How to prevent ISP from hijacking your search queries

Got a huge surprise but seems like search business is getting even dirty. According to New Scientist, some of the US ISP are hijacking the search made by users and sending to a predefined place which can be a product store website or online shopping websites. Even this is not illegal, this is definitely not right and you are being given no chance to see what other choices you might have.

Accrding to the report list of US ISP found to be hijacking the search result are Cavalier, Cincinnati Bell, Cogent, Frontier, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West, XO Communication.

I am sure the smart users are already aware because they understand how search works and something like this will catch their eyes but for regular users they have suggested few points which are worth practicing.

What is your ISP able to see what you search for ?

Now if you are wondering how your ISP is able to find your query, it’s because by default your query is visible to plain eyes i.e they are not secured before any search engines and this is where ISP hijack. So the only way to fix this is secure your data by encrypting it so the ISP doesn’t understand and you get to see what you want.

To do this the best way is to use HTTPS which is secured form of HTTP and encrypts your data.

So how do you enable HTTPS with hundreds of sites ?

The good news is some major sites support it but sadly not all of them.  New Scientist suggest you to use an extension called as HTTPS everywhere which lets you force use HTTPS on sites which you can configure. Now before that lets use see how you can enable HTTPS on some of the popular sites without using any extension.

First, You cannot just type in HTTPS for every site :

Now if you wondering that just typing https before every URL will do that job then you got it wrong. Every website checks the protocol with which it is accessed and only if they support, they send the response. Now if some sites are built to access payment gate way when you type in https then it will be very different from he result you get from HTTP.

In fact sometimes the browser gives you warning because it think the response is not right. For example, Bing does not support https and when you try to access https://www.bing.com this is what you get :

Untrusted Connection in absence of support for HTTPS

 

But if you access https://bing.com you are simple redirected to http://www.bing.com.

Google Search : Go to  https://encrypted.google.com, to make your search queries encrypted. This will make sure your queries are not being read by third party or even your ISP. This works on Google Web Search and  Google Image Search. Read more about this on Google Help Page for SSL.

Google SSL SearchFacebook :

Facebook Supports Secure browsing which you need to enable from your account settings

Facebook Enable HTTPS

Gmail : Go to Gmail Settings and under the first tab ( general ), look for option which says Browser Connection. Select Always use https.

Gmail Enable HTTPS

Similar to this most of the email services have HTTPS support, make sure tu enable them as well.

Twitter :

Twitter also supports HTTPS which can be enabled from your account settings. Go to Account settings and scroll down to the last option which says “Https Only” and check the box which says “Always use HTTPS : Use a secure connection where possible to encrypt your account information”

Twitter support for HTTPS

Https Everywhere :

Before I start talking about it, let me explain that this add-on is not available for Mozilla Addon store directly but only from http://www.eff.org/https-everywhere. The addon is hosted at this place. So unless you are comfortable downloading extensions from third-party, do not use this and try looking for services which you use and find if they support https.

Coming back to the extension,  it knows which site support HTTPS and if you have checked to force https for that website, it will automatically redirect to https version even if you haven’t typed https in your browser. However even if a site support https it is possible that some part of application of the website might not support https and hence you will not see https there. Read more in their FAQ before you install and start using it.


About Ashish Mohta

A Professional Tech blogger, Editor and Writer who talks about solving day to day problems of people who use computer. His expertise are in Windows 7, Microsoft Office, Software, Mobile Apps and Video Posts.

Leave a Reply