Google Blogoscoped

Forum

SSL Search Behavior

George R [PersonRank 10]

Wednesday, October 26, 2011
12 years ago12,536 views

SSL Search Behavior
(locked thread: http://blogoscoped.com/forum/180875.html)

Lauren Weinstein has made a blog entry titled "Google Modifies SSL Behavior – and the Results Are Troubling".
http://lauren.vortex.com/archive/000906.html

He has made a chart comparing the behavior of (https https://encrypted.google.com/) with the new behavior of (https www https://www.google.com/).

http://docs.vortex.com/google-ssl-chart.jpg

Lauren says:

"There are two variations reported from expected SSL behavior on this version of the site, as denoted by the red boxes on the chart."

"Normally, we would expect an ordinary destination site using SSL to receive the referer query data as per standard SSL end-to-end behavior. But apparently Google is now blocking this data in this case, as shown in the first red box."

"Even more problematically, in the second red box we observe that for user clicks on Google ads, the ad site will receive the referer query info from the SSL search, even if that ad site is not using https: – that is, isn't even using SSL at all – seemingly directly violating the normally expected end-to-end SSL protection sequence."

If this is correct and your "secure" query is revealed in an unsecured manner to the advertiser, then your query is available to a variety of third parties that have access to those packets. If it gets into a log file, it may be visible to the general public via web searches.

In an earlier locked blogoscoped thread titled "SSL search and users logged with Google Account" I wrote:

"Accessing a site from an unsecured Google results page can reveal your search query. Accessing a site from an organic search result on a secured Google results page should not reveal your search query. Accessing a site from an advertisement on a secured Google results page may reveal your search query."
http://blogoscoped.com/forum/180875.html#id180884

TOMHTML [PersonRank 10]

12 years ago #

This table is the same I said in the previous thread.
Google isn't doing fair here, that's why there is a petition against the query removal in the referrer:
http://keywordtransparency.com/google-petition

Forum home

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!