Google Puts A Price On Privacy

Earlier this week, Google made a significant change purportedly to better protect the search privacy of users. In reality, it specifically — and deliberately — left a gaping hole open to benefit its bottom line. If you pay-to-play, Google will share its search data with you.

Google’s a big company that goes after revenue in a variety of ways some critics feel put users second. However, I’m struggling to think of other examples where Google has acted in such a crass, it’s all-about-the-revenue manner as it has this week. The best comparison I can think of is when Google decided to allow Chinese censorship. Yes, this is in the same league.

It’s in that league because Google is a company that prides itself by doing right by the user. Yet in this case, it seems perfectly happy to sell out privacy, if you’re an advertiser. That’s assuming you believe that Caller ID-like information that’s being blocked (except for advertisers) is a privacy issue.

Google doesn’t, as best I can tell. Instead, the blocking is a pesky side effect to a real privacy enhancement Google made, a side effect Google doesn’t seem to want to cure for anyone but advertisers.

If it had taken a more thoughtful approach, ironically, Google could have pushed many sites across the web to become more secure themselves. It missed that opportunity.

I’ll cover all of this below, in detail. It’s a long article. If you prefer a short summary, skip to the last two sections, “Why Not Get Everyone To Be Secure” and “Moving Forward.”

Default Encrypted Search Begins

Let’s talk particulars. On Tuesday, Google announced that by default, it would encrypt the search sessions of anyone signed in to Google.com. This means that when someone searches, no one can see the results that Google is sending back to them.

That’s good. Just as you might want your Gmail account encrypted, so that no one can see what you’re emailing, so you also may want the search results that Google is communicated back to you to be kept private.

That’s especially so because those search results are getting more personalized and potentially could be hacked. The EFF, in its post about Google’s change, pointed to two papers (here and here) about this.

Encryption Can Break Caller ID

There’s a side effect to encryption that involves what are called “referrers.” When someone clicks on a link from one web site that leads to another, most browsers pass along referrer data, which is sort of like a Caller ID for the internet. The destination web site can see where the person came from.

When someone comes from an encrypted site, this referrer information isn’t passed on unless they are going to another encrypted site. That means when Google moved to encrypted search, it was blocking this Caller ID on its end for virtually all the sites that it lists, since most of them don’t run encrypted or “secure” servers themselves.

This is a crucial point. Encryption — providing a secure web site — doesn’t block referrers if someone goes from one secure web site to another. Consider it like this:

  • Unsecure >>> passes referrer to >>> Unsecure
  • Secure >>> passes referrer to >>> Secure
  • Secure /// does NOT pass referrer to /// Unsecure

Google’s Referrer Problem

If everyone on the web ran secure servers, aside from the web being a more secure place in the way that Google itself wants it to be, the referrer hypocrisy that Google committed this week wouldn’t be an issue.

The vast majority of sites don’t run secure servers, of course. That posed a problem for Google. Referrers from search engines are unique. Since as long as we’ve had search engines — over 15 years — those links people click on from search engine results have contained the search terms people have used.

For publishers, this has made search marketing incredibly powerful. They are able to tell exactly what terms were used when someone found their web site, at a search engine like Yahoo, Bing or Google

Moving to secure searching meant that Google was suddenly, dramatically, no longer going to send this information to publishers, because as I’ve covered, virtually none of those publishers were running secure servers. As a result, Google almost certain realized there was going to be backlash.

Putting A Price On Privacy

Google could have endured the backlash, saying that if publishers still wanted this data, they could move to secure servers. Instead, it deliberately chose to override how referrers are passed, so that they would continue to be provided to just its advertisers.

Backlash, Google would endure, but it seems apparently not from those who made Google nearly $10 billion last quarter alone.

To solve this, Google changed from the standard way that referrers are supposed to be passed to its own unique system, which works like this:

  • Secure /// does NOT pass referrer to /// Unsecure unless…
  • Secure >>> passes referrer if ADVERTISER to >>> Unsecure

Let me be very clear. Google has designed things so that Caller ID still works for its advertisers, but not anyone else, even though the standard for secure services isn’t supposed to allow this. It broke the standard, deliberately, to prevent advertiser backlash.

