ssl != privacy

so I read about this new personalization of Google Search yesterday, and the further social-media-darling gushing about it today, flew past the supposed “motivational” features, down to the security and privacy section. they list 3 things that are supposed to reflect they are taking privacy & security seriously:

  • SSL encryption. OK, so random sniffers/proxies will have a harder time seeing what you’re searching for, presuming you requested your search through a secure page in the first place. At least this is the default if you’re signed in. This is fodder against “the big bad hacker” always looking over your shoulder. Are we all that paranoid?
  • Visual indication of results visibility scope. In general, the human mind can easily intuit this (“oh look, a link to my private journal.”) without the visual hint.
  • Toggle for unpersonalized results. I guess this is if someone is looking over your shoulder (in real life), or if you don’t trust your employer to be sniffing inside your SSL connections. (They are.) But it’d be arguably more useful to log out first, wouldn’t it?

And that’s it. It’s semi-security, not privacy, as always – and hardly “unprecedented” protection. It always boils down to a very basic fact: if you’re logged in, everything you do at that site is known to the service provider, and mapped to you, and possible elsewhere (cookies, JS, other tracking mechanisms). Even when you’re not logged in, guesswork to figure out who you are and what you’re doing is fairly straightforward.

Flirting with the “angry-old-woman” stereotype briefly: does this upset no one else?

There is absolutely nothing private about web-service-provided personalized search.

Leave a Reply

Your email address will not be published. Required fields are marked *