Interesting difference between HTTPS versions of Google

General discussion about web technology.
Post Reply
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Interesting difference between HTTPS versions of Google

Post by dhouwn »

If you think that your search terms get not exposed to a target site if you click on a http link in https Google since the referer gets not sent then you might be wrong, at least in the case of ads on www.google.com, instead of encrypted.google.com:
https://www.eff.org/deeplinks/2011/10/google-encrypts-more-searches wrote:There is one small caveat that users should be aware of with the new encrypted-when-logged-in Google. If you click on an advertisement, and the advertiser's website is HTTP rather than HTTPS, Google will send the search terms for that specific query to the advertiser over HTTP. The encrypted.google.com domain will continue to exist and will not have that behavior: on that domain, advertisers only get to see the search that lead to a click-through if they use HTTPS.
http://curtisfree.com/blog/2012/01/13/n ... _are_equal

And here the obligatory link to the RefControl add-on.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0
User avatar
therube
Ambassador
Posts: 7956
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Interesting difference between HTTPS versions of Google

Post by therube »

I was confused?
Not sure if https://www.google.com is actually different (now, perhaps) from https://encrypted.google.com ?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120617 Firefox/15.0a2 SeaMonkey/2.12a2
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Interesting difference between HTTPS versions of Google

Post by Thrawn »

therube wrote:I was confused?
Not sure if https://www.google.com is actually different (now, perhaps) from https://encrypted.google.com ?
I believe encrypted.google.com is better (doesn't expose search terms over http). startpage.com is even better :).
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Android; Mobile; rv:15.0) Gecko/15.0 Firefox/15.0a1
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Interesting difference between HTTPS versions of Google

Post by GµårÐïåñ »

I would trust Google as far as I can throw them even if they told me that they are encrypted and withholding everything. This is a company that makes money to do just the opposite. Use something else, startpage is great since they crippled and blocked duckduckgo and scroogle. Let's see how long before they block them too, if they care about your privacy, then why block anyone?
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
world is a vampire and browsers are zombies and users are the virus
Post Reply