The popular Firefox browser is on track to use a secure method of searching Google by default, a change that will help prevent potential “eavesdropping” of what people are searching for. It will also further reduce the ability for publishers to know how people find their sites in Google — except for Google advertisers. A loophole in Google Secure Search continues to provide them with this data.
“We are currently testing the change to use SSL for built-in Google searches in our Firefox nightly channel. If no issues are uncovered, it will move through our Aurora and Beta release channels before eventually shipping to all our Firefox users. This will include migrating the changes to our non-English version of Firefox, as well,” said Johnathan Nightingale, Director of Firefox Engineering, when I emailed Firefox about the posted change.
How The Change Happened
Privacy advocate Christopher Soghoian noted the change on his blog today. Back in February 2011, he pushed for secure search to be the default in Firefox. At that time, Google Chrome engineer Adam Langley said that using a secure version of Google known as Google Encrypted Search wouldn’t work:
We would welcome Firefox giving their users the option to use encrypted search. However, at this time we don’t feel that our encrypted search offers the features and speed that our users expect and so we wouldn’t want it to be the default. We are working towards making encrypted search as fast and complete as unencrypted search, but we’re not there yet
Since then, Google made a different method of secure searching the default for Google for signed-in users at Google.com, Google SSL Search. That renewed discussions about making secure search at Google the default for Firefox users. Both Langley and another Google employee, Mike Graboski, made comments that suggested Google had no issues with Firefox making the switch.
We’re happy to be offering SSL search for our signed-in users on https://www.google.com, and we’ve received a lot of positive feedback. We want to make it available on other Google domains as well, but we’re still working on that.
Google’s search team is ok with Firefox using https://www.google.com for search suggestions, so please use this endpoint. Thanks!
Google confirmed for me that Graboksi’s statement is correctly interpreted as a go-ahead for the Firefox team to make the switch, if it wanted to.
The change was formally made yesterday. As the Firefox statement notes, unless there are issues that crop up, all Firefox users who search using Firefox’s built-in features, such as its search box, will have their searches done using a secure connection.
The only exceptions to this will be for Firefox users who have changed their default search engine from Google to something else or for those using the Russian version of Firefox, which uses Yandex as its default search engine.
Impact On Consumers
The shift means more security for millions of Firefox users. It will make it harder for outsiders to potentially eavesdrop on what someone is searching for.
Just as secure connections protect someone’s credit card numbers when by things online, secure connections also mean that what someone is searching for can be seen only by Google and the person who is searching, with two important exceptions: Google’s advertisers and those who use Google Webmaster Central.
Those exceptions can’t be dismissed, even though the privacy risks with either of them is relatively small. When Google turned Google SSL Search on by default last year for logged-in users, it pitched this as protecting privacy. Nevertheless, it went out of its way to leave a loophole open for advertisers. It also seems to be ignoring the hole with Google Webmaster Central.
Make no mistake, searching was made massively more secure by Google’s move, and Firefox’s change will further make it secure for yet more people. But if the goal is to fully protect privacy, Google would upgrade the entirely different Google Encrypted Search service, and Firefox would use that.
The Privacy Loopholes
Let’s revisit secure searching at Google, to understand how with both flavors offered, search data — including potentially very private searches — can escape despite encryption.
Google has two secure searching products, Google Encrypted Search and Google SSL Search. With either, no one can eavesdrop on the searching you do with Google. That’s a big, welcomed change. But when you click on a listing or ad at Google, what you searched for will be contained in what’s called “referrer data” that your browser passes along to the destination site.
For example, do a search for “erectile dysfunction,” click on a listing, and that search term is in the referrer data that normally gets sent to the site you visit by Google. The same thing would happen if you used Yahoo or Bing, by the way. It part of how browsing software itself works.
In most cases, the site you visit isn’t going to know who you really are. They get a fairly anonymous strings of number called an IP address. But with some work, or perhaps by combining the IP address with cookie data or other information, they might be able to figure out more about who you really are.
Another way that search terms are revealed are through two Google programs for publishers: Google AdWords and Google Webmaster Central. With Google AdWords, you purchase ads, and you can see the search terms that people use when clicking on those ads. With Google Webmaster Central, you’re shown the search terms people used to reach your site over the past 30 days.
Neither of these programs link IP addresses with search terms, so there’s really no good way for publishers to match searches back to a particular person. These are helpful and relatively “safe” ways Google helps publishers without harming user privacy.
Think of it all as having a continuing “search conversation” with Google. Secure search prevents anyone from hearing the full conversation. But in some instances, when you speak loudly about a particular person, referrer data allows them to hear a tiny fragment of that talk. Even then, they still probably don’t know it was you who said it.
In short, letting search terms “escape” or “leak” via referrer data is still fairly private for the vast majority of searches that happen out there, I’d say. Despite this, Google decided this data was so sensitive that it blocked non-advertisers from getting it back in October. That magnifies the problem of why it hasn’t blocked its advertisers, as well.
SSL Vs Encrypted
Both versions of Google’s secure search leak referrers. Google Encrypted Search does this for technical reasons. Google SSL Search does it because Google deliberately wants referrers to be passed along to its advertisers.
Google Encrypted Search was launched by Google in May 2010. Originally, you could enable it by going to https://google.com. Note the additional S in the https prefix. That indicated the secure version of Google search was being used. However, the service caused problems for some schools that wanted to use other Google products. It was moved to a new location: https://encrypted.google.com.
When you use Google Encrypted Search, referrers are blocked entirely with one key exception: if you go from Google Encrypted Search to another secure site. It’s a technicality in how browsers work. When you have a secure connection to one site, no referrer data is passed along to the next unless that site also opens a secure connection for you.