The PR Plan For Publisher Backlash: It’s A Tiny Loss!

Google still knew there would be backlash from another group of publishers, those who have received this Caller ID referrer data from Google’s “free” or “organic” or “editorial” or “SEO” listings. What was the solution for that problem?

Here, Google seems to have a three-fold approach. First, suggest that only a tiny amount of data is being withheld. Some scoffed at Google’s estimate that I reported, that this would impact less than 10% of query data. But so far that seems to be holding true.

For example, here was our second most popular keyword sending us traffic from Google yesterday, according to Google Analytics:

“Not Provided” is what Google reports in cases when it now blocks referrers — or technically, it still provides referrers but is specifically stripping search terms out of them.

Our number two keyword! And yet, we received nearly 15,000 keyword-related visits from Google yesterday. These terms that were withheld amounted to only 2.6% of them.

On my personal blog, this is in about the 2% range. SEOmoz reported around 2%, as well.

These low figures will makes it easier for Google to gloss over publisher concerns, especially when they’re almost all being voiced by those in the SEO industry. The industry has a bad name, so if it’s against something, that can almost seem like a ringing endorsement for good.

Ars Technica had some comments like this, in response to its story on the Google change:

I’m playing the saddest song in the world on the smallest violin in the world. Poor, poor, SEO leaches

I AM completely unsympathetic. The sooner these SEO leeches, parasites, spammers and scammers die die die the better off the web will be.

Don’t make this mistake. This is not just an SEO issue. This is a user privacy issue. SEOs are simply the harbingers spotting Google’s hypocrisy around privacy.

The Data’s Still Around!

The second bit of PR messaging was to reassure that plenty of search data can be found in another way through the Google Webmaster Central service.

This is true. Google does provide search query data through this service, and it’s warmly welcomed by many site owners.

However, Google also provides search query data to its advertisers through the AdWords system. That’s the publisher equivalent to Google Webmaster Central.

Since advertisers can get data through AdWords, just as publishers can use Google Webmaster Central, why does Google still need to deliberately override how referrers would normally be blocked just for advertisers?

Google argued in its blog post that advertisers needed referrer data “to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.” Outside of conversion tracking to the keyword level and retargeting, that doesn’t hold up, to me. I’ll get back to these.

Google Said Referrer Data Was Better

By the way, Google is on record as saying the data in Google Webmaster Central for publishers is not as good as referrer data.

This comes from an online exchange between Matt Cutts, the head of Google’s web spam team and who acts as a liaison on many publisher issues, and Gabriel Weinberg, the founder of tiny Duck Duck Go search engine who was challenging Google over providing referrer information.

Weinberg wrote:

So now that we know what is going on, why allow this personal information to leak? As far as I can tell, the only reason is so Webmasters can do better at Google SEO. And that reason can be wholly mitigated through the use of Google’s Webmaster Tools.

Cutts responded (and I’ll bold the key part):

Google’s webmaster tools only provide a sampling of the data. We used to provide info for only 100 queries. Now we provide it for more queries, but it’s still a sample.

Please don’t make the argument that the data in our webmaster console is equivalent to the data that websites can currently find in their server logs, because that’s not the case.

In January of this year, data from Google Webmaster Central was deemed inferior to referrer data. In October, it’s repositioned as an acceptable alternative to blocking referrers.

Referrers Are Private!

Google’s third and most important method of countering backlash is to make out that referrer data is somehow so private that it can no longer be provided to publishers. If you read closely, however, you understand that Google never actually takes this position. Rather, it’s implied.

Google’s blog post on the change made no mention — none — that this move was done because referrers had private information that might leak out. It was only about protecting the search results themselves:

As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver.

Remember those studies I mentioned? Those were all about search results, not about referrers.

Referrers only get mentioned in Google’s post as a heads-up to publishers that they’ll be lost, and not because they’re also private and need to be protected but rather — well, Google doesn’t explain why. The implication is that they just have to go.

As I’ve read stories in the broader press, I’ve seen the assumption that Google is blocking referrers because it considers them to be private. Heck, I came away from my initial interview with Google when the news broke thinking the same thing.

