircuit (938963) | more than 4 years ago | (#32337698)

Not to mention that it's pretty clear the three letter agencies have gotten CA cert signed by verisign or some other company.

Re:MitM only? (2, Insightful)

quantumplacet (1195335) | more than 4 years ago | (#32338028)

It's a bit of a stretch to say Google is "intercepting" the traffic since they are in fact the intended recipient.

Re:MitM only? (3, Funny)

Itninja (937614) | more than 4 years ago | (#32338048)

...immune to man-in-the-middle interception

That's adorable

Re:MitM only? (1)

MoonBuggy (611105) | more than 4 years ago | (#32338196)

The more of the web goes SSL, the harder it will be for governments to pervasively monitor/censor anything. Google is a positive first step.

Re:MitM only? (0)

Anonymous Coward | more than 4 years ago | (#32338294)

Can't they just read Google's logs? You know, the ones that Google gives to the gov'ts.

Re:MitM only? (4, Insightful)

MoonBuggy (611105) | more than 4 years ago | (#32338462)

Yes, but they need to subpoena them, which is a lot more work than automated monitoring.

More to the point, though, I said the more of the web goes SSL, my point being that something like the great firewall of China would be much harder to implement if most sites are on secure connections, thus only endpoints are known. Dissident news pages could be replicated across 'legitimate' domains, for example. Without live packet inspection it becomes much harder to decide who to block.

With Google providing security even for relatively non-sensitive data, there is hope of others following suit.

Talking of new services ... (4, Funny)

daveime (1253762) | more than 4 years ago | (#32337666)

Slashdot began offering an dupe-free option for Web searchers on Friday (and then repeated the offer on Saturday) ... *facepalm*

How about we just rename the site to Reddit ... I mean, every other story, we already reddit.

Re:Talking of new services ... (1)

noidentity (188756) | more than 4 years ago | (#32337934)

Come on, the excuse was great "in case you missed the useful information the first time". Come to think of that, this excuses all dupes, since they all have some use. I publicly apologize for all the times I've criticized dupes. They really did have a good purpose. I eagerly await a dupe of this dupe on Friday.

Re:Talking of new services ... (1)

daveime (1253762) | more than 4 years ago | (#32338146)

Why wait until Friday ???

Come on, the excuse was great "in case you missed the useful information the first time". Come to think of that, this excuses all dupes, since they all have some use. I publicly apologize for all the times I've criticized dupes. They really did have a good purpose. I eagerly await a dupe of this dupe on Friday.

Re:Talking of new services ... (1)

PopeRatzo (965947) | more than 4 years ago | (#32338992)

How about we just rename the site to Reddit ... I mean, every other story, we already reddit.

Don't whine.

Cool (0)

Anonymous Coward | more than 4 years ago | (#32337676)

So now google, and only google, will be scrutinizing and analyzing my search data.

Yay.

Now we just need Google itself to stop retaining (0)

Anonymous Coward | more than 4 years ago | (#32337710)

the info. Also you want to search with Javascript turned off. Otherwise every time you click on a search hit, Javascript on the result page tells Google which result you've clicked on, simultaneously with sending you to the target page.

Re:Now we just need Google itself to stop retainin (4, Informative)

natehoy (1608657) | more than 4 years ago | (#32337884)

And turning off Javascript will help you how?

The links themselves are google links, regardless of whether JS is on or off, your click goes to something like:

http://www.google.com/url?sa=t&source=web&ct=res&cd=3&ved=0CBoQFjAC&url=http%3A%2F%2Fblah.blah.com%2Fbyu%2Findex.php%3Fp%3D15365%26more%3D1%26c%3D1%26tb%3D1%26pb%3D1&ei=2fn7S4mMEsGBlAem2fTBDw&usg=AFQjCNHWjfNi_UtFFF-vpxP0qcH9eQKvzg&sig2=pjkVdJt9EijRDfi3g7eMsA [google.com]

And Google captures the bits they want then sends you to the page they showed you in the first place.

Retype the URL from orbit, it's the only way to be sure.

but not the custom home page (1)

speculatrix (678524) | more than 4 years ago | (#32337774)

so why is it that if I go to https://www.google.co.uk/ig [google.co.uk] it gets redirected to http://www.google.co.uk/ig [google.co.uk] ?

presumably G will fix this soon? hello Google?

Re:but not the custom home page (1)

mobets (101759) | more than 4 years ago | (#32338040)

The gadgets on the iGoogle page can load content from other domains which probably won't use SSL. This would cause annoying security popups every time you loaded iGoogle.

Re:but not the custom home page (1)

NatasRevol (731260) | more than 4 years ago | (#32338338)

However, Google Voice *only* does SSL, so you *can't* use that gadget. Not sure why they even offer it - though it used to work when I first added it, though https://www.google.com/ig [google.com] worked then too.

