Google docs etc: is the data transfer secure?

  • Thread starter Thread starter Swamp Thing
  • Start date Start date
  • Tags Tags
    Data Google
AI Thread Summary
The discussion centers on the security of data transmitted to and from Google Apps servers, specifically questioning the claim that this data is unencrypted. It is clarified that while HTTPS encrypts data in transit, the data stored on Google Apps servers may not be encrypted in a way that prevents the server from accessing it. The conversation highlights the potential benefits of alternative services that utilize client-side encryption, where data is encrypted before it reaches the server, ensuring that the server cannot decrypt it. Additionally, the value of using a VPN in conjunction with HTTPS is debated. It is noted that HTTPS provides robust security as it ensures that only the client and server can decrypt the communication. However, concerns are raised about the possibility of servers accessing data through JavaScript, emphasizing that while companies may promise not to do so, vulnerabilities exist that could allow unauthorized access by malicious actors. The discussion also touches on the relative security of apps from app stores, which may offer better protection if they are properly audited or open-source.
Swamp Thing
Insights Author
Messages
1,030
Reaction score
769
This video ...

... At around 01:26 they say that data to and from the Google apps server goes across unencrypted.

Is that true, given that all these services are necessarily over HTTPS ?

On a related note, does a VPN layer add any value in terms of data security, above that provided by HTTPS ?
 
Technology news on Phys.org
Swamp Thing said:
... At around 01:26 they say that data to and from the Google apps server goes across unencrypted.

Is that true, given that all these services are necessarily over HTTPS ?
The point they are making is that the data is unencrypted on the Google Apps server. They are presumably promoting alternative services where the server does not have the keys to unencrypt the data and all decryption is done on the client. This also means that all processing also has to be done on the client.

Edit: that's not very clear. The services they are presumably promoting have an additional layer of encryption in the client application so the flows are:

User data -> encrypted using password -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> server app: stores data encrypted using password unknown to server.

Server: retrieves data encrypted using password unknown to server -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> client app: decrypts data using password.

Swamp Thing said:
On a related note, does a VPN layer add any value in terms of data security, above that provided by HTTPS ?
No, the security in HTTPS comes from the fact that only your browser has the private key to decrypt communication from the server and only the server has the private key to decrypt communication from you.
 
Last edited:
Reply
  • Like
Likes Swamp Thing
pbuk said:
Server: retrieves data encrypted using password unknown to server -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> client app: decrypts data using password.
There is still a hitch with that process that bothers me. The reality is that if one can see the data in a browser before encrypting it or after decrypting it, the data is technically readable by the server as well with javascript. I know the whole business model of these companies is to say "we promise we won't do that", but it is still technically possible if someone (government, hackers, frustrated employees) took control of the server somehow.

With apps offered through an app store, it is a little better as the app files are downloaded only for a specific version and if the app is properly audited or open-source, a change in the javascript files would be noticed and users (hopefully) would be alerted.

More on this:

 

Thread 'Learning Assembly and computer architecture for x86'

Dear Peeps I have posted a few questions about programing on this sectio of the PF forum. I want to ask you veterans how you folks learn program in assembly and about computer architecture for the x86 family. In addition to finish learning C, I am also reading the book From bits to Gates to C and Beyond. In the book, it uses the mini LC3 assembly language. I also have books on assembly programming and computer architecture. The few famous ones i have are Computer Organization and...
View full post »

Similar threads

Do you want to build a website?
Replies
15
Views
3K
What is the purpose of the OSI model and how does it partition the flow of data?
Replies
1
Views
2K
Custom icon for specific file type in Nautilus on Ubuntu 22.04
Replies
10
Views
2K
  • Sticky
How to use the "w" in www
Replies
0
Views
4K
Anonimity: Time to take the internet back.
Replies
3
Views
4K
Google France Sued by Bottin Cartographes for Providing Free Map Services
Replies
10
Views
4K
I could really use some help picking my optional module [GameDev]
Replies
2
Views
2K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
I Calculating distance, object speed, etc - RE:Falcon9
Replies
7
Views
2K
Total security communication system
Replies
4
Views
1K

Hot Threads

Recent Insights

Back
Top