Google adds worldwide HTTPS info to transparency report Call it another shot in Crypto Wars 2: Google has launched a transparency report specifically to track the progress of the Internet's encryption efforts. The aim is in support of the general push to have encryption available everywhere. As the Chocolate Factory's security blog post explains, even within the Google universe …
Joe six pack is doomed anyway. Security always relies on a relatively small vanguard of hyper vigilant researchers. Not everyone checks file hashes, but some do. Not everyone checks a cert chain, but some do. Not everyone audits code, but some do.
Then they give the vulnerability a whimsical name and logo, and Joe six pack reads about it in the Murdoch press, from his malware infested PC/phone.
This is how it must be.
The Australian Broadcasting Corporation's certificates are current and expire on March 22 of 2016, the report puts it like this:
C=US, O=DigiCert Inc, OU=com.digicert.www, CN=DigiCert SHA2 High Assurance Server CA
OK, you tell me how one can read "March 22 of 2016" from that. I give up.
It's rather amusing that Google outwardly is promoting all these security features whilst still wanting all your data, wherever you go on the Net. It just conveniently protects any competition from getting it.
It reminds me a bit of Microsoft's Bill Gates when he was getting into the charity game and it emerged that his "charity" came with rather strong "ye shall buy Microsoft" diktats..
Nah.
I do a Google search, I send a Gmail, I post an article on Blogger. I'm clearly pushing my data at Google, I'm aware I'm doing it and the service wouldn't work very well if they couldn't see it.
Of course I don't want the competition seeing it. I don't want anybody other than the people I'm pushing it at seeing it.
The idea that a company is taking the task of receiving my data securely should neither be amusing nor the cause of scorn. It should be the norm.
I do a Google search, I send a Gmail, I post an article on Blogger. I'm clearly pushing my data at Google, I'm aware I'm doing it and the service wouldn't work very well if they couldn't see it.
Fine, that is YOUR choice. But you are also making that "sharing" choice for those who correspond with you. I know that is just an unintentional side effect for you and as your email address ends in "gmail.com" there is at least a warning for this, but for companies whose use of Google is hidden behind their own domain name it's actually an issue that will eventually make it to court.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
