Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Switching to SSL By Default For Logged-In Users

Unknown Lamer posted more than 2 years ago | from the except-for-other-google-services dept.

Google 133

nonprofiteer writes "Google plans to encrypt search for signed-in users, so that websites will no longer get to see the search terms that led a user to their site, though they will get aggregated reports on the top 1000 search terms that led traffic to their sites."

cancel ×

133 comments

Sorry! There are no comments related to the filter you selected.

the top 1000 search terms (2)

treeves (963993) | more than 2 years ago | (#37754980)

That should be good enough, right?
Is this a good for Google, doing the right thing story, or is there more to it than meets the eye?

Re:the top 1000 search terms (1)

ackthpt (218170) | more than 2 years ago | (#37754992)

That should be good enough, right?
Is this a good for Google, doing the right thing story, or is there more to it than meets the eye?

Good or bad, doesn't matter. Microsoft will try to roll out the same thing in about 18 months to much ballyhoo and fanfare.

Re:the top 1000 search terms (0)

Anonymous Coward | more than 2 years ago | (#37755328)

http://web-ngram.research.microsoft.com/info/bingbodyjun09_top100kwords.txt

Re:the top 1000 search terms (3, Insightful)

TechLA (2482532) | more than 2 years ago | (#37755412)

Google isn't doing it offer better privacy. It's doing it cause trouble for competing services. It basically requires all website owners to sign up with Google to access Analytics and Webmaster Tools. It's purely an anti-competitive thing and intented to destroy their compteitors. I'd be surprised if FCC doesn't start to crack on Google's monopoly tactics soon. Google is the new Microsoft.

Re:the top 1000 search terms (1)

Threni (635302) | more than 2 years ago | (#37755462)

In which field is Google a monopoly?

Pretty much all actions performed by a company are designed to destroy their competitors. That's the nature of the game.

Re:the top 1000 search terms (-1)

Anonymous Coward | more than 2 years ago | (#37755492)

You're an idiot. This is purely about security, and is one of the best things they could do on that front.

Re:the top 1000 search terms (1)

modmans2ndcoming (929661) | more than 2 years ago | (#37755996)

Right.....so to protect the market and consumers the ftc needs to force Google to open up its database of user information to the public and prevent users from having encrypted connections to the Google servers.......you show 'em!

Re:the top 1000 search terms (2)

epine (68316) | more than 2 years ago | (#37756052)

Google is the new Microsoft.

Every public company is required by law to become the next Microsoft if the business opportunity presents itself in order to provide maximum return to shareholders.

But then, you can take it to a whole new level by submitting falsified video tapes to the DOJ.

The government produced its own videotape of the same process, revealing that Microsoft's videotape had conveniently removed a long and complex part of the procedure and that the Netscape icon was not placed on the desktop, requiring a user to search for it. Brad Chase, a Microsoft vice president, verified the government's tape and conceded that Microsoft's own tape was falsified.

So yes, Google is getting grubbier, but it has yet to descend to flinging feces around like chocolate bon bons.

Re:the top 1000 search terms (0)

Anonymous Coward | more than 2 years ago | (#37756720)

What owner of any website that has significant traffic (and cares about traffic) isn't using Google webmaster tools already? Its not like they charge for signing up.

Re:the top 1000 search terms (2)

dririan (1131339) | more than 2 years ago | (#37756968)

I'd be surprised if FCC doesn't start to crack on Google's monopoly tactics soon.

I'd be surprised if the FCC considered using HTTPS a monopolistic practice. I'd be even more surprised if the FCC told Google "Encryption is good for security, but you can't use it, because it stops Referrer headers from being sent. Your users will just have to go without crypto."

Re:the top 1000 search terms (1)

hawguy (1600213) | more than 2 years ago | (#37755274)

That should be good enough, right?
Is this a good for Google, doing the right thing story, or is there more to it than meets the eye?

It's better than nothing, which is all that Google is obligated to give them.

Re:the top 1000 search terms (1)

daath93 (1356187) | more than 2 years ago | (#37756150)

They are doing it so sites can't get the information without using their service, "Google Insights for Search".

Re:the top 1000 search terms (1)

skids (119237) | more than 2 years ago | (#37757252)

Well, really, using HTTPS and providing the linked site with a referer URL are two different things entirely, the OP makes them sound like the former necessitates the latter. The latter has more downside than the former, but both are defensible privacy measures.

