Living between the linesNotesObservations

Encrypted Https Google Search: Effective or Symbolic Measure?

Observations Google recently announced that it now offers the possibility to search for documents in a confidential manner through the secure encrypted internet exchanges protocol Internet Secure Sockets Layer (SSL). Concretely, this means that between your computer and Google’s servers, no one can read directly, nor your queries, nor the searches’ results (just like for your financial transactions are made confidential under SSL).

To benefit from this new “beta” service, one must go to https://www.google.com. Your browser should then indicate that the communication is secure (for example, by displaying a padlock). The localized sites of Google (such as google.fr or google.ca) do not offer this security, nor does this is available either for searching images and videos.

SSL Google Search

For sure, this is a significant symbolic gesture from the web giant. It has been applauded by the Center for Democracy & Technology as “a shining embodiment of the concept of Privacy by Design.”

For sure, the fact that a player as important as Google provides an increasing number of services under SSL (web access to Google Mail under SSL is already the default option since January 2010) could be a important signal to everyone on the Internet: it may be time to think about protecting a larger number of our Internet communications, even if it means slightly slower processing and transmission times (barely noticeable when one has computer and connections with some power).

However, is that new service actually changes anything to the experience of those whose exercise of their liberties or confidentiality of their work requires them to escape the surveillance of their employers, the Internet services providers (ISPs) or States?

First scenario. One must be able to reach the “google.com” domain to benefit from SSL search. However, States like China already block access to it or have the ability to do so. Citizens of these countries (or other users under surveillance) must find the way to get through proxies (proxy) and access secure communications to bypass the blockage. If they can safely make such circumvention, is SSL Google search not redundant?

Second scenario: access the domain “google.com” is possible. To call the page “https://www.google.com” does not come back then to alert the very employer, ISP or State which one’s mistrusts? Moreover, once the confidential search is completed, access to the web pages and documents remains without encryption: thus revealing the specific topics on which one is inquiring or working. For an ill-informed user, the new Google’s service can become a trap rather than a protection against monitoring by third parties. In fact, if Google wants to offer a full encrypted experience, it should also give SSL access to its pages in cache (that is to say to the recordings web pages and documents, as they have been at the last visit of one of the Google robots)? Even if such access would be off by some hours, days or weeks, the individual could at least escape direct surveillance (although still technically possible to decrypt with ultra-specialized tools).

In short, until Google provides secure access to copies of web documents held in cache, one cannot claim that its service is a true incarnation of privacy by design. It is nothing more than a symbolic gesture for the moment.

However, the same gesture does raise the question of the responsibility of us all, Internet players: should we not offer our content under SSL also? This site on which you read me should not also offer a version under SSL or access link to proxy servers providing secure confidential communications? Similarly for media, universities, companies, and individuals sites? Once a significant number of sites offer such secured confidential access, should search engines like Google not report systematically the existence of this option in their results?

At least, the symbolic gesture of Google that allows that discussion of these issues suddenly becomes plausible.



line
footer
Powered by WordPress | Designed by Elegant Themes
?php comments_popup_link(esc_html__(online ) { ?template_directoryline ))) { ?!--End Footer-- /a) { ?div style=ebusiness_integration_single_top) { ?ul id=