Facebook insecure by design

steve pirk [egrep] steve at pirk.com
Mon Oct 24 00:16:27 CDT 2011


That was a most excellent example Jay. I see what the issue is now.

This could be related to work Google did to plus shortly after launch. Buzz
and now Google+ are https only. Google cooked up a URL processer that took
clicks to external content like article links, and massaged the referrer be
readable as http to show where the visitor came from. Sanitized of any
personal data I assume.

The problem they were trying to fix was no one knew any users were coming
from Buzz clicks. They fixed that in +. I am thinking something of the same
might fix the search issues. It could also be that a Googler saw Lauren's
post and the debate has already started.

-steve
On Oct 23, 2011 4:04 PM, "Jay Ashworth" <jra at baylink.com> wrote:

> ----- Original Message -----
> > From: "Jeroen Massar" <jeroen at unfix.org>
>
> > On 2011-10-23 19:43 , steve pirk [egrep] wrote:
> > > Just about everything on Google pages is https these days, even
> > > search if you enable it.
> >
> > (or just use https://encrypted.google.com which is available for quite
> > some time already)
>
> Note that Lauren Weinstein has just put out a Privacy Digest posting noting
> that the referer behavior differs between https://encrypted.google.com and
> https://www.google.com in a way that implies that, again, someone at
> Google
> may not have gotten the Don't Be Evil memo...
>
>  http://lauren.vortex.com/archive/000906.html
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth                  Baylink
> jra at baylink.com
> Designer                     The Things I Think                       RFC
> 2100
> Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover
> DII
> St Petersburg FL USA      http://photo.imageinc.us             +1 727 647
> 1274
>
>


More information about the NANOG mailing list