
Ask HN: Do you believe that your government has access to your Google history? - OskarS
I was thinking about this, and I&#x27;m not sure where I come down. In the post-Snowden world, most big sites (including Google) have gone HTTPS-only, with additional security features like certificate pinning. As far as I&#x27;m aware, nothing in the Snowden revelations suggested that that the NSA had been able to break SSL&#x2F;TLS, so it would seem reasonable that it would be very difficult for them to snoop on you while you&#x27;re googling.<p>Obviously, if you&#x27;re a suspect in a criminal case, the government could get a court order for google to turn over your search history. But do you believe the the kind of widespread &quot;dragnet&quot; surveillance that was made known through the Snowden leaks is still going on? Or do you believe that the last few years of tightening up web security really made a difference when it comes to state sponsored snooping?
======
int_x
>As far as I'm aware, nothing in the Snowden revelations suggested that that
the NSA had been able to break SSL/TLS, so it would seem reasonable that it
would be very difficult for them to snoop on you while you're googling.

Not sure if you mean in current time, but they used to be able to do that [0]

[0]: [https://www.businessinsider.com/snowden-leaks-
timeline-2016-...](https://www.businessinsider.com/snowden-leaks-
timeline-2016-9)

[0]:
[https://en.m.wikipedia.org/wiki/MUSCULAR_(surveillance_progr...](https://en.m.wikipedia.org/wiki/MUSCULAR_\(surveillance_program\))

------
mhkool
It is so easy for agencies to get a secret court order to collect data from
Google directly. So they do not have to break TLS to Google's sites. With
these secret orders in the name of "national security" anything is possible
and you do not know and most likely will never know what is ordered.

------
zzzcpan
> But do you believe the the kind of widespread "dragnet" surveillance that
> was made known through the Snowden leaks is still going on?

Snowden didn't stop it. And it's only getting worse. No matter how much TLS
you have, governments still continue to fund efforts to backdoor everything
that blinks and spy on everything that moves, and not only through technology,
but also through coercion and politics.

Tightening security didn't really make any difference against state actors.
But it was and still is a seemingly convincing excuse to centralize control
over technology.

------
simon_acca
I do not belive data is massively harvested _by man-in-the-middle of TLS_ as
it would be a difficult challenge to reverse engineer all of the custom
protocols that power the different services: each session comprises hundreds
of requests of custom-schema json, xml, over HTTP, websocket and other
protocols. Moreover these protocols change all the time since the same entity
controls both servers and clients.

This does not preclude snooping on a specific TLS session or harvesting data
at a different stage.

------
AnimalMuppet
If they want it, absolutely.

I don't know whether they are _actively_ collecting everything I search for
all the time when I am (I presume) not a "person of interest". I wouldn't be
very surprised either way.

Also: Why stop at Google? Do you believe that your government has access to
everything you read on HN? To everything you look at on Amazon? To everything
you look at on Tor?

------
yellow_lead
As a US citizen, yes definitely. Anecdotal, but a former coworker of mine did
something stupid that made him seem like a threat to national security. For a
while after that, he would notice that every time he logged into Google on a
computer, all sites he visited would have TLS downgraded to TLS 1.0.

------
wprapido
Backdoors, dude, backdoors. Coupled with governments sharing data, officially
and not.