That, and the fact that the gmail gadget seems to flip flop on whether or not it can use SSL on a weekly basis.

You'd think Google could figure these things out.

Re:but not the custom home page (1)

Ephemeriis (315124) | more than 4 years ago | (#32338228)

I don't believe the personal page is encrypted yet.

I just tried to load up https://www.google.com/ig [google.com] and it re-directed me to http://www.gooogle.com/ig [gooogle.com]

Protect Google's Data! (-1, Troll)

Tihstae (86842) | more than 4 years ago | (#32337786)

So we can search using SSL through Google now. So what does this mean? Does it mean that Google will no longer know everything about you? NO. It means that you are helping Google be the only one to know everything about you. You are making your data more valuable to Google as ONLY Google will have your search terms. This in no way means that Google wont' be compiling data on you. That is their job, that is how they make money.

I think this is a great idea! Let's all help Google become more profitable.

Re:Protect Google's Data! (1)

Get on the boat (1601391) | more than 4 years ago | (#32337880)

So, to combat this money-grubbing behemoth, we should use insecure HTTP transfers ..to Google searches....which allow those nonprofit engines such as Bing and Yahoo insight on our queries and open up fair competition.

K.

Re:Protect Google's Data! (1)

Tihstae (86842) | more than 4 years ago | (#32338018)

Absolutely! Let's make it a fair playing field!

I'm more concerned that this is even being touted as something important. You are giving away information every time you search. You are not securing your privacy by searching encrypted, you are just giving Google an edge.

Seriously, how many people do you think are doing man in the middle attacks to find what you are searching for on Google? This is nothing important or major that you are searching encrypted vs. unencrypted.

Re:Protect Google's Data! (1)

unix1 (1667411) | more than 4 years ago | (#32338962)

Seriously, how many people do you think are doing man in the middle attacks to find what you are searching for on Google? This is nothing important or major that you are searching encrypted vs. unencrypted.

Not necessarily "attacks" but a lot of parties could be interested:

- ISP(s) tracking and storing data
- hotspot provider tracking, storing, reselling data
- dictatorship tracking "suspicious" searches by citizens and foreigners
- employer tracking

Just because you are giving the data to Google, doesn't mean you need to give it to everybody else as well. It can be important.

Re:Protect Google's Data! (1)

hawguy (1600213) | more than 4 years ago | (#32338970)

Without SSL, no one needs to do a man-in-the-middle attack to see what you're searching on, they just need to sit at your ISP (or some upstream ISP between you and Google) and watch your traffic go by. I wouldn't be at all surprised to find that some large ISP (and I mean you, Comcast) is doing just that and reselling the data, but not telling anyone.

But really, I doubt that's happening much, the real benefit of SSL is that the website you're visiting no longer gets the referer data so they can't see what search teams led you there. While I'm sure that JoesPharmacy.com finds it very valuable to know that I searched on "herpes+cure" to reach their site, I really don't think it's any of their business. Worse, if I search for "I+think+i+have+breast+cancer" and end up at an insurance company's website, they can use that as a flag to refuse to sell a policy to me.

I don't feel that it's any of Google's business either, but it's their service and letting them see my searches is part of my "payment" to them. And, I can clear my cookies and they won't have any idea who I am, while if I make a purchase at JoesPharmacy.com, they'll know exactly who I am and what search terms I used to get there.

Re:Protect Google's Data! (1)

alfredos (1694270) | more than 4 years ago | (#32338738)

How are those engines getting insight on your queries to Google?

I agree though that the point of this decision is for Google to make sure that they and only they get the data. Not that anybody else that might compete with them would be able to get at it easily by fair or useful means - they would have to sniff your traffic, which is not only wrong and illegal in many (most?) countries, but also impractical at a big scale and therefore useless. Still, perhaps someone would pop up the idea of giving away say free home routers in exchange for "some anonymous statistical data" (i.e., the search queries and results) that said routers could report automatically and which would probably be still quite valuable - that possibility is void now.

Re:Protect Google's Data! (1)

cynyr (703126) | more than 4 years ago | (#32337926)

while preventing a untrusted hotspot provider from seeing my searches.

Re:Protect Google's Data! (1)

contrapunctus (907549) | more than 4 years ago | (#32337944)

Doesn't it mean that if a search for a medical condition at work my employers can't see it? That has value.

Re:Protect Google's Data! (1)

DragonWriter (970822) | more than 4 years ago | (#32338190)

Doesn't it mean that if a search for a medical condition at work my employers can't see it?

Maybe. If you have administrative control of your desktop.

Otherwise, securing the connection between your desktop and Google won't prevent the employer from finding out everything you do using the computer that they control.

