Google Rolls Out Encrypted Web Search Option 176
KirinMercury writes "Google began offering an encrypted option for Web searchers on Friday and said it planned to roll it out for all of its services eventually. People who want to use the more secure search option can type 'https://www.google.com' into their browser, scrambling the connection so the words and phrases they search on, and the results that Google displays, will be protected from interception." Note that you need the 'www' for it to work. Dropping it redirects you to a non-ssl page. You might have read this on Saturday, but if you missed it, it's still worth knowing.
This will have interesting results for webmasters (Score:5, Interesting)
MitM only? (Score:4, Interesting)
What this means, I believe, is that your web browsing might be immune to man-in-the-middle interception.
Interception by Google (and thus by anyone with the power to compel Google, IE USA, China, etc) will be the same as before. As well, you're still connecting TO Google, so you're still likely to be blocked from the site by the Great Firewall arrangements, even if your search terms themselves might be encrypted.
And not to forget that China has a tame certificate authority...
Re:Was this posted before? (Score:5, Interesting)
I'm actually intrigued by this concept of Slashdot purposefully (assumption: text in current summary implies they did this on purpose) re-posting news to make sure we see it, a form of public-service-announcement. Yes, Slashdot is a news service, but I don't generally see timestamp-based news-services prioritizing/reposting content like this. The main news sources just keep covering the same story over and over again, as if it were evolving by the minute, but that's about it. Interesting.
Re:This will have interesting results for webmaste (Score:3, Interesting)
The client creates the referrer header... it's a privacy invasion in the same way that it would be a privacy invasion to tell you that I have a spoon fetish then complain because you heard me tell you.
Of course, how you process that information can and will be regulated, and it is possible to store/use the information in a way that will violate my privacy. But it's not your fault that you heard it, and I can't blame you if you don't forget it providing you don't choose to write it down.
I fail to see (Score:2, Interesting)
Searches are still open to side channel attacks (Score:2, Interesting)
Re:now we need encrypted /. (Score:3, Interesting)
I agree, but that would require the death of IE6 (and XP), or IPv4. SSL is incompatible with name based virtual hosting unless you add in SNI, which isn't supported by IE6 (or any browser that runs on XP, for that matter).
Don't get me wrong, I agree entirely and IE6 and IPv4 should be nothing more than a bad memory by this point, but they're not.
Re:This will have interesting results for webmaste (Score:5, Interesting)
You should look at the page source of a results page sometime. Right now the targets are to https://www.google.com/ [google.com] with the rest of the URL encoded to tell google where to redirect you to. The HTTP/1.1 200 OK reply sets a cookie and then the HTML has a JS and meta refresh to send yo on your way to where you expect to go to. To get the referer to indicate it was from google, all they need to do for most browsers is have the targets still be to http://www.google.com/ [google.com] instead if the real target is http instead of https. All this incidentally seems kind of pointless to me BTW, since now other parties cannot see your google searches, but they can still see the sites that you do visit from the results.
Incognito? (Score:3, Interesting)
A logical next step would be to set https as the default when in Incognito mode in Chrome, or Private Browsing in Firefox.
Re:SSL Wikipedia & TPB (Score:2, Interesting)
/. has supported SSL for a long time. I think it may have been a plumb for subscribers when I first subscribed, but it doesn't seem to be listed on the FAQ so maybe not.
Here's your comment: https://tech.slashdot.org/comments.pl?sid=1664284&cid=32337858 [slashdot.org]