@robinadams : OTOH, if you click on a search result, Google could also send your browser to a runtime generated webpage, like Google Transate does.

For example, if I enter (I've replaced // by Unicode ⧸⧸ to prevent Mastodon from shortening the URLs and hiding "https://"):

🔗 https:⧸⧸www.security.nl/posting/929685/FCC+verbiedt+verkoop+van+nieuwe+routers+van+buitenlandse+fabrikanten+in+VS

into

🔗 https:⧸⧸translate.google.com/?sl=nl&tl=en&op=websites

the eventual URL turns into:

🔗 https:⧸⧸www-security-nl.translate.goog/posting/929685/FCC+verbiedt+verkoop+van+nieuwe+routers+van+buitenlandse+fabrikanten+in+VS?_x_tr_sl=en&_x_tr_tl=nl&_x_tr_hl=en&_x_tr_pto=wapp

In case of AI manipulation, such a link could read, for example,

🔗 https:⧸⧸www-security-nl.ai.goog/posting/929685/FCC+verbiedt+verkoop+van+nieuwe+routers+van+buitenlandse+fabrikanten+in+VS

Nomalizing this will result in even more people to fall for #phishing (replacing dots by dashes). The only thing reasonably trustworthy, the domain name of a website, becomes even more messy.

Apart from the fact that Google may charge websites for this "service" and/or insert their own ads.

@petealexharris @grammasaurus @SteveRudolfi

#DVsucks #GoogleIsEvil #LetsEncryptIsEvil #TLSisBroken #httpsIsBroken #E2EE #E2EEisBroken #DomainNamesSuck

@robinadams : I hope that it's limited to that (your browser's address bar reads https:⧸⧸google.com).

But space for search results is limited. So my speculation is that if you click the search result in order to open the actual website, you _still_ get to see AI-manipulated content.

Once Chrome reads https:⧸⧸example.com in its address bar while the page shows altered content of said website, this means that Google FULLY destroyed TLS.

Note: "Google Trust Services" (and others) already partially breaks TLS by handing out DV certificates to Cloudflare proxy servers. You DO NOT have an E2EE connection to the actual website, proven by https://todon.nl/@ErikvanStraten/116263229585961944 (Dutch text, tap translate for English).

Summarizing: your browser has an E2EE connection with a Cloudflare server. Cloudflare can always see and manipulate anything you think you exchange with the actual website. They can read your passwords and hijack any of your accounts even if WebAuthn (FIDO2 hardware key or passkey) is used to log in.

Google already broke https years ago - to prevent ISP's from altering ads or inserting fake clicks on ads. Let's Encrypt was never meant to protect YOU. #DVsucks

@petealexharris @grammasaurus @SteveRudolfi

#TLSisBroken #httpsIsBroken #Authenticity #GoogleIsEvil #CloudflareIsEvil #BigTechIsEvil

@grammasaurus : if I understand the patent correctly, the content seen by a user in their browser will not for 100% originate from your website given its domain name.

However, Google may let their Chrome browser show your domain name in the address bar and even suggest that a server-authenticated and encrypted valid https connection is being used (proving the authenticity of your website, which is then fully broken).

Google may even force other browser makers (such as Mozilla, sponsored by Google) to do the same.

@SteveRudolfi

#Authenticity #Authentic #MitM #AitM #GoogleIsEvil #BigTechIsEvil #TLSisBroken #httpsIsBroken #httpsIsNoLongerE2EE #E2EE