

Search more securely with encrypted Google web search - yanw
http://googleblog.blogspot.com/2010/05/search-more-securely-with-encrypted.html

======
qjz
On the Mac, I edited
/Applications/Firefox.app/Contents/MacOS/searchplugins/google.xml, changing
http to https where appropriate. Now the builtin Google search plugin uses SSL
system-wide (and so does the autocomplete, AKA suggest queries feature, if you
edit that link, as well). Hopefully, Firefox will make this the default.

------
BigZaphod
When I go to <https://www.google.com/> it redirects me to
<http://www.google.com>. That's some amazing security right there! :P

~~~
yanw
Probably the encrypted version hasn't been deployed yet to the datacenter
you're hitting.

~~~
BigZaphod
You're probably right, but why post a blog about it announcing it to the world
as if it is available before everything is synced up and ready? It makes
Google look sloppy, IMO.

~~~
rationalbeaver
You'd be surprised at how often they do that. It happens with virtually every
announcement.

~~~
ggrot
I guess either you announce it after everyone's already seen it anyway or you
announce it before it's released everywhere.

------
chaosmachine
The cache also works over https now:

[https://webcache.googleusercontent.com/search?q=cache:XhZJrK...](https://webcache.googleusercontent.com/search?q=cache:XhZJrKdSAZMJ:ycombinator.com/)

But the "cached version" links on the secure search results still point you to
http for some reason.

------
rosser
<https://ssl.scroogle.org>

~~~
epi0Bauqu
Also <https://duckduckgo.com>

~~~
TheAmazingIdiot
hello, I'm a blackberry user. I do like the site.... When I'm using a
computer. However there's placement errors on the BB scripting side.

Highlighting over the buttons puts the button text over the link (search, I'm
feeling ducky, etc.). If I knew of a way to send a screenshot, I would. If you
need basic sanity checking so DDG looks pretty on the BB, email me at
jwcrawley at gmail daught com

~~~
epi0Bauqu
Thx. This doesn't look very easy, but for reference :)

[http://www.bbgeeks.com/blackberry-guides/taking-
screenshots-...](http://www.bbgeeks.com/blackberry-guides/taking-screenshots-
of-your-blackberry-8868/)

Next time I'm with someone with a blackberry, I'll take a look.

~~~
niyazpk
You could try using a blackberry simulator:
[http://na.blackberry.com/eng/developers/resources/simulators...](http://na.blackberry.com/eng/developers/resources/simulators.jsp)

------
MikeCapone
More details here:

[http://www.google.com/support/websearch/bin/answer.py?answer...](http://www.google.com/support/websearch/bin/answer.py?answer=173733&hl=en)

------
eli
It's a good idea, but I question how useful it really is. So, my search
results page for "naughty things" is encrypted, but all the links on it
aren't.

~~~
MikeCapone
If you want to protect more than your searches from someone listening in,
you'll have to get an encrypted VPN.

------
MikeCapone
If you want to add it to your chrome URL bar:

<https://www.google.com/search?q=%s>

------
MikeCapone
Great. I don't think it's going to change anything in my life (though you
never know), but I _really_ like it just on principle.

------
benologist
This is like Facebook saying store your data more securely by only posting it
on their site.

~~~
chaosmachine
This is like stopping your ISP from sniffing your search queries and reselling
them.

~~~
benologist
Except that data's still available on all sites you land on, to all the 3rd
party analytics platforms people use, all the ad networks people use, and to
everything you pass through on your way to a destination.

As the duckduckgo guy puts it: "When you search on Google, not only is your
info stored, but also when you click on a link, your search terms are passed
on to that site via the Referer header. A lot of sites use this information to
tailor content and advertising to you specifically. Your searches also show up
in analytics tools, which people use for SEO and other tracking purposes. This
information leakage creates legitimate privacy concerns."

And what's to stop ISPs logging the plain text https urls you access anyway?

~~~
chaosmachine
HTTPS doesn't send referrers to the sites you visit, so no one will ever see
your query string, or even know you were coming from Google.

 _"And what's to stop ISPs logging the plain text https urls you access
anyway?"_

URLs aren't sent in plain text over HTTPS.

~~~
benologist
Cool.

But I still think it's mostly a hollow offering since they're the ones
collecting and profiling us the most (or perhaps tied with Facebook).

~~~
pavs
Translation: I am convinced beyond help that Google is evil, I am trying to
find any and all reasons to point out how evil they are. However, currently I
am out of ideas.

~~~
benologist
Not that they're evil. I use Google for a bunch of stuff - personal email,
search, adsense, analytics, and have for years. I just think it's a bit of a
fallacy to protect us from 'someone else' knowing about us given the
penetration they have into most internet users lives.

~~~
pavs
Their business model is to give you relevant ads based on information that you
give them in exchange of using their service. They even let you opt-out[1] of
their system so that they can't track you and give you relevant ads (enjoy
tampon ads on programing page).

Better yet. Use noScript, ad-blocker, flash-blocker, don't use Google services
(or at least use privacy mode on search), in addition to opting-out from
Advertising cookie[1].

[1] Google Advertising Cookie Opt-out:
<http://www.google.com/privacy_ads.html>

Double-click Advertising Cookie Opt-out:
<http://www.doubleclick.com/privacy/dart_adserving.aspx>

As for me, the least I can do is to support a company, while not with a
perfect track record, has championed and fought for an open web with plethora
of free and exceptional services.

I can live with that, knowing that I have the option to opt-out whenever I
want to.

------
logic
Interestingly, the SSL version doesn't have the Pac Man game. ;)