Re:the top 1000 search terms (1)

physburn (1095481) | more than 2 years ago | (#37757574)

That really a lot of internet marketers and SEO specialists having to change there jobs completely. Marketers will no longer to owning the top buzzwords, and people creating for hobbies, work or leisure will get nearer the top of the pile. Should be good for readers, and might lead to more advertising spending and link gaming. So sound good to me.

Re:the top 1000 search terms (1)

physburn (1095481) | more than 2 years ago | (#37758124)

Correction, that should read, and might lead to more advertising spending less spent on changing content to get the ranking.

Re:the top 1000 search terms (0)

Anonymous Coward | more than 2 years ago | (#37757938)

I wonder if the fact alot of ad blockers don't work on ssl content has anything to do with it?

Refreshing (5, Insightful)

Anonymous Coward | more than 2 years ago | (#37754994)

This will break those sites that automatically generate content based on your search query.

Re:Refreshing (3, Funny)

Moheeheeko (1682914) | more than 2 years ago | (#37755024)

Its always fun to mess with those sites just a bit. "find 'weapons grade uranium' for sale here!"

Re:Refreshing (1)

The Archon V2.0 (782634) | more than 2 years ago | (#37756718)

Its always fun to mess with those sites just a bit. "find 'weapons grade uranium' for sale here!"

I recall one fake wiki that was supposedly a fix-your-computer site but every "wiki" page was a template using search terms to personalize the page, and they all suggested running the same EXE. Could make for some amusing pages by feeding it really disturbing strings for errors. Was loads of laughs for about 2 minutes.

Re:Refreshing (2, Insightful)

Anonymous Coward | more than 2 years ago | (#37755240)

I've always wondered this: how did those sites GET my search terms?

Well, I stopped using google some time ago, but back when I was, how did they get it? I enter some terms to google.com - how does sleazywebsite.com even know that I did a search? Google knows obviously and returns the sites from its map of keywords to domains. But presumably it doesn't notify every site on the internet that matches my search that I just did one, and I've seen this happen for search terms that I'm pretty sure are unique, and nobody in the history of the internet had ever searched for in that combination before.

Re:Refreshing (3, Informative)

Qwell (684661) | more than 2 years ago | (#37755308)

referer

Re:Refreshing (0)

Anonymous Coward | more than 2 years ago | (#37755876)

Maybe I'm missing something, but if it's generating the content based on the search data in the referrer, how does it rank for the term in the first place? It doesn't get the referrer information until I actually click through to the site. Seems to me it's a chicken and egg scenario...

Re:Refreshing (1)

Yaur (1069446) | more than 2 years ago | (#37758172)

what you see is not what google bot sees. They generate a page with a bunch of phrases for the crawlers (through UA sniffing and/or IP address) and another for normal users.

Re:Refreshing (0)

Anonymous Coward | more than 2 years ago | (#37755922)

The referer is not set when you come from HTTPS.

Re:Refreshing (0)

Anonymous Coward | more than 2 years ago | (#37756416)

"referer"

Doesn't make sense. These are shown in the results even for things you don't click on, and for ones you do, they are present BEFORE you visit the site. There is no referrer.

Re:Refreshing (3, Informative)

kabloom (755503) | more than 2 years ago | (#37756542)

And I should point out (since the GP doesn't know about referers, he probably needs more than a one word answer) that the Referer is a field in your HTTP request that's automatically sent by your browser telling it the address of the website that you came from. Since Google (and other search engines) put the query string in the URL of the search results page (like they should), the website can read the results out of the URL and know what your search terms were.

Google didn't invent this as a way to invade your privacy -- it's been a feature of the web since the early days.

Re:Refreshing (4, Interesting)

williamhb (758070) | more than 2 years ago | (#37758032)

And I should point out (since the GP doesn't know about referers, he probably needs more than a one word answer) that the Referer is a field in your HTTP request that's automatically sent by your browser telling it the address of the website that you came from. Since Google (and other search engines) put the query string in the URL of the search results page (like they should), the website can read the results out of the URL and know what your search terms were.

Google didn't invent this as a way to invade your privacy -- it's been a feature of the web since the early days.

