Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Google Advertising Businesses The Internet Technology Your Rights Online

Concerns Over Google Modifying SSL Behavior 130

Lauren Weinstein writes "Google is handling SSL search queries on in a manner significantly different than the standard, expected SSL end-to-end behavior — specifically relating to referer query data. These changes give the potential appearance of favoring sites that buy ads from Google. Regardless of the actual intentions, I do not believe that this appearance is in the best interests of Google in the long run."
This discussion has been archived. No new comments can be posted.

Concerns Over Google Modifying SSL Behavior

Comments Filter:
  • by Jonner ( 189691 ) on Tuesday October 25, 2011 @12:46PM (#37832880)

    Please read TFA. The question is not over use of SSL, which the author of TFA "applauded."

  • Re:Summary (Score:3, Informative)

    by Anonymous Coward on Tuesday October 25, 2011 @12:56PM (#37833008)

    Summary for the security conscious: since you switched to using months ago, you're fine, nothing new here. Move along.

    Summary for the masses: Google is now using security by default (if you're logged in), but it isn't quite as secure as is possible.

  • Bad meme (Score:2, Informative)

    by Anonymous Coward on Tuesday October 25, 2011 @01:07PM (#37833130)

    You're the product, not the customer.

    This meme needs to die. It superficially seems to have a message which rings true with slashdotters, but really doesn't deliver.

    Just because a company is ad funded, doesn't allow a free-pass to provide crap service, whether that be search, or a social network.
    You seem to be forgetting that this isn't television, and power users have unprecedented control over how content is displayed, if at all.

    The second mistake you people make, is to think yourself part of some geek elite, where actually every kid or gamer can download the tools to control their web experience.

    "You're the product, not the customer." basically says that an ad funded company is expected to act as evilly as possible, just because of the way it's funded. The reality is that sometimes there are conflicts of interest, getting it wrong tends to cause a backlash among more technically minded, and generally loud users. Facebook will tend to get away with more than google in this case, because of the technical experience of their users.

    Do your part. Add to the conversation, and don't be a sheep by modding this meme up.

  • by NevDull ( 170554 ) on Tuesday October 25, 2011 @01:44PM (#37833626) Homepage Journal

    First of all, any well-architected clustered app spends more time waiting for I/O at the web tier than it uses CPU, so the 2% "penalty" is on an underutilized resource anyway. Second, terminating SSL at your load balancers is standard practice, be they Amazon ELB SSL termination, F5 BigIPs, or reverse proxies. Again, all otherwise I/O-bound implementations which can spare the CPU.

    The fact that SSL obscures the requested URI from intermediaries seems in-line with the goals of Wikipedia for free information sharing -- with SSL operating properly, an intermediary may be able to tell that you were on Wikipedia, but not what you were looking at.

    SSL/TLS and/or its successors everywhere is in everyone's interest if maintaining privacy from ubiquitous snooping is a concern.

Nothing is finished until the paperwork is done.