It’s no wonder. Because Google has deliberately broken security to pass referrers to advertisers but not publishers, it had to lump that qualification into the overall security story. It made referrer blocking seem like it was done to protect privacy, rather than the troublesome side effect it really was.

But You Didn’t Say They Were Private Before

To emphasize how not-private Google has viewed referrer data, consider two issues.

The first was in 2009, when Google made a change to its search results that broke referrers from being passed. Publishers were upset, and Google restored referrers.

Cutts — who keep in mind is one of the people Google had talk about this week’s encryption change –  tweeted “yay” about the restoration. Clearly, he didn’t see any privacy issues being lost by it then. He was happy Google went out of its way to bring referrers back.

Think 2009 is too far back? OK, at the beginning of this year, Duck Duck Go — aside from buying a billboard to attack Google on privacy grounds – launched an illustrated guide to alleged Google privacy issues, including concerns over referrrer data.

In reaction to that, Cutts pushed back on referrers being a problem:

Referrers are a part of the way the web has worked since before Google existed. They’re a browser-level feature more than something related to specific websites.

When he was further challenged on the issue by Duck Duck Go’s founder Weinberg, Cutts specifically did not include referrers in a list of things that seemed to be private:

That was the same day we announced SSL search, which prevents referrers to http sites….

The fact is that Google has a good history of supporting privacy, from fighting overly broad subpoenas from the DOJ to SSL Search to creating a browser plugin to opt out of personalized advertising.

On a personal note here, I like Matt Cutts. I’m not trying to single him out unfairly by citing this stuff. He’s just a Googler extremely close to the issue, knowledgable about it and even when speaking in a semi-official manner, it reflects back on what’s true with Google.

Personally, I get the impression he might not agree with the referrer blocking for publishers but is going to put the best spin he can on a decision that his company made. Just my gut feel, and no special knowledge here. I could be wrong. Maybe I can get him to share more later.

Google Change Benefits Google

I think it’s fair to say that Google has not agreed with the view that referrers are private, nor has it clearly said referrers were blocked to protect privacy.

So why do it? One reason is that it makes Google more competitive. If someone lands on your web site, and you know the search term they used, you can then target them in various ways across the web with ads you believe reflect that search interest. All you need is the initial term.

This is called “retargeting,” and Google’s a leading provider of retargeted ads. When you cut the referrers out, except for your own advertisers, Google makes it harder for its competitors to offer retargeting services. Search marketers already understand this. Wait until Google’s anti-trust enemies clue in. They’ll be swooping in on this one (and we’ll have more to say on it in the future).

Another benefit is that it prevents anyone but Google’s own advertisers from doing keyword-level conversion tracking. With search referrers, you can determine what someone who searched for a particular term later did on your site. What further pages did they go to? Did they purchase a product or service? Without the search terms, you can’t do this degree of analysis.

That is, of course, unless you buy an ad. Conversion tracking at the keyword level turns into another sales feature for Google.

Didn’t Think Or Don’t Care?

I think the biggest reason Google hasn’t fixed the broken referrer problem is either that it just didn’t care about publishers or didn’t really think through the issues more.

Either is bad. The latter has some weight. Consider the last time that Google broke referrers, Cutts explained that the impact just hadn’t been considered:

[Cutts] says the team didn’t think about the referrer aspect. So they stopped. They’ve paused it until they can find out how to keep the referrers.

Surely someone had to have thought about the impact this time? Someone decided that it was a good idea to keep passing referrer information to advertisers. Someone decided that for whatever reason — and it wasn’t privacy — that publishers couldn’t keep getting this information. But what that reason is remains unclear.

Why Not Get Everyone To Be Secure?

What I do know is that Google missed a huge opportunity to make the entire web much more secure. Google could have declared that it was shifting its default search for everyone  – not just logged-in users — to be secure. Privacy advocates would have loved this even more than the current change which, using Google’s own figures, protect less than 10% of Google.com searchers.

Google could have also said that if anyone wanted to continue receiving referrer data, they needed to shift to running secure servers themselves. Remember, referrers pass from secure server to secure server.