It's also what was behind the "Bing copies Google" ridiculousness some time ago. For Bing toolbar users, the HTTP request when you visit any site is also sent to Microsoft (if you have "suggested sites" turned on), so they get the traffic stats. Bing also used the Referer that brought a user to a page as one of its minor indexing terms. By clicking a link on a page, the user has indicated they think the link is relevant to what they are looking for -- so the Referer, and especially any query contained within it, is pretty good information. And it's the user's information -- the user both typed the search query, and chose to click the link. Google's experiment spammed the signal by ordering employees to visit a page for a made-up search query (non-existent words) so that those paid click-throughs would be the only information Bing could receive for those made-up words. The words didn't exist, so Bing couldn't index them off the web -- so it doesn't matter what algorithms Bing uses, that forced the paid click-throughs to be the only results because there was no other source of data in the world for those words. Google then spun it that it was Google's information that Bing was using (Google own their generated results page, most of which was not clicked on and did not appear in Bing) rather than the human user's information (what sites the user chooses to visit). The difference being that if it's the human user's information (if your clicks belong to you not Google), then the human user within his rights to give that information to whomever he likes, including Microsoft, and Microsoft are within their rights to use it as an index signal, albeit according to them it was a very minor one.

There is a current relevance to this history. That Referer information from the user's browser is valuable data. By making this change, Google is ensuring that they get this valuable data and other's don't. They get to see the full details of both where you came from and where you went; others only get the full details of where you went, and no longer get full details on where you came from. That's a straightforward business advantage. They can then sell more detailed stats to companies (in a freemium model), sell tools that let you access the Referer information that users used to give you for free, etc. While there's a privacy angle to this story (your data is now sent to fewer places), there's also money in this decision.

Re:Refreshing (1)

antdude (79039) | more than 2 years ago | (#37757506)

And that can be blocked/disabled in clients like web browsers. However, some sites require them. I always block my referrers that get sent if possible.

Re:Refreshing (0)

D'Sphitz (699604) | more than 2 years ago | (#37755430)

when you click a link the referring url is sent in a header. with google and most other search engines your query is in that url.

Re:Refreshing (0)

Anonymous Coward | more than 2 years ago | (#37755700)

But I never clicked the link, and I spoof the referrer. Doesn't add up. You see those sites and results even if you don't click on them.

Re:Refreshing (1)

dead_user (1989356) | more than 2 years ago | (#37755322)

Yay!

Re:Refreshing (1)

blair1q (305137) | more than 2 years ago | (#37755330)

Since the link you follow is a result of the search, it's got the content baked-in.

Those sites that were spying on search results to decide what to do were trying to be too smart.

Hopefully what this really fixes is the massive disconnect between prices reported by Google Shopping and the price shown on the click-through, which happens so often that it must be the result of futzing with what Google sees and what the user sees for the same search term.

Re:Refreshing (2)

MobyDisk (75490) | more than 2 years ago | (#37755376)

I would love to find a site that does that and change my user-agent string to Googlebot. Would they actually let me check-out at the lower price?

Re:Refreshing (1)

Pseudonym Authority (1591027) | more than 2 years ago | (#37756904)

Any sites doing such shady, and illegal, bait-and-switch tactics probably aren't ones that you really want to be buying from.

Javascript on links... (0)

Anonymous Coward | more than 2 years ago | (#37755000)

Good, but how about getting rid of the javascript embeded on de search result links? Not only makes them slower, but it also send all the information to your servers.

Now im using duckduckgo.com

Re:Javascript on links... (1)

I(rispee_I(reme (310391) | more than 2 years ago | (#37755150)

Also, they moved the "cached" search results inside the website preview.

Now you can't get cached results if you have javascript disabled, and you still have to wait for that lame thumbnail to pop up in order to hit google's cache.

Re:Javascript on links... (4, Interesting)

hawguy (1600213) | more than 2 years ago | (#37755238)

Also, they moved the "cached" search results inside the website preview.

Now you can't get cached results if you have javascript disabled, and you still have to wait for that lame thumbnail to pop up in order to hit google's cache.

So that's where the cache link went! I assumed they stopped providing cached pages at all.

I really don't care to see the thumbnails that are so tiny that the text is unreadable, I wish they'd bring the cache link back to the search results page.

Re:Javascript on links... (2)

X0563511 (793323) | more than 2 years ago | (#37755338)

The preview is sorta-useful.

You can see that a link is obviously link-farm or other trash without sending them a click or giving them an opportunity to rape your browser.

