[aerovistae]

I'm curious: does anyone know whether Google searches are truly monitored, and how, if it's HTTPS?

I showed ruinmysearchhistory.com to a Pakistani Muslim friend, not having clicked it myself, and he thought it was funny until the ISIS application parts started coming up, when he consequently freaked out, as you might imagine.

But this got me wondering -- it seems to be widely accepted that googling things like "how to make a bomb," "bomb materials," "where to buy guns," etc will get you put on a government watchlist.

It's never been clear to me whether this is superstition or if there's truth to it. Google is fully HTTPS-- how could your searches be monitored unless google was handing them over to the government?

[dragonwriter]

> It's never been clear to me whether this is superstition or if there's truth to it. Google is fully HTTPS-- how could your searches be monitored unless google was handing them over to the government?

They could be monitored if the government had surreptitiously gained access to Google servers or internal data transfers by compromising infrastructure such as Google's datacenter-to-datacenter links.

I use that example because I recall a leak (IIRC, either as part of or contemporaneous to early rounds of the Snowden leaks) that the NSA had done exactly that with unencrypted inter-data-center links of Google and other entities with multiple datacenters, and reports shortly after that that Google and several others had taken action to secure and encrypt those links afterwards.

[snowwrestler]

The name of that program was MUSCULAR:

https://en.wikipedia.org/wiki/MUSCULAR_%28surveillance_progr...

That was the famous slide that showed where Google took off SSL with a little smiley face--which reportedly caused Google engineers to "explode with profanity."

The NSA actually did not do the actual hacking. The British GCHQ did, with technical assistance from the NSA. Thus the NSA could pretend that since the GCHQ collected all the information, it was foreign-sourced and therefore not subject to FISA court jurisdiction.

[Gnarl]

That should make anyone explode with profanity

[branchless]

I often wonder if I'm going to get arrested searching for the best way to kill a hung child process.

[mthoms]

Or outed as gay for Googling linux manual pages.

"Honey, why do searches for 'man date' and 'man find' appear in your your internet history?" - My future wife.

[matheweis]

Yours seem pretty innocent... Mine are a bit more insidious; man touch, man bash, man kill...

[tbirdz]

man unzip, man strip, man touch, man finger, man mount, man fsck

[brobinson]

"man magic" is my favorite.

[PeCaN]

K&R et al are dirty, dirty men.

…still not as bad as O_CREAT though.

[Klathmon]

Or searching "man cp" instead of typing it in the terminal...

[jrockway]

It took me a long time to figure out what might be wrong with that. Wow!

[curiousgal]

Sets up a pitchfork

[back_beyond]

In the US, the query "where to buy guns" seems perfectly legitimate.

[gruez]

Not if you also query "How to kill someone hypothetically" shortly before/after.

[back_beyond]

Reputable gun shops offer ammunition whose primary selling point is its ability to kill humans. I mention this as a relevant aside: in the US, it is (very possibly) even legitimate to search something like "ammunition best suited to kill someone".

[Agathos]

And endless arguments about what caliber and kind of round has the best stopping power come up every day on gun forums. It's their vim vs. emacs.

[protomyth]

Yep, but I do believe this script does some searches for info on terrorists, and that would be problematic with the search you describe.

[codezero]

What if you're writing a murder mystery novel?

[gumby]

or a filesystem...

[reitanqild]

I guess this refers to Reiser?

[Daviey]

When I was at Google Mountain View in 2009, they had a TV scrolling through current search terms.. Some of them were hilarious...

[asuffield]

(Tedious disclaimer: my opinion only, not speaking for anybody else. I'm an SRE at Google.)

It's just displaying this: https://www.google.com/trends/hottrends/visualize?nrow=5&nco...

[Daviey]

Oh nice... but it wasn't that in 2009.. and there were some potentially embarrassing search terms display, scrolling past.. but sure, it was probably filtered at some point.

[asuffield]

It used to be a slightly different app on a different link, but that's gone now; this one is the replacement (and what the reception displays now use).

[ethbro]

Kind of curious about the pornographic search terms : innocuous search terms ratio now...

[curiousgal]

Most Third World governments control ISPs and DNS queries can be easily monitored but whether those are implicative or not depends on where the content embedded in the search results is hosted/served from.

Also, even if Google is fully HTTPS, if a query returns images hosted on unsecured websites, those urls will be plainly visible and hence implicative.

Edit: The embedded thumbnails are actually encrypted as pointed by the comment below.

[manufacturious]

I was curious and just checked -- until you click on an image in google's search results to see it fullsize in the semi-lightbox, you're actually getting the "thumbnail" sent from google as a b64 encoded string

[curiousgal]

Well, that's good news. thank you for checking, I stand corrected.

[luke-stanley]

I suspect it might just be represented that way in the browser, and that it's not sent that way.

[manufacturious]

Interesting thought, but wouldn't it kinda have to be done that way? Otherwise you'd see missing images on image SERPs, and you'd see the delay of thumbnails loading due to slower source servers.

[mkj]

Browsers doing url prefetching for top results would also leak some information?

[mamon]

So now we consider US to be Third World country? :)

[rosaldo]

wondered about the same thing

[nefitty]

Well, Google does have a team that monitors the dark side of what passes through it. This article is from 2012, so I'm sure their capability has stepped up significantly since then. https://www.buzzfeed.com/reyhan/tech-confessional-the-google...

[TazeTSchnitzel]

Google retains your full search history, by default, and lets you read all of it. (Google also scans it for ads.) Google most likely also have your real name, address and/or phone number.

Do they hand it over to law enforcement/NSA/oppressive regimes? Maybe.

[mirimir]

Well, they do if you let them.

For Mirimir, they have no clue. Just a bunch of blind alleys.

[DanBC]

I think Google has some monitoring for images of child sexual abuse and terms used to find those images. I'm not sure what they do if you search for those terms or if they just return blank pages.

https://www.theguardian.com/technology/2013/nov/18/uk-us-dar...

[shasta]

Well, what did it do when you tried?

[drpossum]

https://i.imgur.com/4p9oMTp.jpg

[tn13]

I have assumed that searching things like "How to make a bomb" will bring you on government radar. How government does it does not matter. I will not be surprised if the government has malware infected your computer to occasionally steal your browser history.

[Pica_soO]

Google is not fully https - its the road customer<-> google that is fully https - internal traffic is not encrypted. And internal traffic goes worldwide for google.

[PeCaN]

Google's internal traffic is (supposedly¹) encrypted as of 2013.

¹ I have no reason to doubt this is true, but AFAIK the only evidence is that Google said it would be, in response to NSA/GHCQ's MUSCULAR program.

[kaerast]

I don't know if it still works, but Google used to support network providers force non-ssl searches using DNS poisoning. BT's WiFi offering used to do this, which is one of the reasons I stopped using it.