Google docs etc: is the data transfer secure?

  • Thread starter Thread starter Swamp Thing
  • Start date Start date
  • Tags Tags
    Data Google
AI Thread Summary
The discussion centers on the security of data transmitted to and from Google Apps servers, specifically questioning the claim that this data is unencrypted. It is clarified that while HTTPS encrypts data in transit, the data stored on Google Apps servers may not be encrypted in a way that prevents the server from accessing it. The conversation highlights the potential benefits of alternative services that utilize client-side encryption, where data is encrypted before it reaches the server, ensuring that the server cannot decrypt it. Additionally, the value of using a VPN in conjunction with HTTPS is debated. It is noted that HTTPS provides robust security as it ensures that only the client and server can decrypt the communication. However, concerns are raised about the possibility of servers accessing data through JavaScript, emphasizing that while companies may promise not to do so, vulnerabilities exist that could allow unauthorized access by malicious actors. The discussion also touches on the relative security of apps from app stores, which may offer better protection if they are properly audited or open-source.
Swamp Thing
Insights Author
Messages
1,032
Reaction score
770
This video ...

... At around 01:26 they say that data to and from the Google apps server goes across unencrypted.

Is that true, given that all these services are necessarily over HTTPS ?

On a related note, does a VPN layer add any value in terms of data security, above that provided by HTTPS ?
 
Technology news on Phys.org
Swamp Thing said:
... At around 01:26 they say that data to and from the Google apps server goes across unencrypted.

Is that true, given that all these services are necessarily over HTTPS ?
The point they are making is that the data is unencrypted on the Google Apps server. They are presumably promoting alternative services where the server does not have the keys to unencrypt the data and all decryption is done on the client. This also means that all processing also has to be done on the client.

Edit: that's not very clear. The services they are presumably promoting have an additional layer of encryption in the client application so the flows are:

User data -> encrypted using password -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> server app: stores data encrypted using password unknown to server.

Server: retrieves data encrypted using password unknown to server -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> client app: decrypts data using password.

Swamp Thing said:
On a related note, does a VPN layer add any value in terms of data security, above that provided by HTTPS ?
No, the security in HTTPS comes from the fact that only your browser has the private key to decrypt communication from the server and only the server has the private key to decrypt communication from you.
 
Last edited:
Reply
  • Like
Likes Swamp Thing
pbuk said:
Server: retrieves data encrypted using password unknown to server -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> client app: decrypts data using password.
There is still a hitch with that process that bothers me. The reality is that if one can see the data in a browser before encrypting it or after decrypting it, the data is technically readable by the server as well with javascript. I know the whole business model of these companies is to say "we promise we won't do that", but it is still technically possible if someone (government, hackers, frustrated employees) took control of the server somehow.

With apps offered through an app store, it is a little better as the app files are downloaded only for a specific version and if the app is properly audited or open-source, a change in the javascript files would be noticed and users (hopefully) would be alerted.

More on this:

 
Thread 'Star maps using Blender'

Thread 'Star maps using Blender'

Blender just recently dropped a new version, 4.5(with 5.0 on the horizon), and within it was a new feature for which I immediately thought of a use for. The new feature was a .csv importer for Geometry nodes. Geometry nodes are a method of modelling that uses a node tree to create 3D models which offers more flexibility than straight modeling does. The .csv importer node allows you to bring in a .csv file and use the data in it to control aspects of your model. So for example, if you...
View full post »

Thread 'Who is responsible for the software when AI takes over programming?'

I tried a web search "the loss of programming ", and found an article saying that all aspects of writing, developing, and testing software programs will one day all be handled through artificial intelligence. One must wonder then, who is responsible. WHO is responsible for any problems, bugs, deficiencies, or whatever malfunctions which the programs make their users endure? Things may work wrong however the "wrong" happens. AI needs to fix the problems for the users. Any way to...
View full post »

Thread 'Could the reason why I can't select any kernels in VS Code be this error?'

I am trying to run an .ipynb file and have installed Miniconda as well as created an environment as such -conda create -n <env_name> python=3.7 ipykernel jupyter I am assuming this is successful as I can activate this environment via the anaconda prompt and following command -conda activate <env_name> Then I downloaded and installed VS code and I am trying to edit an .ipynb file. I want to select a kernel, via VS Code but when I press the button on the upper right corner I am greeted...
View full post »

Similar threads

Do you want to build a website?
Replies
15
Views
3K
What is the purpose of the OSI model and how does it partition the flow of data?
Replies
1
Views
2K
Custom icon for specific file type in Nautilus on Ubuntu 22.04
Replies
10
Views
2K
  • Sticky
How to use the "w" in www
Replies
0
Views
4K
Anonimity: Time to take the internet back.
Replies
3
Views
4K
Google France Sued by Bottin Cartographes for Providing Free Map Services
Replies
10
Views
4K
I could really use some help picking my optional module [GameDev]
Replies
2
Views
2K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
I Calculating distance, object speed, etc - RE:Falcon9
Replies
7
Views
2K
Total security communication system
Replies
4
Views
2K

Hot Threads

Recent Insights

Back
Top