Some deal (2)

Hatta (162192) | more than 2 years ago | (#37755004)

So I have to sign up with google and let them track me, or they'll divulge my searches to websites who will track me?

Re:Some deal (3, Informative)

Hatta (162192) | more than 2 years ago | (#37755038)

Never mind, I should RTFA. For the rest of us who didn't: encrypted.google.com [google.com] .

Re:Some deal (0)

Anonymous Coward | more than 2 years ago | (#37755064)

Or go to https://www.google.com/ [google.com] without being logged in. It isn't that hard to add an s in there, is it?

Re:Some deal (2)

Yaur (1069446) | more than 2 years ago | (#37758218)

note however that https://google.com/ [google.com] will redirect you to http://www.google.com

Re:Some deal (1)

Anonymous Coward | more than 2 years ago | (#37755072)

It's not Google divulging your searches to websites, it's you. Well, it's your web browser to be more precise, see http://en.wikipedia.org/wiki/HTTP_referrer especially the section on Referrer hiding.

Re:Some deal (1)

blair1q (305137) | more than 2 years ago | (#37755340)

Google tracks you plenty without you signing in.

Re:Some deal (3, Insightful)

scdeimos (632778) | more than 2 years ago | (#37755364)

You are the product.

Re:Some deal (0)

Anonymous Coward | more than 2 years ago | (#37756912)

You are the parrot.

Re:Some deal (0)

Anonymous Coward | more than 2 years ago | (#37757424)

You are the product.

Common misconception, but no. He is the consumer. If he was the product, the ads would be about him instead of being shown to him. Consumers have money and see ads, products don't and are put on ads. Google doesn't sell your information despite being oft claimed they do, they absolutely don't. Their entire business model revolves around them NOT letting anyone else have your information. Thus no Google user is ever the product, or Google wouldn't be making any money.

Mixed Bag (1)

Anonymous Coward | more than 2 years ago | (#37755010)

On one hand automatic encription for logged in users. On the other hand google can track you better if your logged in. When your logged in they can build a profile on you based on your search terms. But many people are logged in anyways. So mixed bag.

Re:Mixed Bag (1)

bhagwad (1426855) | more than 2 years ago | (#37755314)

To not be "evil" 100%, what do you suggest Google should do?

Re:Mixed Bag (1)

cheater512 (783349) | more than 2 years ago | (#37755424)

This does not change or make you log in. It is just changing the default preference.

You can still use it encrypted without logging in. There is no increase in any data collection.

Good or bad? (4, Insightful)

Daetrin (576516) | more than 2 years ago | (#37755012)

Is this going to be considered good because it helps protect our privacy from the websites? Or bad because Google is effectively monetizing the private information by keeping the details to themselves (and using it?) while only handing out aggregate data to everyone else? I can see arguments being made either way.

Re:Good or bad? (1)

JustSomeProgrammer (1881750) | more than 2 years ago | (#37755204)

The thing I noticed was that they called out organic searches only. Does this mean the paid links in search will still have access to the search terms used?

Re:Good or bad? (1)

Pharmboy (216950) | more than 2 years ago | (#37757268)

The thing I noticed was that they called out organic searches only. Does this mean the paid links in search will still have access to the search terms used?

You can easily tell which search term was used by using a different address for each search term. (Google allows you to show only the domain name and not the full URL in ads) We have done this for years to a small extent. If you really want to get technical, you make the link for a search term (example: "soap") to be like "www.mydomain.com/myapp.cgi?soap" and have the cgi log and redirect to either the index page, or individual pages based on the term if you like. Just add each search term in the cgi, and a default if nothing matches. Now you automatically know the search term used, their IP and the fact that Google provided it, assuming you also log referring URLs. Simple Perl even for non-programmers like myself, a couple dozen lines of code, plus a line for each term.

The real work is changing your ads up, which is simple if you have 20 keywords, or a bit more difficult if you are like us and have around 300. I don't know if this includes the ads, but this would satisfy most needs.

Re:Good or bad? (5, Insightful)

blair1q (305137) | more than 2 years ago | (#37755348)

How is it private information when you presented it to Google for them to do the legwork on finding 1.8 million matching websites?

They're making it a shared secret between you and Google instead of a broadcast message to every link you choose to click.

They're monetizing it because, well, they are the ones who gave you the free advice. 1.8 million times.

Incentive for more sites to go SSL (0)

Anonymous Coward | more than 2 years ago | (#37757488)

Sites can still see your search terms (aka referrer) if they are https.

Hopefully this will provide an incentive for wider SSL implementation!

Google Analytics (0)

Anonymous Coward | more than 2 years ago | (#37755032)

Doing this would break 90% of the website traffic tools out there, unless they allow Google Analytics and Webmaster Tools to use this data as they do now. It's the referer [sic] that would be empty in the Apache logs I suppose.

Re:Google Analytics - SEO's will be upset (2)

xmas2003 (739875) | more than 2 years ago | (#37755076)

Yep - referrer will show as NONE ... so similar to if a user is coming to the site by typing the URL. Since you don't have the keywords in the weblogs, those tools don't have anything to parse ... and the Search Engine Optimization people aren't going to be happy about.

Re:Google Analytics - SEO's will be upset (2)

mr1911 (1942298) | more than 2 years ago | (#37755104)

Oh no! We can't offend the SEO deities.

Re:Google Analytics - SEO's will be upset (3, Funny)

irventu (2478338) | more than 2 years ago | (#37755112)

I am a *search engine optimization* person and I'm NOT happy about it--this takes away about 90% of data used for SEO strategy.

Re:Google Analytics - SEO's will be upset (2)

ackthpt (218170) | more than 2 years ago | (#37755192)

I am a *search engine optimization* person and I'm NOT happy about it--this takes away about 90% of data used for SEO strategy.

You mean, like when I'm trying to look up some local bit of history and the first 5 pages of results are trying to sell me real estate, service, yelp reviews, etc?

Find homes near Hanging Trees!!!

Re:Google Analytics - SEO's will be upset (0)

Anonymous Coward | more than 2 years ago | (#37755312)

Good, get a real job

Re:Google Analytics - SEO's will be upset (1)

X0563511 (793323) | more than 2 years ago | (#37755414)

Such a shame.

Try getting a real job, you damn parasite!

Re:Google Analytics - SEO's will be upset (1)

TheReaperD (937405) | more than 2 years ago | (#37755436)

Let me put this as simply as possible: Whah!!!

Re:Google Analytics - SEO's will be upset (1)

the eric conspiracy (20178) | more than 2 years ago | (#37756636)

Admitting that you are an SEO professional is the same thing as admitting that you are in charge of causing people's search engines to return corrupted and useless results.

Re:Google Analytics - SEO's will be upset (1)

EvanED (569694) | more than 2 years ago | (#37755228)

Yep - referrer will show as NONE

That's not quite true, at least based on TFA. It says that you'll still be able to tell the search came from Google, just not what the terms are.

Re:Google Analytics - SEO's will be upset (1)

icebraining (1313345) | more than 2 years ago | (#37755604)

I don't see how they'll do that. The browser controls the referer header, no Google.

Good with the Bad... (1)

Bahlzahn Yuerchin (1098933) | more than 2 years ago | (#37755052)

Unfortunately, it's a bit of a tradeoff. Instead of third party sites getting more details on how you arrived there, Google gets to build a more detailed profile on you via your user name now instead of simply your IP address. I don't particularly care for it either way.

Re:Good with the Bad... (1)

canajin56 (660655) | more than 2 years ago | (#37755134)

Encrypted search works without being signed in. It's also 4 months old. The news is they are making it default for signed in users, not that it exists.

Re:Good with the Bad... (1)

amRadioHed (463061) | more than 2 years ago | (#37755458)

One and a half years old, not 4 months old. They said the encrypted search was introduced 4 months after encrypted Gmail was standardized, back in January last year.

Re:Good with the Bad... (1)

canajin56 (660655) | more than 2 years ago | (#37755784)

Well, at least I got that number from somewhere, right? :(

Re:Good with the Bad... (1)

Baloroth (2370816) | more than 2 years ago | (#37755546)

It's more than 4 months old. I've been using Google SSL searches since last summer some time. Basically, all this news means is that Google feels their SSL search is ready for wider deployment.

Re:Good with the Bad... (1)

DragonWriter (970822) | more than 2 years ago | (#37756548)

Unfortunately, it's a bit of a tradeoff. Instead of third party sites getting more details on how you arrived there, Google gets to build a more detailed profile on you via your user name now instead of simply your IP address.

