How can a monkey in the middle stop you from going to encrypted Google search? How can they redirect you instead to plain old http://www.google.com?<p>So I'm doing a normal Google search like I do a hundred times everyday, and suddenly I get this message from Google:<p>"SSL search is off<p>This network has turned off SSL search,
so you cannot see personalized results.<p>The security features of SSL search are
not available. Content filtering may be
in place."<p>I look up at my URL bar, and yes, it says http not https. I get curious. I search Google's support pages for some way the government can mess with my Google search (I live in Iran) and I find this: https://support.google.com/websearch/answer/186669?hl=en<p>To quote the relevant part: "To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com."<p>I dug around a little and learned that all DNS queries are replied by a nearby spoofing server (nearby, because it responds so fast compared with what I have to endure in here!). I could do something like "nslookup www.google.com 1.2.3.4" (anything works instead of 1.2.3.4, whether a real DNS server or not) and get "216.239.32.20" which is the IP address for nosslsearch.google.com.<p>I tested this with four different servers around the country I have ssh access to. Everywhere it's the same.<p>DNS spoofing is a known government technique used for content blocking in Iran, but I haven't seen it be used for this purpose before. The government has long been lamenting Google's decision to go SSL. They have been looking for some way to get to see what people are searching again, and they seem to have found it.<p>The obvious way to get around this for me would be to add an entry in my /etc/hosts file or visit encrypted.google.com for searching. I suggest the same thing to other people living in Iran.