Millions of sites quickly adopted Google +1 buttons in the hopes they might get more traffic from Google. Those same millions would have shifted — and quickly — over to secure servers in order to continue receiving referrer data.

Better protection across the web for everyone, while maintaining the unwritten contract between search engines and the publishers that support them to provide referrer data. That would have been a good solution. Instead, we got Google providing protection for a sliver of those searching, withholding data from the majority of sites that support it and solving problems only for its advertisers.

Moving Forward

I’m expecting to talk further to Google about these issues, which I raised with the company right after writing my initial story. I’m still waiting for them to find anyone appropriate higher up in the company to respond. Fingers-crossed. The best I could get so far was this statement:

We’ve tried to strike a balance here — improving privacy for signed in users while also continuing to provide substantial query data to webmasters.

To conclude, I think the move to secure searching is great. I’d like to see more of it.

As for referrers, there are some who do believe that they are private. Chris Soghoian is a leading advocate about this, and I’d recommend anyone who wants to understand more to read the blog post he wrote about an FTC complaint he filed over the issue. Read the complaint, too. Also see Duck Duck Go’s DontTrack.us site.

In terms of Google blocking referrers, it already blocks tons of stuff it considers private from its search suggestions. Conceivably, it could use the same technology to filter search referrers, to help publishers and protect users.

But aside from that, if Google thinks this needs to be done for privacy reasons, then it needs to block referrers for everyone and not still allow them to work for advertisers. That move is one of the most disturbing, hypocritical things I’ve ever seen Google do. It also needs to take the further step and stop its own Chrome browser from passing them.

If blocking referrers isn’t a privacy issue, then Google needs provider referrer data to all publishers, not just those who advertise.

Related Background

And Yet More Background

 

Related Topics: Channel: SEO | Features: Analysis | Google: AdSense | Google: AdWords | Google: Antitrust | Google: Critics | Google: Privacy | Google: SEO | Google: Web Search | Google: Webmaster Central | Top News

Sponsored


About The Author: is a Founding Editor of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn



SearchCap:

Get all the top search stories emailed daily!  

Share

Other ways to share:
 

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • Dr Geoffrey Anderson

    Great article very in depth. Isn’t the real privacy question around linking referrers to Social Profiles? Letting a webmaster see where visits are coming from doesn’t expose personally identifiable information does it?

  • http://about.me/alexedlund Alex Edlund

    Thank you Danny for continuing to shine the light on this. Privacy is important for users, there is no denying that as the websites becomes more interconnected, the need for secure browsing is key. That’s why it’s infuriating to see companies like Google step all over the privacy issue. You have to wonder if their decision was based on ignorance and idiocy or if it was simply not caring about what the users think.

    Seems to me like there is a little bit of both and that’s probably the result of Google’s corporate culture. A little EQ wouldn’t hurt.

  • http://basilpuglisi.com Basil C. Puglisi

    When LinkedIn CEO came out and said privacy is thing of the past, it was the first open comment by a leader in the industry to admit what the rest already know, privacy is a thing of the past. If you want privacy, then go board up your windows or move to the Antarctic.
    Transparency is rewarded so much so, it’s almost like the sales pitch or rhetoric about privacy policies was designed to keep the general public away from the honey pot.
    If your working with the presumption that privacy is an issue or concern then your betting on the wrong stock. Transparency is and will continue to be the key to profits both personally and professionally.
    Get your head out of the ground, because the rest for your body is exposed! embrace it, learn from it and perhaps you’ll find value for yourself.
    Eventually you learn that the courts and the law can’t override or supersede progress, don’t believe me just ask Gadaffi.

    Basil C. Puglisi
    http://dbmei.com

  • http://docsheldon.com Doc Sheldon

    Excellent write-up, Danny! I’m inclined to think that this wasn’t something that they just didn’t think of, but rather, a conscious decision, to implement the first step in a larger plan. Maybe they just thought they could mitigate the backlash from their advertising base, while building up to the next phase (insert suspenseful background music here).

    I suspect many are already considering upgrading to secure servers – I know I would be, if I found the referrer data particularly valuable for my own site. And it will certainly be a factor to consider for my clients.