That would be a "tradeoff", if non-logged-in users couldn't also use encrypted Google search with the same features: https://encrypted.google.com/ [google.com]

What a pity (0)

Anonymous Coward | more than 2 years ago | (#37755098)

I loved trolling webmasters with crazy referrer search terms.

Re:What a pity (1)

irventu (2478338) | more than 2 years ago | (#37755270)

There are actually websites that "spam" the referer [sic] since when using Google Analytics, usually one visits these websites to see where the link is/was.

google privacy (0)

Anonymous Coward | more than 2 years ago | (#37755120)

Given all the (totally justified) hatred directed towards Facebook, why do people still use Google, when there are other search engines that don't aggregate every bit of info about you and sell it on?

Google's hooks are all over the internet just as much as the FB Like button. Why does everybody seem to give them a free pass, when they hate FB for the same reason?

It isn't like Google is the only search engine otu there....

Re:google privacy (1)

D'Sphitz (699604) | more than 2 years ago | (#37755528)

It isn't like Google is the only search engine otu there.

But they're the best. By a long shot.

Re:google privacy (2)

lgw (121541) | more than 2 years ago | (#37756484)

These days I find that DuckDuckGo often gives better results - it's a toss-up. Perhaps that's because the SEO guys are crapping all over Google specifically, but I don't fell like I'm missing out when I use ddg.gg for privacy/bubblefree search.

Re:google privacy (1)

smellotron (1039250) | more than 2 years ago | (#37757850)

These days I find that DuckDuckGo often gives better results - it's a toss-up.

I recently switched to DDG both at home and at work. The "red box answer" tends to be very good, but IME the overall quality of the first two pages is worse than google's. However, when I want the google results I can just enter !g search terms and BAM I get the google results. It's similar to how Opera has done search engines for a long time, but it's nice to have everything pre-programmed. Because of this, making duckduckgo the default search engine is strictly an increase in functionality.

Will break wifi access point redirection (0)

Anonymous Coward | more than 2 years ago | (#37755144)

Lots of people set Google to be their homepage, so in future people will be setting their homepage to be a secure page.
Many public access points use HTTP 300 to redirect user's homepages to their own page (so they can buy access or agree to terms and conditions). When the homepage is a secure page the access point can't and won't redirect it. Typically the browser just times out. At this point most people will decide the access point is broken.

I already consider these access points broken, but more people will notice it now.

Re:Will break wifi access point redirection (0)

Anonymous Coward | more than 2 years ago | (#37755720)

Well, I'd call that a good thing (I also consider those broken, and awareness of that is good), but I'd expect most people to try some other page before giving up, perhaps assuming google is down, even though they won't catch what the issue is

The referrer field sucks. (1)

Anonymous Coward | more than 2 years ago | (#37755162)

Good idea, but before the Internet was polluted with marketers and search engine spammers.

I've left referrers disabled for years.

HTTPS to HTTPS (1)

Anonymous Coward | more than 2 years ago | (#37755178)

For the version of firefox I'm using now:
HTTPS to HTTPS - Passed
HTTP to HTTP - Passed
HTTP to HTTPS - Passed
HTTPS to HTTP - Not passed

So if you want the referrer as a webmaster, run a secure site

Re:HTTPS to HTTPS (2)

BBTaeKwonDo (1540945) | more than 2 years ago | (#37755306)

Sure, but the link farms don't want to pay for SSL certificates for their subdomains such as https://viagra.spamsite.com/ [spamsite.com] , https://buy-viagra.spamsite.com/ [spamsite.com] , etc. I think I'm going to like this change.

Re:HTTPS to HTTPS (0)

Anonymous Coward | more than 2 years ago | (#37755346)

but you can buy a single certificate for *.spamsite.com and it covers them all

Re:HTTPS to HTTPS (1)

mounthood (993037) | more than 2 years ago | (#37755588)

HTTPS to HTTP - Not passed

So if you want the referrer as a webmaster, run a secure site

Many Google search result links go through redirection. They use JavaScript so the browser still shows the URL if you hover over the link. Here's what's included on an SSL search result link:

onmousedown="return rwt(this,'','','','1','AFQjCAHIe9S3k-PkE4lzgXFEjII7Gc_PVg','','0CEM0FjAA')"

This way they can record your selection when you click a link. Redirecting isn't necessary to record your selection (they could use AJAX) and they don't seem to redirect all the time. So if you click a link that's redirected to another Google page, your browser won't send a referer [sic] with the search terms any more. I think they'll have to redirect ALL search links to implement this.

