Google Rolling Out SSL Search for Google Account Users

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
americanbrian

americanbrian

Distinguished
May 3, 2007
1,685
1
20,160
Hasn't SSL been broken recently? In what way does it offer any sort of protection? I thought that the whole world (90%)is using TLS 1.0 or something and that they have found a way to sidejack it.
 
D

de5_Roy

Splendid
Oct 14, 2011
7,159
0
26,960
good approach to protect google account users and to dodge seo.
Those who are willing to pay for your search terms are still going to get them regardless of how much encryption Google throws at its users.
Click to expand...
this seems to be the real reason. squeeze more money from ad companies by charging extra for the ssl data, increasing ad revenue.
 
randomizer

randomizer

Champion
Moderator
Jul 24, 2006
22,736
236
57,490
[citation][nom]americanbrian[/nom]Hasn't SSL been broken recently? In what way does it offer any sort of protection?[/citation]

Some researchers have found an exploit but have not publicly released the details of their implementation as far as I know. The benefits of the HTTPS connection for unsecured Wi-Fi are, as stated in the article, just a bonus. The real benefit (for Google or the end user, you decide) is that your search query isn't sent to the web server when you click on its associated search result.

[citation][nom]de5_roy[/nom]this seems to be the real reason. squeeze more money from ad companies by charging extra for the ssl data, increasing ad revenue.[/citation]

Ad companies? AdWords campaigns are run by massive corporations right down to sole traders. I don't think this will be used to artificially inflate cost per click, but if it pushes more companies to use AdWords so that they can receive meaningful Analytics data then CPC will inevitably rise. Remember though that it's only for users who are logged into a Google account at the moment, or those who explicitly choose to visit Google via HTTPS (the latter is almost nil).

Personally I think that Google is trying to make life harder for SEO analysts, both "good" and bad. Google doesn't like SEO analysts; they manipulate search results unnaturally. SEO is often sold as an alternative to PPC that is cheaper in the long run and with a higher ROI. It's in Google's best interest to deter companies from dropping AdWords in favour of SEO, because Google makes a bucket load of money from AdWords and absolutely nothing from SEO.
 
M

mohirl

Distinguished
Aug 17, 2010
3
0
18,510
How exactly is this a major privacy benefit? OK, so a website you visit can no longer see what search term you used to get there. They could never personally identify you from that anyway. Your ISP can no longer see what you're searching for - big deal, they can still see what sites you visit. Small online business are going to suffer massively from this, since they'll have no way of determining what their most searched for products are.

On the other hand, Google themselves will still be retaining all the data on everything you search for, and using it to target ads at you and personalise your search results. By promoting this as a privacy incentive, they'll hope to encourage more users to search from a logged in Google account, giving themselves a bigger market share and even more information about users habits.

This is not good for privacy in the long term. It's not good for anyone, except Google.
 
nebun

nebun

Distinguished
Oct 20, 2008
2,840
0
20,810
i have been using SSL search from google for a long time...:) it's really not that much safer since the links you click are not encrypted, the only thing that's encrypted is the search but not what you do after the search
 
G

Guest

Guest
Guess what, it's not Google stripping the referer from the analytics stuff, it's the browser:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

According to the standards, "Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol."

And (IMHO) it seems as though they just don't want to implement SSL for the adwords people. It will probably go through an extra redirect, or the adwords will be sent from an insecure connection (http)..

It has (mostly) nothing to do with google, and everything to do with the HTTP protocol.
 
G

Guest

Guest
@mohirl

You can still see entrance visits by page. If you know what keywords are associated--or at least which ones you're targeting--with the page you can still back out traffic.

Don't get me wrong. This move isn't about "protecting your privacy." But you can still get at the data you're interested in. Google is just making it harder.
 
B

boomertsfx

Distinguished
Oct 19, 2011
1
0
18,510
I don't get this --- people can still see the URL (and thus the search terms) you are using since Google uses GET requests and those aren't encrypted... so all that people can't see are targeted ads and your cookies I guess... meh
 
randomizer

randomizer

Champion
Moderator
Jul 24, 2006
22,736
236
57,490
[citation][nom]paulssoftware[/nom]Guess what, it's not Google stripping the referer from the analytics stuff, it's the browser:http://www.w3.org/Protocols/rfc261 [...] #sec15.1.3According to the standards, "Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol."And (IMHO) it seems as though they just don't want to implement SSL for the adwords people. It will probably go through an extra redirect, or the adwords will be sent from an insecure connection (http).. It has (mostly) nothing to do with google, and everything to do with the HTTP protocol.[/citation]

The main issue in my mind is that they're selectively working around this feature of HTTPS for AdWords. This means that they are circumventing privacy features, rather than implementing them.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom