• Dr Geoffrey Anderson

    Great article very in depth. Isn’t the real privacy question around linking referrers to Social Profiles? Letting a webmaster see where visits are coming from doesn’t expose personally identifiable information does it?

  • http://about.me/alexedlund Alex Edlund

    Thank you Danny for continuing to shine the light on this. Privacy is important for users, there is no denying that as the websites becomes more interconnected, the need for secure browsing is key. That’s why it’s infuriating to see companies like Google step all over the privacy issue. You have to wonder if their decision was based on ignorance and idiocy or if it was simply not caring about what the users think.

    Seems to me like there is a little bit of both and that’s probably the result of Google’s corporate culture. A little EQ wouldn’t hurt.

  • http://basilpuglisi.com Basil C. Puglisi

    When LinkedIn CEO came out and said privacy is thing of the past, it was the first open comment by a leader in the industry to admit what the rest already know, privacy is a thing of the past. If you want privacy, then go board up your windows or move to the Antarctic.
    Transparency is rewarded so much so, it’s almost like the sales pitch or rhetoric about privacy policies was designed to keep the general public away from the honey pot.
    If your working with the presumption that privacy is an issue or concern then your betting on the wrong stock. Transparency is and will continue to be the key to profits both personally and professionally.
    Get your head out of the ground, because the rest for your body is exposed! embrace it, learn from it and perhaps you’ll find value for yourself.
    Eventually you learn that the courts and the law can’t override or supersede progress, don’t believe me just ask Gadaffi.

    Basil C. Puglisi
    http://dbmei.com

  • http://docsheldon.com Doc Sheldon

    Excellent write-up, Danny! I’m inclined to think that this wasn’t something that they just didn’t think of, but rather, a conscious decision, to implement the first step in a larger plan. Maybe they just thought they could mitigate the backlash from their advertising base, while building up to the next phase (insert suspenseful background music here).

    I suspect many are already considering upgrading to secure servers – I know I would be, if I found the referrer data particularly valuable for my own site. And it will certainly be a factor to consider for my clients.

  • http://smackdown.blogsblogsblogs.com/ mvandemar

    It’s in that league because Google is a company that prides itself by doing right by the user.

    Actually, no, Google is a company that heavily sells the line that their motives involve “doing right”, be it to the user or to anyone else. It’s nothing but marketing though. They are much, much more worried about looking good than actually doing good though, to the point where they will actually sacrifice quality for the sake of public image.

    It’s kinda sad, too, because I really do believe that in the beginning they really were an altruistic company. They just haven’t been that way for a very, very long time now.

    Danny, unrelated side note – it would be nice if signed in users with more than x comments didn’t have to solve a capctha each time. :)

  • http://www.allwpseo.com/ M.G.

    Isn’t funny that the corporate motto of Google is “Don’t be evil”? Or is it just apply to the webmasters not for themselves?

  • http://none thomaskupracz

    I have to say that this is an interesting move from Google. At the moment (as a webmaster) I control the whole “buy” line. I know what keywords have volume (the initial target), which ones get me traffic (the fallout), and more importantly, which keywords actually make sales (the high intent keywords).

    I’m not sure of the overall intent behind Google’s move – but I can tell you how this will affect me as a webmaster. Over time, I won’t be able to know what keyword actually generated a sale (from Google’s organic results). This is crucial, because not all keywords are created equal. Some carry low purchase intent and others have a higher purchase intent.

    I gauge where to invest my “SEO money” based on what actually sells. If I have a keyword that made 4 sales / month in position #3, you can bet your bottom dollar that I’m going to make sure that I get to #1 for that keyword. The same keyword at position #1, will make 7 or 8 or 9 sales. So what Google has effectively done is cripple my ability to analyze what generates traffic and sales. If I don’t know what sells, I am investing my “SEO ranking” money randomly.

    The saving grace is this – given that the intent of a user is the same on Bing, you can infer where to invest your money. If you’re getting sales on a given keyword on Bing, you can basically assume that the same will happen on Google – at a greater level. I’d give this piece of advice to webmasters. Double your Bing SEO investment, and just migrate the strategy to Google. It’s not exact, but it’s the best move you can make right now.

    I’m pretty sure that the goal of this move by Google is to create “target confusion” for webmasters. If you don’t know what sells, you don’t know what to *ACTUALLY* target as “top needed positions”. Therefore, I expect MORE competition for general high-volume keywords in the next 6 months. But that’s not a real problem – because my competitors will NOT know what actually sells.

    You can call that a problem. I call that a massive opportunity.

  • TimmyTime

    To summarize: Don’t click on Google ads if you want your privacy.

    I can think of a billboard like that, I’m sure Google will like that.

    Or maybe they plan on not sending any organic referrals in the next few months, they are almost there for searches with ads. I can almost picture Matt Cutts’ tweet: “If you see an organic result on top 10, please alert us. Super excited about this. Yay!”

    To quote Larry and Sergey: “we expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers. “

  • http://artiefannetwork.com/ N.M.B.

    Google’s the most evil company today. Screw them! I’ve stopped using most of their products and only occasionally use their search.

    “If you are not paying for it, you’re not the customer; you’re the product being sold.”

    F Google!

  • N.S.T.

    I think all of this has a lot more to do with Google trying to avoid getting sued like Facebook is for their “Like” buttons..

    http://newsandinsight.thomsonreuters.com/California/News/2011/05_-_May/Facebook_sued_for_using__Like__button_to_track_online_activity/

  • Horatio

    SSL Search + plugin opt-out + protect privacy.

    Security is equally or less important in when there advertising to have a true understanding of this we should see how this works in Internet Explorer 9 because then it dumps all the contents of the advertising directly without privacy. Thus, it looks like Google detailed information successively car parks on Bing and Facebook. Performed an profits to get Feedback Help, if only tipeamos the term “facebook” into Google routed us to thousands of sites which possess or no privacybut not assure truly SSL encrypted search.

  • http://samj.net/ Sam Johnston

    Attacking Google for improving privacy and security over some contrived story about advertising seems like a dangerous precedent to set for others.

  • Akilan

    >>Google Change Benefits Google

    Seriously? This ‘change’ benefits Google? So, before this ‘change’ came into effect, whole world was unable to see the ‘private’ things that only advertisers can see now?

    EFF article is actually far better: “Today, Google announced that it is switching its Search service for logged-in users over from insecure HTTP to encrypted HTTPS. This is a *significant win* for users:”

  • http://www.seo-theory.com/ Michael Martinez

    This was really completely unnecessary. And people need to get over the Chinese censorship thing, too. Regardless of whether you like the Chinese system or not, corporations like Google SHOULD be respecting the laws of various governments around the globe.

    You cannot hypocritically demand that they flout a country’s laws and yet “respect” anyone or anything else in some sort of sham accountability process.

  • http://www.silverspike.co.uk/ Alan Perkins

    Good article Danny. Thanks for the strong interest you are showing in this topic.

    Google Analytics Evangelist Avinash Kaushik has long, and expertly, advised on the benefits of using your keywords to improve your website and targeting. Whole presentations he has given could be trashed if Google rolls this idea out further. I feel for him and, to a certain extent, Matt too. It must be tough to have to pretend that everything about this idea and its implementation is good.

    One small point of order – because of the way Google implements outbound clicks they are in almost complete control of what is presented in the referrer. Assuming the searcher has Javascript enabled, Google can choose exactly which elements of the referrer are passed through and which are stripped, whether a natural result or an ad is clicked by someone signed in or not on, on either http or https versions of Google.com or any other property.

    One question I’ve been trying to get answered (see https://plus.google.com/u/0/105279625231358353479/posts/iWYvxFMMZH9) is why Google chose to strip keywords and keep personalised data in the referrer, rather than the more obvious thing to do (given their stated concerns) of stripping personalised data and keeping keywords!

  • TimmyTime

    Akilan and Sam,
    read the article a couple of times. If you still do not get it, ask your neighbor to explain it.

    “I feel for him and, to a certain extent, Matt too. It must be tough to have to pretend that everything about this idea and its implementation is good.”

    I feel bad for someone that lost his business or has to take crap so he can put food on the table for his children. But Matt Cutts must be worth tens of millions of dollars, he doesn’t have to spin and lie if he doesn’t want to.

    Your priorities are all messed up Alan.

  • http://www.silverspike.co.uk/ Alan Perkins

    TimmyTime, I’m quite happy with my priorities, thanks. :)

    If I’m having a go at Google, it’s simply because I don’t want them to lose sight of *their* priorities, which should include ethical behaviour, honesty and integrity. The first paragraph of their Code of Conduct (http://investor.google.com/corporate/code-of-conduct.html) reads as follows:

    >> “”Don’t be evil.” Googlers generally apply those words to how we serve our users. But “Don’t be evil” is much more than that. Yes, it’s about providing our users unbiased access to information, focusing on their needs and giving them the best products and services that we can. But it’s also about doing the right thing more generally — following the law, acting honorably and treating each other with respect. ”

    With this move, I don’t think Google is acting particularly honourably or treating users or site owners (upon whose content Google’s entire service is built) with much respect. For my thoughts in detail, see http://bit.ly/oVISbY

  • http://www.rimmkaufman.com George Michie

    Danny, great post. Don’t see any of the “you’re such a fan-boy” comments on this thread! One point of clarification: I’d substitute “advertising” for “advertisers” through-out the post. It is not the case that Google will pass the organic referral data to sites if they are also advertisers; it is the case that only the clicks on advertisements will pass the links. Important to point out that advertisers get a great deal of organic traffic as well, some fraction of which they will be blind to going forward.

  • http://www.stareclips.com/?twitter Bob Bigellow

    Great post, but I can’t help but to notice that you equate publishers, advertisers, and other for-profit entities as “users”, then equate this to Google’s usual claims at putting the user first.

    It has been pretty clear for a while that when Google talks about putting the “user” first, they’re talking about the not-for-profit searchers. They put THOSE users first, ahead of the for-profit “users”. I don’t necessarily think this should change. Users should always be put ahead of corporations, companies, organizations and other for-profit individuals or groups who are after some other gain rather than simply knowledge.

    Secondly, the reason Google didn’t consider referrer data to be private in the past and now consider it to be private is because search is becoming more personal. I’m not just talking about customization like my own personal background image on the Google home page, but I’m talking about the fact that people are putting more and more private data into the cloud and, as a result, they are also searching for this information.

    How this pertains to standard Google search has to do with the writing on the wall. It is pretty evident to anyone watching the trends that the Google search engine will eventually (soon?) be a place you go to search for BOTH public AND private information. A single keyword entry at Google.com could bring up public web pages that contain that information AS WELL AS private cloud-stored documents, spreadsheets, data tables, uploaded/synced files, owned music, and other information private to that individual.

    As a result, the first step to protecting this information is to make google.com secured via HTTPS, because you can never know if the person’s next search will be for public or private information. The side effect, of course, is that browser security means that this referrer information isn’t passed. However, as it always has been in the past, when weighing the pros and cons between a for-profit entity and a regular user, Google always puts the user first, even if it means putting the for-profit entity second and this hurts.

  • http://makeitrank.com Kevin Spence

    One thing that you haven’t considered is that the launch of the Google+ API made it possible for webmasters to connect the searcher with the search — something we’d never before been able to do.

    By removing the keyword referrer, Google is closing the privacy hole.

    A full article here: http://makeitrank.com/its-google-stupid

  • http://www.silverspike.co.uk/ Alan Perkins

    Bob Bigellow, IMO Google owes it to site owners to provide keywords if possible, as part of the ethical balance between search engine, site owner and seacher. But, beyond that, because of their chosen method of implementation, Google is in complete control of the referrer they pass – the referrer is *not* lost simply because they’re using a https site. A referrer is still passed every time, and every time it shows that google.com was the source of the traffic. The difference now is that the keywords have been stripped from the referrer, even if the destination site is another https site meaning the keywords didn’t need to be stripped. To be clear, in one environment where privacy is NOT at risk (https://google.com -> organic result -> https://mysite.com) the keywords are still stripped; whereas in another environment where privacy IS potentially at risk (https://google.com -> ad -> http://mysite.com) the keywords are not stripped. As a result, your final sentence is not true at all.

    Kevin Spence, site owners could always connect the searcher with the search if that searcher registered or bought from their sites, and still can in most instances. Please elaborate further on how we can use the Google+ API in connection with the keyword data to tie an individual to the query, as (not being a user of this API yet) I don’t see how it could be done. AFAICT you need the user’s Google ID to call the API, and that user ID is not in the referrer; and, even if it was, Google could have stripped the user ID out of the referrer, rather than the keywords, if privacy was what they were looking to protect.

  • http://klausrusch.atmedia.net/ krusch

    The referrer information is not only missing when going from encrypted to unencrypted. Google does actually remove the search term information even in the encrypted-to-encrypted flow by serving the click-through tracking link unencrypted.

    Full analysis of data flows here: http://klausrusch.atmedia.net/blog/2011/10/google-encrypting-searches-security.html

  • http://crockettdunn.blogspot.com Crockett Dunn

    So read the Google cookie instead of the query string in the referrer variable.

  • Chris Hennick

    People who want to keep their search terms private even when clicking ads can still do so: just use encrypted.google.com.

  • http://www.stanleyoppenheimer.com/blog Stan Oppenheimer

    What I find sad, are advertisers are going to be affected by this regardless if Adwords Ads still have referral “Keyword Data” . See George Mitchie’s comment above. It has been my experienced that the organic side is where final conversions occur. How exactly are we suppose to connect the dots as SEO practitioners and marketers. What about the new conversion path tool in Google Analytics showing the relationship between Paid/Organic and Goals? Useless.

    I truly believe that more and more people will eventually log in making the Google “not provided” segment more troublesome..

    IMHO I feel that web hosts and providers should simply block Google “not provided” visits. “No Shirt” “No Shoes” “No Keyword Provider” – no service. If enough of the industry did this. This would make the experience of the logged in Google User pretty miserable. Perhaps a screen shot explaining our position on how we use this information to improve the user experience. Hey Joost – Maybe a protest plugin for WordPress!