Curious choice of cipher.. (0)

Anonymous Coward | more than 2 years ago | (#37755180)

I would have thought Google would be using AES-128-GCM for this, considering new Intel CPUs implement that completely in hardware and are very fast. RC4-SHA-1? Weird.

HTTPS Everywhere (5, Informative)

Anonymous Coward | more than 2 years ago | (#37755304)

...is a Firefox plugin that does that for you anyways. Google has a standard HTTPS page, as does a number of other sites, like Wikipedia.

While I applaud Google for doing this for its signed-in customers, people should be using HTTPS for everything, everywhere, if possible. Sure, it has its flaws, but better flawed privacy than no privacy.

Protects Google, not their customers. (-1)

Anonymous Coward | more than 2 years ago | (#37755360)

I think the real reason behind this is "We get all your advertising data, not anybody else."

Re:Protects Google, not their customers. (1)

icebraining (1313345) | more than 2 years ago | (#37755678)

Other people get the user's advertising data when the users are on their site. Just like Google.

Compete with Facebook? (1)

otaku244 (1804244) | more than 2 years ago | (#37755368)

My guess is that they feel like Google wants to emulate that facet of the Facebook model. It has been said that Facebook's database of user activities and preferences is superior because it shows a more qualitative preference than "a random Google search." By walling off authenticated users, they make it possible to tie search terms more accurately to a particular user. This should shift search preferences and habits results... perhaps even improve the quality.

wow (0)

Anonymous Coward | more than 2 years ago | (#37755416)

Been using google ssl for many months now. Hardly seems like a big deal since ssl is not as secure as once thought. Way to come in on the backend google.

Forced Safesearch (by proxy) defeated using https (1)

CityZen (464761) | more than 2 years ago | (#37755494)

Hmm. At certain places (of employment), they use a proxy that always forces Google searches to have SafeSearch on. Using https for Google appears to bypass this particular constraint. For the moment, anyway.

Re:Forced Safesearch (by proxy) defeated using htt (1)

icebraining (1313345) | more than 2 years ago | (#37755716)

Well, they can still MITM the connection, since they have the power to install their own CA certificate on the employees' computers.

Squid has SslBump [squid-cache.org] and Dynamic SSL Certificate Generation [squid-cache.org] for such purpose.

Re:Forced Safesearch (by proxy) defeated using htt (1)

HTH NE1 (675604) | more than 2 years ago | (#37755886)

Hmm. At certain places (of employment)

(and of education and of public services)

they use a proxy that always forces Google searches to have SafeSearch on. Using https for Google appears to bypass this particular constraint. For the moment, anyway.

The IP range for secure searching is different from the IP range for other Google secure services. Such institutions just block access to Google secure search IPs, redirecting you back to the insecure version so they can spy on you and deny and/or punish you for seeking inappropriate knowledge (Security Now 255 [twit.tv] , 27:37 - 33:20).

There's no need for a gateway to act as a MITM performing encryptions and decryptions when it can be a MITM forcing plaintext communications for more efficient monitoring.

This FP fo8 GNNA?! (-1)

Anonymous Coward | more than 2 years ago | (#37755628)

cryptome.org had some great posts on SSL (3, Informative)

AHuxley (892839) | more than 2 years ago | (#37755888)

http://cryptome.org/0005/ssl-broken.htm [cryptome.org] on this issue.
Welcome to en.wikipedia.org/wiki/Clipper_chip, Enigma or the fun of Data Encryption Standard era standards in your new safe browser.

Everyone benefits (3, Insightful)

FyberOptic (813904) | more than 2 years ago | (#37757174)

This is particularly beneficial to all the hapless people who think using open wifi is perfectly safe. And it saves Google from having to deal with stolen accounts as a result. That's why it's so popular on places like Twitter and Facebook, too.

That's not to say that SSL is perfect, and a hapless user can still be tricked or spied upon once somebody starts ARP spoofing'em or SSL stripping or what have you. But some protection is better than none.

What about Google Analytics? (1)

fivevoltforest (2012744) | more than 2 years ago | (#37757582)

It's funny to think about Google hiding referrer data from their own service.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>