Re:Protect Google's Data! (1)

contrapunctus (907549) | more than 4 years ago | (#32338384)

You're point is well made. (Not to go off topic, but I use my own laptop for precisely that reason (we had to come to an agreement of course). If that weren't an option, I would load a live Ubuntu CD, do my business, reboot when done.)

Re:Protect Google's Data! (1)

PRMan (959735) | more than 4 years ago | (#32338464)

Use a live CD?

Just a referral to another privacy search engine (0)

Anonymous Coward | more than 4 years ago | (#32337836)

DuckDuckGo [duckduckgo.com] has had an encrypted option for some time now. In addition, even on HTTP requests, the search engine itself goes through great lengths to make sure not to log any IP addresses or identifying information (meaning you're still sending Referral headers to requested pages, but the search engine itself has no log at all of what you've searched).

Re:Just a referral to another privacy search engin (0)

Anonymous Coward | more than 4 years ago | (#32337948)

How do we actually know that's the case? Have you ever audited their systems? Have you checked every line of their code? Have you ensured that the code you saw was actually the code powering their site?

Change in Chrome (2)

AriesGeek (593959) | more than 4 years ago | (#32337852)

https://www.google.com/search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q=%s

12/14/2010 log #3342 (5, Funny)

circletimessquare (444983) | more than 4 years ago | (#32337856)

session id #4ddr-tg62-hh89

12:30 https initiated begin session

12:31 "divorce lawyer"
12:34 "divorce lawyer low cost"
12:34 "hitman hire"
12:36 "hitman low cost"
12:37 "assassination do-it-yourself"
12:40 "polonium-210 availability"
12:41 "legal anthrax"
12:41 "ricin suppliers"
12:42 "arsenic wholesale"
12:43 "legal mustard gas"
12:43 "cheap readily available poisons"
12:46 "antifreeze toxicity"
12:49 "brainstorming murder scenarios"
12:52 "how to run hose from exhaust to passenger compartment"
12:55 "wits end"
12:41 "chloroform wholesalers"
12:45 "shovel hacksaw garbage bags"

12:45 interrupt: preemptive googlebot legal log crawler has identified a high criminal behavior correlation index in session id #4ddr-tg62-hh89. log and ip address forwarded to google-inbox@fbi.gov

1:05 "stalling law enforcement"
1:06 "good indoor hiding places"
1:06 "proper handgun usage"

1:26 session timed out

Re:12/14/2010 log #3342 (1)

Tablizer (95088) | more than 4 years ago | (#32337972)

You forgot "crossdressing midget panties"

Re:12/14/2010 log #3342 (1)

Itninja (937614) | more than 4 years ago | (#32338092)

You forgot "rent wood chipper"

SSL Wikipedia & TPB (5, Informative)

cffrost (885375) | more than 4 years ago | (#32337858)

Wikipedia and TPB have SSL versions available as well:

English Wikipedia: https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page [wikimedia.org]

The Pirate Bay: https://thepiratebay.org/ [thepiratebay.org]

Still waiting on Slashdot to join the 21st century.

Re:SSL Wikipedia & TPB (1)

SimonTheSoundMan (1012395) | more than 4 years ago | (#32338278)

So does Facebok, Twitter, Apple.com and Microsoft.com. Just the firsth four I thought I'd try.

Come one /., please support SSL!

Re:SSL Wikipedia & TPB (1)

PRMan (959735) | more than 4 years ago | (#32338492)

I'll be happy when the Javascript doesn't stall on a single processor machine anymore on Slashdot...

To Use as Default Search (1)

BJ_Covert_Action (1499847) | more than 4 years ago | (#32337862)

So I did some Googling (nonencrypted so maybe it can't be trusted), and found this page [devilsworkshop.org] that tells you how to set up the SSL search as the default search in FF, Chrome, and IE. There was no mention of Opera, but then, I never really bothered with Opera so I am sure someone else can figure that one out. Also, apparently the "KB SSL Enforce extension" for Chrome sets up an automatic redirect for google.com to link to https://www.google.com./ [www.google.com] I haven't tried this, however, since I don't use Chrome at work.

Have fun guys.

Re:To Use as Default Search (1)

Lomegor (1643845) | more than 4 years ago | (#32338398)

In Opera you go to https://www.google.com/ [google.com] right-click on the input box and select Create Search; select use as default search engine and you are good to go. And then people complain Opera's awful UI.

now we need encrypted /. (5, Insightful)

Darth Sdlavrot (1614139) | more than 4 years ago | (#32337868)

Encrypted should be the default for every web site IMNSHO.

Re:now we need encrypted /. (2, Interesting)

Mad Merlin (837387) | more than 4 years ago | (#32338480)

I agree, but that would require the death of IE6 (and XP), or IPv4. SSL is incompatible with name based virtual hosting unless you add in SNI, which isn't supported by IE6 (or any browser that runs on XP, for that matter).

