InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Interesting difference between HTTPS versions of Google

https://forums.informaction.com/viewtopic.php?t=8912

Page 1 of 1

Interesting difference between HTTPS versions of Google

Posted: Sun Jun 17, 2012 11:35 am
by dhouwn
If you think that your search terms get not exposed to a target site if you click on a http link in https Google since the referer gets not sent then you might be wrong, at least in the case of ads on www.google.com, instead of encrypted.google.com:
https://www.eff.org/deeplinks/2011/10/google-encrypts-more-searches wrote:There is one small caveat that users should be aware of with the new encrypted-when-logged-in Google. If you click on an advertisement, and the advertiser's website is HTTP rather than HTTPS, Google will send the search terms for that specific query to the advertiser over HTTP. The encrypted.google.com domain will continue to exist and will not have that behavior: on that domain, advertisers only get to see the search that lead to a click-through if they use HTTPS.
http://curtisfree.com/blog/2012/01/13/n ... _are_equal

And here the obligatory link to the RefControl add-on.

Re: Interesting difference between HTTPS versions of Google

Posted: Mon Jun 18, 2012 3:09 pm
by therube
I was confused?
Not sure if https://www.google.com is actually different (now, perhaps) from https://encrypted.google.com ?

Re: Interesting difference between HTTPS versions of Google

Posted: Tue Jun 19, 2012 12:13 am
by Thrawn
therube wrote:I was confused?
Not sure if https://www.google.com is actually different (now, perhaps) from https://encrypted.google.com ?
I believe encrypted.google.com is better (doesn't expose search terms over http). startpage.com is even better :).

Re: Interesting difference between HTTPS versions of Google

Posted: Tue Oct 09, 2012 8:36 pm
by GµårÐïåñ
I would trust Google as far as I can throw them even if they told me that they are encrypted and withholding everything. This is a company that makes money to do just the opposite. Use something else, startpage is great since they crippled and blocked duckduckgo and scroogle. Let's see how long before they block them too, if they care about your privacy, then why block anyone?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited