undefined | Better HN

0 pointsthomasahle4y ago0 comments

> you gave up that data to Google when you followed the link

I gave up information on what site I was visiting, but if I enter any information on the page, won't that still go to Google? It's going to look like I have an https end-to-end channel with the site I'm visiting, but really Google is Man-In-The-Middleing the whole thing?

0 comments

1 comments · 1 top-level

nybble414y ago

> I gave up information on what site I was visiting, but if I enter any information on the page, won't that still go to Google?

So far as I can tell the user agent uses the original (non-Google) URL for the purpose of same-origin tests when it's returned from Google's cache using the Signed Exchanges standard, so the risk is effectively the same as if the page were served from the original server and Google were not involved. The page could send anything you enter to Google, but it would need to be coded that way to begin with. It wouldn't do so just because it was served through their cache.

j / k navigate · click thread line to collapse