Don't get me wrong, I agree entirely and IE6 and IPv4 should be nothing more than a bad memory by this point, but they're not.

Default (4, Funny)

fulldecent (598482) | more than 4 years ago | (#32337946)

Wake me up when they enable a default option like in Gmail.

This should be the default, not a special thing (1)

wealthychef (584778) | more than 4 years ago | (#32338012)

You have to be careful to type the https:/// [https] and the www or you don't get SSL. I think it should be the opposite: Google shoud detect if you can handle SSL and use it if you can and not if you can't.

Re:This should be the default, not a special thing (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32338194)

Turning it on by default breaks sites which use referer (WSJ, experts-exchange, are two which come to mind). You might (legitimately) argue that such sites deserve it for being evil, but launching breaking features in an on-by-default state is bad, especially when it's done by a company with as many users as Google.

Also, I suspect they wanted to see what the effect of lots of SSL usage for their search product would be before turning it on and watching their web site fall down on its knees.

Scroogle rules (0)

Anonymous Coward | more than 4 years ago | (#32338014)

https://ssl.scroogle.org/

which yields different search results... (0)

Anonymous Coward | more than 4 years ago | (#32338050)

not sure if anyone noticed, but the search results from the http and the https site are different. a google search for "test" yields 822,000,000 results. a https google search for "test" yields 756,000,000. this is frequently different, regardless of the search term...

ill stick with whatever yields the most results for the time being...and pump it through an anonymous proxy :P

I fail to see (2, Interesting)

thechemic (1329333) | more than 4 years ago | (#32338104)

I fail to see how this provides any search privacy at all. Any network administrator can see the search phrase in the URL: https://www.google.com/search?hl=en&source=hp&q=printer&aq=f&aqi=&aql=&oq=&gs_rfai= [google.com] And then, you would see the very next URL the user selected ie: http://en.wikipedia.org/wiki/Printer_(computing) [wikipedia.org] Sure, the search RESULTS might be encrypted... but ugh, cant administrators still see what you searched for and ultimately where you went?

Re:I fail to see (5, Informative)

Anonymous Coward | more than 4 years ago | (#32338326)

No, that's not how https works. All a network administrator will see is what host was connected to. After the secure socket is opened, only then is the command sent out over the encrypted stream to "GET someresource".

Searches are still open to side channel attacks (2, Interesting)

amiga500 (935789) | more than 4 years ago | (#32338174)

I study done a few months ago showed how one can easily deduce searches by looking at the size of the AJAX requests. http://www.schneier.com/blog/archives/2010/03/side-channel_at.html [schneier.com] Yes, https should have been available a long time ago, and still isn't available for www.google.com.hk.

iGoogle w/SSL? (1)

Kozz (7764) | more than 4 years ago | (#32338204)

It'd be nice if they could also enable SSL for those of us who use the Google Personalized page (aka iGoogle) at http://www.google.com/ig [google.com]

the question is (1)

FudRucker (866063) | more than 4 years ago | (#32338216)

will it not only be encrypted from snoopers & sniffers, will it be encrypted from google itself?

Re:the question is (1)

jansifae (175417) | more than 4 years ago | (#32338308)

How could it possibly be encrypted from google itself, when they're the ones providing the search results?

Re:the question is (1)

TheBig1 (966884) | more than 4 years ago | (#32338376)

Of course not -- how could they perform your search if the query was encrypted from themselves?

Third option (0)

Anonymous Coward | more than 4 years ago | (#32338306)

You needn't sacrifice either security or privacy--you can keep both with a third option (at least for firefox users): http://cs.nyu.edu/trackmenot/

" TrackMeNot, now compatible with Firefox 3.6, is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with the Firefox Browser and popular search engines (AOL, Yahoo!, Google, and Bing) and requires no 3rd-party servers or services."

Making it the default (1)

Buelldozer (713671) | more than 4 years ago | (#32338418)

DevilsWorkShop.org has some succinct instructions on how to set this as the default search type in the "Big Three" browsers of IE, FF, and Chrome.

http://devilsworkshop.org/how-to-use-google-ssl-search-as-default-search-engine-in-chrome-firefox-and-internet-explorer/ [devilsworkshop.org]

I have no affiliation with them.

SSL for images too? (1)

Gothmolly (148874) | more than 4 years ago | (#32338458)

Can we get SSL for images.google.com, so I can surf postage-stamp preview porn while at work?

Supported SSL ciphers (1)

just-a-stone (766843) | more than 4 years ago | (#32339032)

Google seems to be a bit picky on supported ciphers. At the moment, they only allow the following:
AES256-SHA, DES-CBC3-SHA, AES128-SHA, RC4-SHA, RC4-MD5

Tested using the online tool [clez.net] .
As far as i figured it out, the test only includes OpenSSL ciphers. So there could still be a few more...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?