Google docs etc: is the data transfer secure?

In summary, Google Docs and other cloud-based data transfer services have multiple layers of security in place to protect the confidentiality and integrity of user data. This includes HTTPS encryption, two-factor authentication, and regular security audits. However, users should also take precautions such as using strong passwords and being mindful of phishing scams to further ensure the security of their data. Overall, while no system is completely immune to security breaches, Google Docs and similar services have strong security measures in place to protect user data.
  • #1
Swamp Thing
Insights Author
970
669
This video ...

... At around 01:26 they say that data to and from the Google apps server goes across unencrypted.

Is that true, given that all these services are necessarily over HTTPS ?

On a related note, does a VPN layer add any value in terms of data security, above that provided by HTTPS ?
 
Technology news on Phys.org
  • #2
Swamp Thing said:
... At around 01:26 they say that data to and from the Google apps server goes across unencrypted.

Is that true, given that all these services are necessarily over HTTPS ?
The point they are making is that the data is unencrypted on the Google Apps server. They are presumably promoting alternative services where the server does not have the keys to unencrypt the data and all decryption is done on the client. This also means that all processing also has to be done on the client.

Edit: that's not very clear. The services they are presumably promoting have an additional layer of encryption in the client application so the flows are:

User data -> encrypted using password -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> server app: stores data encrypted using password unknown to server.

Server: retrieves data encrypted using password unknown to server -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> client app: decrypts data using password.

Swamp Thing said:
On a related note, does a VPN layer add any value in terms of data security, above that provided by HTTPS ?
No, the security in HTTPS comes from the fact that only your browser has the private key to decrypt communication from the server and only the server has the private key to decrypt communication from you.
 
Last edited:
  • Like
Likes Swamp Thing
  • #3
pbuk said:
Server: retrieves data encrypted using password unknown to server -> HTTP message -> encrypted via HTTPS -> internet -> decrypted via HTTPS -> client app: decrypts data using password.
There is still a hitch with that process that bothers me. The reality is that if one can see the data in a browser before encrypting it or after decrypting it, the data is technically readable by the server as well with javascript. I know the whole business model of these companies is to say "we promise we won't do that", but it is still technically possible if someone (government, hackers, frustrated employees) took control of the server somehow.

With apps offered through an app store, it is a little better as the app files are downloaded only for a specific version and if the app is properly audited or open-source, a change in the javascript files would be noticed and users (hopefully) would be alerted.

More on this:

 

FAQ: Google docs etc: is the data transfer secure?

What is Google Docs?

Google Docs is a free, web-based document management system provided by Google. It allows users to create, edit, and collaborate on documents, spreadsheets, and presentations in real-time.

Is the data transfer on Google Docs secure?

Yes, Google Docs uses SSL encryption to secure all data transfers between the user's computer and Google's servers. This means that all data is encrypted and cannot be accessed by unauthorized parties during the transfer.

How does Google Docs protect my data?

Google Docs has several security features in place to protect user data. This includes multi-factor authentication, data encryption, and regular security audits. Additionally, Google has strict privacy policies in place to ensure that user data is not shared with third parties without permission.

Can I control who has access to my documents on Google Docs?

Yes, you can control who has access to your documents on Google Docs by setting permissions for each document. You can choose to make a document private, accessible to specific people, or publicly shareable with anyone who has the link.

Is it safe to store sensitive information on Google Docs?

While Google Docs is generally considered a secure platform, it is not recommended to store highly sensitive information on it. It is always best to use caution when sharing sensitive information online and to only share it with trusted individuals.

Similar threads

Do you want to build a website?
Replies
15
Views
2K
What is the purpose of the OSI model and how does it partition the flow of data?
Replies
1
Views
1K
Custom icon for specific file type in Nautilus on Ubuntu 22.04
Replies
10
Views
837
  • Sticky
How to use the "w" in www
Replies
0
Views
2K
Anonimity: Time to take the internet back.
Replies
4
Views
3K
Google France Sued by Bottin Cartographes for Providing Free Map Services
Replies
10
Views
3K
I could really use some help picking my optional module [GameDev]
Replies
2
Views
2K
Physics Forums Privacy Policy
Replies
0
Views
96K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
3K
I Calculating distance, object speed, etc - RE:Falcon9
Replies
7
Views
2K

Hot Threads

Recent Insights

Back
Top