Posted on 09/27/2013 3:40:06 PM PDT by matt1234
After having made a big push to increase the use of encrypted searches two years back, Internet search giant Google has apparently cut off keyword data altogether, and has confirmed that it is forwarding users to Google SSL Search even if they are not signed in.
In a statement made earlier this week, Google said that all its users who had logged into its service - for example, to check Gmail - would be forwarded to the Google SSL Search, if they wanted to carry out some online search.
With Google's statement revealing that the company has switched all searches over to encrypted searches using HTTPS, it is quite evident that keyword data will not be passed to site owners any more.
Given the fact that encrypted Google searches do not pass the keyword data through to websites, the ability of the sites to track users with the help of their keyword searches is eliminated. As such, it is not possible for most website owners to segment users by keywords within their web analytics software.
With regard to Google move to cut off keyword data completely, a Google spokesperson told Search Engine Watch: "We added SSL encryption for our signed-in search users in 2011, as well as searches from the Chrome omnibox earlier this year. We're now working to bring this extra protection to more users who are not signed in."
Could be. HTTPS is slower than standard HTTP. Google searches on my computer are much slower now that they are using HTTPS for all searches.
HTTPS/TLS is not one cipher. Depending on how your browser and the server are configured, you may use 128 or 256 bit AES encryption, or 168 bit triple-DES.
However, if you can obtain the private key for the SSL certificate (by legal or illegal means), you may be able to decode all of the encrypted data. The question is whether you can capture the key.
When you connect to a secure website, you go through a key exchange, and then that symmetric key is used to encrypt the connection. Periodically, the connection resyncs and negotiates a new symmetric key.
So, you have to be able to capture that symmetric key that is exchanged. Even with the private key for the SSL certificate, that's not guaranteed. There is no known man-in-the-middle attack for certain types of key exchanges. But, without the technical knowledge to choose them, you really don't know which key exchange and cipher your browser and the server will negotiate.
Maybe Google wants to corner the market on internet marketing via keyword?
I’ve noticed for me it’s been that way for awhile.
I guess I'm a "techie."
I quit using Google search a long time ago. I use https://startpage.com/, a completely private search engine. More info here.
Note the startpage URL starts with https. This indicates it is using the same "protection" that Google now offers. Except startpage.com does not record your IP address, does not scan your searches for marketing purposes and doesn't have a special deal with the NSA to pass your info along to them.
I have several Gmail email accounts. All 100% fake and used when some website insists I "sign up" to get something I want.
Google be damned!
Great story, but unfortunately I am left with no idea of what was done, why it was done, are there any negative consequences, and, if so, is there any fix.
Just because they say there isn’t tracking doesn’t make it true.
If our overlords want the info they will get it. They care not about any law or the 4th Amendment. We have allowed it to happen and now we pay the price.
Obama-loving Google happily sells/gives the info to the gov when asked, no warrants needed
what was done
Previously at google.com, anonymous searches (by non-logged-in users) used the standard protocol for web browsing, namely HTTP. Now they use the HTTPS protocol, which is purportedly more secure because it transmits encrypted data.
why it was done,
Google alleges that it makes your web searches more secure.
are there any negative consequences,
I'm hoping FReeper techies will answer this.
and, if so, is there any fix
I'm hoping FReeper techies will answer this.
It sez it is enhanced by Google.
You are right. The only people who will be able to determine keywords used in Google searches for your site are Google tools.
Yeah. Google enhances your stuff by passing it all to the NSA.
Been using Ixquick for some time - but Uaoo mail won't support it anymore - they did "updates - and I couldn't even open my Yahoo! mail through IE/yahoo.
Said I'd have to download GOOGLE serach.
I said NO
Then they said Chrome
I said HELL NO - and then "FireFox" - Well, after having everything go haywire - and into the wee-wee hours of pulling my hair out - I did a restore and back to what I h ad innitially - got to my emial thru Ixquick and parked an cion on my desktop.
Within 2 days, Yahoo was again blocking me re email box - BUT, the icon works.
However, I'm looking for other safe search sites - I like Ixquick as it was set up in the '90's, and still use it for everythig else... hopefully less likely to be a gov't bait 'n switch...ie, a new "SAFE" search engine that is actualy a direct 'extension cord' to Utah.
Does this facilitate NSA nosiness?
Yes.
How do you know those aren’t just NSA honey traps?
How do you know they’re safe?
I don't. Go to their web site, look around and make your own decision. Google startpage and read some of the articles on it. Your decision.
If it didn't, would they bother?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.