  • http://smackdown.blogsblogsblogs.com/ mvandemar

    It’s in that league because Google is a company that prides itself by doing right by the user.

    Actually, no, Google is a company that heavily sells the line that their motives involve “doing right”, be it to the user or to anyone else. It’s nothing but marketing though. They are much, much more worried about looking good than actually doing good though, to the point where they will actually sacrifice quality for the sake of public image.

    It’s kinda sad, too, because I really do believe that in the beginning they really were an altruistic company. They just haven’t been that way for a very, very long time now.

    Danny, unrelated side note – it would be nice if signed in users with more than x comments didn’t have to solve a capctha each time. :)

  • http://www.allwpseo.com/ M.G.

    Isn’t funny that the corporate motto of Google is “Don’t be evil”? Or is it just apply to the webmasters not for themselves?

  • http://none thomaskupracz

    I have to say that this is an interesting move from Google. At the moment (as a webmaster) I control the whole “buy” line. I know what keywords have volume (the initial target), which ones get me traffic (the fallout), and more importantly, which keywords actually make sales (the high intent keywords).

    I’m not sure of the overall intent behind Google’s move – but I can tell you how this will affect me as a webmaster. Over time, I won’t be able to know what keyword actually generated a sale (from Google’s organic results). This is crucial, because not all keywords are created equal. Some carry low purchase intent and others have a higher purchase intent.

    I gauge where to invest my “SEO money” based on what actually sells. If I have a keyword that made 4 sales / month in position #3, you can bet your bottom dollar that I’m going to make sure that I get to #1 for that keyword. The same keyword at position #1, will make 7 or 8 or 9 sales. So what Google has effectively done is cripple my ability to analyze what generates traffic and sales. If I don’t know what sells, I am investing my “SEO ranking” money randomly.

    The saving grace is this – given that the intent of a user is the same on Bing, you can infer where to invest your money. If you’re getting sales on a given keyword on Bing, you can basically assume that the same will happen on Google – at a greater level. I’d give this piece of advice to webmasters. Double your Bing SEO investment, and just migrate the strategy to Google. It’s not exact, but it’s the best move you can make right now.

    I’m pretty sure that the goal of this move by Google is to create “target confusion” for webmasters. If you don’t know what sells, you don’t know what to *ACTUALLY* target as “top needed positions”. Therefore, I expect MORE competition for general high-volume keywords in the next 6 months. But that’s not a real problem – because my competitors will NOT know what actually sells.

    You can call that a problem. I call that a massive opportunity.

  • TimmyTime

    To summarize: Don’t click on Google ads if you want your privacy.

    I can think of a billboard like that, I’m sure Google will like that.

    Or maybe they plan on not sending any organic referrals in the next few months, they are almost there for searches with ads. I can almost picture Matt Cutts’ tweet: “If you see an organic result on top 10, please alert us. Super excited about this. Yay!”

    To quote Larry and Sergey: “we expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers. “

  • http://artiefannetwork.com/ N.M.B.

    Google’s the most evil company today. Screw them! I’ve stopped using most of their products and only occasionally use their search.

    “If you are not paying for it, you’re not the customer; you’re the product being sold.”

    F Google!

  • N.S.T.

    I think all of this has a lot more to do with Google trying to avoid getting sued like Facebook is for their “Like” buttons..

    http://newsandinsight.thomsonreuters.com/California/News/2011/05_-_May/Facebook_sued_for_using__Like__button_to_track_online_activity/

  • Horatio

    SSL Search + plugin opt-out + protect privacy.

    Security is equally or less important in when there advertising to have a true understanding of this we should see how this works in Internet Explorer 9 because then it dumps all the contents of the advertising directly without privacy. Thus, it looks like Google detailed information successively car parks on Bing and Facebook. Performed an profits to get Feedback Help, if only tipeamos the term “facebook” into Google routed us to thousands of sites which possess or no privacybut not assure truly SSL encrypted search.

  • http://samj.net/ Sam Johnston

    Attacking Google for improving privacy and security over some contrived story about advertising seems like a dangerous precedent to set for others.