This is a tiny security issue. That’s because it’s rare that you’d go from Google Encrypted Search to another secure site, since most sites don’t run secure servers that turn up in search results.
Google SSL Search largely came about in October 2011. That was when Google announced that by default, it would enable a secure searching connection for anyone who was logged into Google.com. Before then, I’m pretty sure you could go to https://google.com and establish a secure connection if you want, but it’s hard to pin this down. But really, October 2011 was the key date. Suddenly, millions of people searching on Google found they had a secure connection on by default.
How about referrer data? Google made a point to block this for anyone who clicked on its “editorial” or non-paid listings, saying this was designed to protect privacy. However, it continued to provide referrer information to its advertisers. Click on an ad after searching for “erectile dysfunction,” and an advertiser would receive both what you searched for and your IP address linked to that search.
Why Google didn’t block ALL referrers was perplexing. If search terms themselves were potentially private, as Google started arguing, then letting any of them out was bad. At best, Google concocted an odd, far-fetched defense that advertisers could run so many ads that potentially, they still might see search data.
I’ve found this unconvincing, as I explain more in 2011: The Year Google & Bing Took Away From SEOs & Publishers. That story also explains why, if search terms are so sensitive, Google should be filtering them in some way from Google Webmaster Central, as well. Also see my other article, Google’s Results Get More Personal With “Search Plus Your World”, for more about this.
The bottom line is that both versions of Google secure search allow referrers to escape, but Google Encrypted Search does this far less than Google SSL Search. If Firefox was really serious about using privacy, it would use that. But it can’t, not easily, and some of the reason for that comes back to Google.
Secure Searching Beyond The US
Firefox isn’t just used by those in the US. There are version of it for those in countries all over the world. It’s better if these country-specific versions point to the correct country-specific versions of Google (except, as mentioned, the Russian version which uses Yandex).
Google Encrypted Search is really a US/English-language service. There’s no ability to change the interface language from English to German that I can see. To even try this, you have to log in. When logged in, even if you set your language to German, Google Encrypted Search keeps speaking English back to you as the overall interface language.
In contrast, using Google SSL Search means that Firefox can point to where SSL search is formally supported already, Google.com, Google UK, Google France and Google Germany. The latter three got support in January. In March, Google announced that it would be coming to more counties over the course of several weeks. I already can see already works now for places like Google Australia, Google Poland and even Google Iceland, even though Google hasn’t formally announced this.
For Firefox, using Google SSL Search makes more sense. Country-specific versions of Firefox can use the right Google SSL Search for the right country, something that Google Encrypted Search wouldn’t allow.
Why Not Kill All Referrers?
Another way that Firefox could make things more secure would be to kill all referrer data within the browser itself. It could do this, and then there would be no leakage of terms from Google nor from other sites, when people surf the web.
I asked Firefox about this, but it didn’t provide any answer on that question, only the quote I have above.
I asked Microsoft the same for Internet Explorer, but I haven’t heard back yet.
Google told me that it doesn’t have anything to announce about this, in relation to its Chrome browser.
Fallout For Publishers
The move will be further bad news for publishers, who have come to depend on search term data passed along by referrers. It’s not uncommon to hear sites report that 20% or more of their search queries are now reported as “not provided” due to Google’s blocking.
Yesterday, I even published an example of how on my personal blog, 35% of my search terms are now withheld. Here’s the illustration, showing traffic for March 19:
The Firefox change to Google SSL Search means that this “not provided” percentage will only climb higher for all publishers. It wouldn’t be so bad if Google provided this data on a long-term basis through Google Webmaster Central. As I explained, this is a safe way for Google to tell publishers how people are reaching their sites through search while also protecting user privacy.
Unfortunately, Google only lets you gather this data back for 30 days. If publishers haven’t been tapping into it regularly, they can’t maintain trends that they’ve had before.
I continue to wish that Google would expand this data. The lack of attention here gives the impression that Google really doesn’t care that much about supporting publishers in this regard. That includes even Google advertisers, who also have “free” listing data that’s been lost.
Why Doesn’t Chrome Offer Google Secure Search?
Another twist to this story is that Firefox’s move means that it’s going to be offering a more secure way to search Google than Google’s own Chrome browser does.
By default, Chrome won’t initiate a secure connection with Google Search. If you’re logged in, however, it will maintain the default secure connection with Google.
Will this change? “We don’t have anything to announce about Chrome at this time,” Google told me.
On Secure Search, It’s Google: 2, Bing & Yahoo: 0
While I have issues with Google for allowing some search terms to leak through referrer data, Google deserves serious kudos for offering secure search overall. Its two big rivals, Bing and Yahoo don’t. As Soghoian put it, when I said it seemed kind of crazy that Google has two ways of secure searching with some referrer leakage:
Better for Google to have two secure search sites, than Microsoft and Yahoo, which have zero.
How about it, Microsoft? The company told me:
Bing does not offer SSL. To protect themselves from being unknowingly redirected we recommend people install OpenDNS.
Of course, if you really want to be secure, you could always try Duck Duck Go. You can force a secure search there by going to https://duckduckgo.com (surprisingly, this isn’t the default). As for referrers, it doesn’t pass any on.
- Google Launches Encrypted Web Search
- Google Moves SSL Search To Encrypted Sub Domain
- Google To Begin Encrypting Searches & Outbound Clicks By Default With SSL Search
- Google Puts A Price On Privacy
- 2011: The Year Google & Bing Took Away From SEOs & Publishers
- Google’s Results Get More Personal With “Search Plus Your World”
- Google “Search Plus Your World” To Launch Beyond US? Likely, As Secure Search Set To Expand
- How A Google Change May Mistakenly Turn Search Traffic Into Referral Traffic
- Scroogle’s Gone? Here’s Who Still Offers Private Searching