[Read This Fine Material] from Joshua Hoblitt

Encrypted google search


Today on g+ Matt Curtis & Chris Gianelloni shared links to two news stories about ISP hijacking search results. [1] [2]  This is exactly the sort of situation that SSL/TLS was intended to protect against and I suspect that this sort of behaviour will only increase as ISP try to find new ways to monetize their traffic.  Imagine if your POTS provider (OK – imagine you still have a POTS provider) decided to hijack your outbound phone calls and redirect them to a competitor.  Since many of us get service via a regulated (“franchised”) monopoly, there really should be administrative rules that prevent hijacking and differentiated billing for different “types” of traffic (like billing you extra for netflix packets as that cuts into your ISPs cable business).  My ISP already redirects you to a “search” page for “failed” DNS requests.  DNSSEC can’t get here fast enough…

Any ways, back to search… I have taken action to prevent this sort of mischief by setting https://encrypted.google.com/ as FireFox’s homepage and used the add-to-search-bar addon to make that the default search engine used by the “search bar”.  There are good instructions here on how to make this change for Firefox/Opera/Chrome that I need not duplicate.

Hopefully, Mozilla/Google will decide to make this the default for future shipping versions of FF.

Leave a Reply