  • Akilan

    >>Google Change Benefits Google

    Seriously? This ‘change’ benefits Google? So, before this ‘change’ came into effect, whole world was unable to see the ‘private’ things that only advertisers can see now?

    EFF article is actually far better: “Today, Google announced that it is switching its Search service for logged-in users over from insecure HTTP to encrypted HTTPS. This is a *significant win* for users:”

  • http://www.seo-theory.com/ Michael Martinez

    This was really completely unnecessary. And people need to get over the Chinese censorship thing, too. Regardless of whether you like the Chinese system or not, corporations like Google SHOULD be respecting the laws of various governments around the globe.

    You cannot hypocritically demand that they flout a country’s laws and yet “respect” anyone or anything else in some sort of sham accountability process.

  • http://www.silverspike.co.uk/ Alan Perkins

    Good article Danny. Thanks for the strong interest you are showing in this topic.

    Google Analytics Evangelist Avinash Kaushik has long, and expertly, advised on the benefits of using your keywords to improve your website and targeting. Whole presentations he has given could be trashed if Google rolls this idea out further. I feel for him and, to a certain extent, Matt too. It must be tough to have to pretend that everything about this idea and its implementation is good.

    One small point of order – because of the way Google implements outbound clicks they are in almost complete control of what is presented in the referrer. Assuming the searcher has Javascript enabled, Google can choose exactly which elements of the referrer are passed through and which are stripped, whether a natural result or an ad is clicked by someone signed in or not on, on either http or https versions of Google.com or any other property.

    One question I’ve been trying to get answered (see https://plus.google.com/u/0/105279625231358353479/posts/iWYvxFMMZH9) is why Google chose to strip keywords and keep personalised data in the referrer, rather than the more obvious thing to do (given their stated concerns) of stripping personalised data and keeping keywords!

  • TimmyTime

    Akilan and Sam,
    read the article a couple of times. If you still do not get it, ask your neighbor to explain it.

    “I feel for him and, to a certain extent, Matt too. It must be tough to have to pretend that everything about this idea and its implementation is good.”

    I feel bad for someone that lost his business or has to take crap so he can put food on the table for his children. But Matt Cutts must be worth tens of millions of dollars, he doesn’t have to spin and lie if he doesn’t want to.

    Your priorities are all messed up Alan.

  • http://www.silverspike.co.uk/ Alan Perkins

    TimmyTime, I’m quite happy with my priorities, thanks. :)

    If I’m having a go at Google, it’s simply because I don’t want them to lose sight of *their* priorities, which should include ethical behaviour, honesty and integrity. The first paragraph of their Code of Conduct (http://investor.google.com/corporate/code-of-conduct.html) reads as follows:

    >> “”Don’t be evil.” Googlers generally apply those words to how we serve our users. But “Don’t be evil” is much more than that. Yes, it’s about providing our users unbiased access to information, focusing on their needs and giving them the best products and services that we can. But it’s also about doing the right thing more generally — following the law, acting honorably and treating each other with respect. ”

    With this move, I don’t think Google is acting particularly honourably or treating users or site owners (upon whose content Google’s entire service is built) with much respect. For my thoughts in detail, see http://bit.ly/oVISbY

  • http://www.rimmkaufman.com George Michie

    Danny, great post. Don’t see any of the “you’re such a fan-boy” comments on this thread! One point of clarification: I’d substitute “advertising” for “advertisers” through-out the post. It is not the case that Google will pass the organic referral data to sites if they are also advertisers; it is the case that only the clicks on advertisements will pass the links. Important to point out that advertisers get a great deal of organic traffic as well, some fraction of which they will be blind to going forward.

  • http://www.stareclips.com/?twitter Bob Bigellow

    Great post, but I can’t help but to notice that you equate publishers, advertisers, and other for-profit entities as “users”, then equate this to Google’s usual claims at putting the user first.

    It has been pretty clear for a while that when Google talks about putting the “user” first, they’re talking about the not-for-profit searchers. They put THOSE users first, ahead of the for-profit “users”. I don’t necessarily think this should change. Users should always be put ahead of corporations, companies, organizations and other for-profit individuals or groups who are after some other gain rather than simply knowledge.

    Secondly, the reason Google didn’t consider referrer data to be private in the past and now consider it to be private is because search is becoming more personal. I’m not just talking about customization like my own personal background image on the Google home page, but I’m talking about the fact that people are putting more and more private data into the cloud and, as a result, they are also searching for this information.

    How this pertains to standard Google search has to do with the writing on the wall. It is pretty evident to anyone watching the trends that the Google search engine will eventually (soon?) be a place you go to search for BOTH public AND private information. A single keyword entry at Google.com could bring up public web pages that contain that information AS WELL AS private cloud-stored documents, spreadsheets, data tables, uploaded/synced files, owned music, and other information private to that individual.

    As a result, the first step to protecting this information is to make google.com secured via HTTPS, because you can never know if the person’s next search will be for public or private information. The side effect, of course, is that browser security means that this referrer information isn’t passed. However, as it always has been in the past, when weighing the pros and cons between a for-profit entity and a regular user, Google always puts the user first, even if it means putting the for-profit entity second and this hurts.

  • http://makeitrank.com Kevin Spence

    One thing that you haven’t considered is that the launch of the Google+ API made it possible for webmasters to connect the searcher with the search — something we’d never before been able to do.

    By removing the keyword referrer, Google is closing the privacy hole.

    A full article here: http://makeitrank.com/its-google-stupid

  • http://www.silverspike.co.uk/ Alan Perkins

    Bob Bigellow, IMO Google owes it to site owners to provide keywords if possible, as part of the ethical balance between search engine, site owner and seacher. But, beyond that, because of their chosen method of implementation, Google is in complete control of the referrer they pass – the referrer is *not* lost simply because they’re using a https site. A referrer is still passed every time, and every time it shows that google.com was the source of the traffic. The difference now is that the keywords have been stripped from the referrer, even if the destination site is another https site meaning the keywords didn’t need to be stripped. To be clear, in one environment where privacy is NOT at risk (https://google.com -> organic result -> https://mysite.com) the keywords are still stripped; whereas in another environment where privacy IS potentially at risk (https://google.com -> ad -> http://mysite.com) the keywords are not stripped. As a result, your final sentence is not true at all.

    Kevin Spence, site owners could always connect the searcher with the search if that searcher registered or bought from their sites, and still can in most instances. Please elaborate further on how we can use the Google+ API in connection with the keyword data to tie an individual to the query, as (not being a user of this API yet) I don’t see how it could be done. AFAICT you need the user’s Google ID to call the API, and that user ID is not in the referrer; and, even if it was, Google could have stripped the user ID out of the referrer, rather than the keywords, if privacy was what they were looking to protect.

  • http://klausrusch.atmedia.net/ krusch

    The referrer information is not only missing when going from encrypted to unencrypted. Google does actually remove the search term information even in the encrypted-to-encrypted flow by serving the click-through tracking link unencrypted.

    Full analysis of data flows here: http://klausrusch.atmedia.net/blog/2011/10/google-encrypting-searches-security.html

  • http://crockettdunn.blogspot.com Crockett Dunn

    So read the Google cookie instead of the query string in the referrer variable.

  • Chris Hennick

    People who want to keep their search terms private even when clicking ads can still do so: just use encrypted.google.com.

  • http://www.stanleyoppenheimer.com/blog Stan Oppenheimer

    What I find sad, are advertisers are going to be affected by this regardless if Adwords Ads still have referral “Keyword Data” . See George Mitchie’s comment above. It has been my experienced that the organic side is where final conversions occur. How exactly are we suppose to connect the dots as SEO practitioners and marketers. What about the new conversion path tool in Google Analytics showing the relationship between Paid/Organic and Goals? Useless.

    I truly believe that more and more people will eventually log in making the Google “not provided” segment more troublesome..

    IMHO I feel that web hosts and providers should simply block Google “not provided” visits. “No Shirt” “No Shoes” “No Keyword Provider” – no service. If enough of the industry did this. This would make the experience of the logged in Google User pretty miserable. Perhaps a screen shot explaining our position on how we use this information to improve the user experience. Hey Joost – Maybe a protest plugin for WordPress!

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!

 


 

Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide