Google To Begin Encrypting Searches & Outbound Clicks By Default With SSL Search

Google will now begin encrypting searches that people do by default, if they are logged into Google.com already through a secure connection. The change to SSL search also means that sites people visit after clicking on results at Google will no longer receive “referrer” data that reveals what those people searched for, except in the case of ads.

Google announced the news on its blog here, saying:

As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users.

The company also has a help page providing more information about it here.

Only For Signed-In Users; Single-Digit Impact

The change will only happen on Google.com, and only for those who are already signed in at Google with a secure connection. How many people do this? Google software engineer Matt Cutts, who’s been involved with the privacy changes, wouldn’t give an exact figure but told me he estimated even at full roll-out, this would still be in the single-digit percentages of all Google searchers on Google.com.

Postscript: I keep seeing people question this percentage, since I posted this article, not believing it will be that low. I have double-checked with Cutts on it, and he stands by it. Whether people choose to believe his estimate is another thing, of course.

The change to SSL (which stands for Secure Sockets Layer) begins today and will be fully released to everyone over the coming weeks. When it happens to someone, they’ll see a secure connection icon in their browser (often a little lock symbol) and https:// will appear rather than the usual http:// in front of the web address.

The change means that any searches can only be seen by Google and the web browser itself. A third party can’t intercept the search and know what’s being searched on.

People who administer their own networks have a way to override the default. Google says that’s important for places like schools, where if you’re trying to block porn sites, using encryption makes that impossible. Google’s help page provides more about this here.

Blocking Referrers, The Web’s “Caller ID”

Beyond encrypting search sessions, it’s common that web browsers reports “referrer” data when someone goes from one web site to another. This data tells the destination site how it was found, whether it be from a link off another site or search terms that were entered into a search engine.

To understand more about how referrers work, get used by publishers and information they potentially “leak” out about searches, please see the two posts below from us, which go into great detail about this:

In Google’s new system, referrer data will be blocked. This means site owners will begin to lose valuable data that they depend on, to understand how their sites are found through Google. They’ll still be able to tell that someone came from a Google search. They won’t, however, know what that search was.

Analytics: Can Track SEO Generally, Not Specific Terms

Even Google’s own Google Analytics will face this block. Like all analytics tools, it’ll know if someone came from “free” or “organic” search results, also called SEO traffic, but the search terms won’t be associated with a particular visit, because they aren’t being passed along.

From the Google Analytics blog:

When a signed-in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google “organic” search, but will no longer report the query terms that the user searched on to reach your site. Keep in mind that the change will affect only a minority of your traffic. You will continue to see aggregate query data with no change, including visits from users who aren’t signed in and visits from Google “cpc.”

To help you better identify the signed in user organic search visits, we created the token “(not provided)” within Organic Search Traffic Keyword reporting. You will continue to see referrals without any change; only the queries for signed in user visits will be affected. Note that “cpc” paid search data is not affected.

Even though SEO traffic in general can still be tracked, those who are doing conversion analysis down to the keyword level will begin to lose out. You wouldn’t be able to tell, for instance, where someone coming to your site after finding it for a search for “blue widgets” actually entered, nor the other pages they viewed.

Another issue is that landing page targeting gets harder. For example, many have probably been to blogs that might welcome them with messages like:

Hello — I see you came here from Google after searching for “blue widgets.” Here are some stories about that topic you might also be interested in.

Without search terms being passed along, this type of basic targeting can’t happen. It also prevents much more sophisticated targeted from being used.

When I raised this issue with Cutts, he responded that much of this type of targeting gets close to cloaking, where a site might show something special only to Google, especially in hopes of ranking better. That’s against Google’s guidelines.

But Cutts didn’t outright say it was cloaking, nor is it necessarily so. Cloaking is when you do something special for Google; making pages show something different in response to search terms reported by the referrer isn’t special for Google. In fact, if Google visited a site reporting referrer terms, then it would get treated the same.

Debate aside, this type of targeting is clearly going to get harder, at least for those who aren’t running ads. As I’ll get into, referrers from ads aren’t blocked.

Search Terms Still Available In Google Webmaster Central

For some time, Google Webmaster Central has allowed sites to discover the terms that people are using to reach their web sites. This will continue to be offered, and that will remain a welcome alternative to the loss of referrer data. Here’s a past article from us on some of the content that’s offered:

Cutts stressed that Google Webmaster Central shows the top 1,000 queries that a site appeared for at Google — as well as was selected for — over a 30-day period, and that you can even pick any particular day over that period for downloading.

The Google Blog mentions this, as well. The Google Webmaster Central Blog also has a short post up about the change. Google’s clearly sensitive to the fact that publishers all over the web are suddenly going to feel like they’re having information taken away from them by Google.

It is good that the Google Webmaster Central data is there. However, the search data won’t be tied to visitor activity. You’ll be able to tell that someone found your site in various ways, but what they did next — if they converted in some way and so on — won’t be shown.

Perhaps Google might release a way for that data to be merged into Google Analytics. Indeed, I’ve seen some already guessing that Google will do things like this to help support itself. Just two weeks ago, the company rolled out a feature for everyone that integrates Google Webmaster Central data into Google Analytics. See our posts below for more background on this:

If Google can find a way to do so, without harming the user privacy that it’s trying to protect, that would be great. I can’t say at this time if it would be possible, however. It’s likely very difficult.

It would also be good if Google expanded the 30-day period on Google Webmaster Central, perhaps removing it entirely, so that publishers could go back as far as they like.

Referrers Still Passed For Ads

Referrer blocking won’t be happening with ads. If someone clicks on an ad, the advertiser’s site will continue to receive all the same information it currently gets with unencrypted search.

Why allow this? Google told me it feels advertisers need to have this additional data to evaluate their campaigns. 

From Google’s blog post, it wrote:

Your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.

In talking with Cutts, he stressed that it was important that advertisers know search terms used in relations to their ads for, among other reasons, so they can quickly tell if they’re pulling in traffic for off topic terms.

For example, someone might advertise on “hilton” and suddenly get a lot of traffic for “paris hilton” — knowing the exact terms like this could then allow them to better refine their campaigns.

The problem with this, as I see it, is that this data is already reported to advertisers through the AdWords system. In addition, that data shows up pretty quickly. Within minutes, to my knowledge, you can see exactly the terms that are generating traffic off your ads.

Cutts also argued that it makes sense to share with advertisers using a metaphor of walking around in a mall but not being known. “But as soon as you go into The Gap and actually buy something, then the person gets to know who you are; they can send you a paper catalog.”

I disagree. It’s not like that at all. No one knows who you are when you walk into a store. They only know when you conduct a transaction. Clicking on an ad from Google is a transaction between the searcher and Google, not the searcher and the advertiser. If the searcher converts at the advertiser’s site, then that’s a transaction where actual knowledge of the person might get transmitted.

What advertisers don’t get, if you block the data, is the ability to have customized landing pages as I’ve described earlier. They also lose the ability to do conversion tracking through the site, based on search terms. Both of these are important. But only SEOs are being blocked from this, not those doing CPC paid search. If you pay, you effectively still get to play with that data.

The data also is helpful for retargeting, where someone is shown an ad through the Google ad network based on their initial visit to an advertiser’s web site. Google itself doesn’t allow retargeting to be done using someone’s search history. But because advertisers can see particular terms that people use to reach their sites, they can still use those terms as a way to segment visitors for ads they’ll see later around the web. Here’s more about retargeting:

Half-Full Privacy Change May Look Half Empty

The new referrer blocking change doesn’t just discriminate against the SEO side of the search marketing family. It also sends a terrible signal to consumers. It says that referrer data is important enough to protect, but not important enough when advertiser interests are at stake.

To be fair, Google is concerned that people are more likely to do sensitive searches that somehow reveal private information in referrer data through clicks on its free listings. But this could still happen in relation to ads, as well.

I appreciate that Google’s trying to get the balance right, something Cutts said to me repeatedly, as well as all this being a a first step that will likely evolve. I also appreciate what he said about the change already improving the current state of privacy:

What you’re getting today is better than what you were getting yesterday.

But still, it would seem better if all referrers were blocked. As a marketer, I hate saying that. But as a consumer, it does provide more protection. And for Google, blocking them all doesn’t create this mixed message that might backfire on them with privacy advocates.

Consider that in 2007, before any government seriously pushed on the topic, Google began voluntarily anonymizing some of the search records it maintained. That just got it attacked by some privacy groups and the EU for not doing enough, despite the fact that it was far better privacy than people had it before.

Half measures haven’t helped Google with privacy in the past. This half measure, I think, is likely to blow up in its face. At the very least, consumers should have an option to block all referrers.

Postscript: Google sent me across two links suggesting I’m wrong about this prediction. The first is reaction from the ACLU, which praised the move, even noting that it doesn’t apply to ads but didn’t have anything negative about that. I found that pretty surprising.

Meanwhile, privacy advocate Chris Soghoian, who has been one of the most outspoken people pushing for Google to end referrer sharing, praised the move on Twitter, saying:

Thank you @mattcutts for putting user privacy over the SEO community. Intentional search term leakage via referrer header was inexcusable

Just over a year ago, Soghoian filed an FTC complaint over Google passing along referrer data with search terms. That prompted a class-action lawsuit from another party to follow. I don’t know the current status of either action, at the moment.

Soghoian also praised Google for the move over its rivals:

Google to deploy HTTPS by default for signed in search users. Bing & Yahoo still don’t offer HTTPS even as opt-in option

When I asked Soghoian about leakage related to ads, he said that should be blocked and added that SSL should be made the default for all searches:

Google should scrub all referrers. This is a good start, but not perfect. I try to say nice things when companies deserve it.

 I would also like all Google visitors to get the benefit of SSL & referrer scrubbing, not just single-digit signed in users

Google said the positive reactions from the ACLU and Soghoian are typical of what it is seeing elsewhere, too, including the EFF. I don’t see anything at the EFF site yet.

Postscript 2: The EFF is now up, saying:

Today, Google announced that it is switching its Search service for logged-in users over from insecure HTTP to encrypted HTTPS. This is a significant win for users: HTTPS is an essential protection against surveillance and alteration of your search traffic — whether by governments, companies or hackers …

There is one small caveat that users should be aware of with the new encrypted-when-logged-in Google. If you click on an advertisement, and the advertiser’s website is HTTP rather than HTTPS, Google will send the search terms for that specific query to the advertiser over HTTP.

Wow. Seriously, I’m stunned. The EFF, which pushes for all encrypted communication, doesn’t have a problem with Google leaving a gaping hole in the data it releases?

Of course, blocking referrers isn’t the same as encrypting searches. I guess the EFF considers the encryption portion of what Google has done to be more important.

Google Encrypted Search Ironically Not So Encrypted?

Speaking of half-measures, it turns out that the Google Encrypted Search service that Google launched last year is actually less secure than the new service that’s rolling out by default for signed-in users.

I loved that Google launched that service, just as I’ve loved that it shifted things like Gmail to being encrypted by default and the greater trend that we’ve been seeing where many web sites go encrypted. In an age when people connect through wireless networks with little thought of how they might be monitored, encryption isn’t just nice, it’s essential.

But Google Encrypted Search, as Google told me today, doesn’t block referrer data in the way that the new service does, not if you’re going from one encrypted server to another.

For example, if you used Google Encrypted Search and clicked on a result to come here to Search Engine Land, because we don’t run encryption, the referrer isn’t passed along. But Cutts said that if we did run encryption — or if any site did — they they would get the referrer data passed along.

The new service entirely blocks referrers, at least from non-ad links. It seems like Google Encrypted Search should do the same blocking, and for all links, non just the free ones. If Google’s stepping up the privacy game, then those who are deliberately seeking privacy by using the service should get full protection.

By the way, I’m double-checking on the issue with Google Encrypted Search and referrers still being passed through in the right circumstances, because the help page about the new default SSL search suggests this doesn’t happen.

Postscript: Google has stressed that this is the way the SSL protocol works in general, to preserve referrer information when moving between two https servers and not any attempt by the company to make Google Encrypted Search somehow less secure. I’d still say that if the new SSL search is going above-and-beyond by blocking some referrers, then Google Encrypted Search should do the same.

Don’t Panic — But Yes, Search Referrers Are Dying

This change is, according to Google, only going to impact a tiny number of those searching — a single-digit percentage, as I’ve said. Anyone not signed in to Google will still send referrer data with search terms in them.

This means there will still be plenty of data to sample, even by SEOs, for doing conversion analysis down to the search term level. There will still be plenty of landing page opportunities. There’s still plenty of direct data through your own analytics on how people are finding you.

It also means, in the short term, that Bing can continue to sample Google’s data in a way that Google dislikes.

By the future is clear. Referrer data is going away from search engines, and likely from other web sites, too. It’s somewhat amazing that we’ve had it last this long, and it will be painful to see that specific, valuable data disappear.

But from a consumer perspective, it’s also a better thing to do. As so much more moves online, referrers can easily leak out the location of things like private photos. Google’s move is part of a trend of blocking that already started and ultimately may move into the browsers themselves.

Overall, I can appreciate Google making the change to default secure searching. But making that change with a big hole opened, if you’re willing to pay for ads, isn’t right.

Postscript: See our follow-up pieces:

Related Topics: Channel: Analytics | Google: Analytics | Google: Privacy | Google: Webmaster Central | Legal: Privacy | Top News

Sponsored


About The Author: is a Founding Editor of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn



SearchCap:

Get all the top search stories emailed daily!  

Share

Other ways to share:
 

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • davep

    A terrible decision by Google. Webmasters, particularly those who do analysis on which keywords convert (as per your article), will suffer massively as a result of this. Is the message from Google “If you want to see what keywords people searched for to find your product, bid on all of them on AdWords and we’ll give you the data”?

    No benefit to users; more pain for webmasters.

  • A.H.

    How many people use SSL on Google searches? 1-2%?

    But something tells me they’re going to add https as a default to signed in users.

    And I’m guessing the $150,000+ Google Analytics package will magically give you access to this “secure” data. :p

  • http://www.exposureonline.com TimDineen

    This is horrible – quite possibly the worst decision Google has ever made!

    >> “Breaking that tie means it’ll be harder for some to do conversion analysis” [from Danny above]

    Won’t that make it conversion-analysis not just harder, but in fact impossible? Shouldn’t we all be doing conversion analysis even if we don’t purchase ads (for a given search phrase)? We’re totally losing the ability to track and determine the value most important organic keywords here.

    This is something that was somewhat expected, but I never thought Google would lead the charge in making the Internet a less-transparent and less analytically-friendly space for publishers and webmasters of any kind.

    What about Google Analytics? Are they going to stop showing keyword data altogether? If not, how can third-party analytics providers ever gain the same data that Google has access to?

    I can understand that Facebook and similar sites might be inclined to add privacy features like url obfuscation, but a when I user goes to a public search engine and enters a search are they really expecting the same privacy levels?

    Google just broke the Internet. The referrer has been important to webmasters forever and they just killed it with this decision.

  • http://www.exposureonline.com TimDineen

    For many aspects of how Google Search operates,

    I say let the users’ choose: This includes Instant Search, Personalization, Localization, social connections, etc… and now to include privacy.

    Google wouldn’t have to do this if they gave users more choice. They already offer complete privacy if users choose the HTTPS option, but if Google was to add an option to simply make a search private (or “incognito”) on a per-query basis then this problem wouldn’t be theirs to solve or webmasters do suffer from.

  • http://smackdown.blogsblogsblogs.com/ mvandemar

    Did they forget the fallout from this, which they then had to go and fix, twice…?

    http://smackdown.blogsblogsblogs.com/2009/02/02/what-will-really-break-if-google-switches-to-ajax/

    Wth? And Tim’s suggestion is dead on… put the power to encrypt in the hands of the logged in user. Hell, make a message to that effect appear on the homepage when a user logs in, so you know they are informed about it to. There is no benefit to doing this by default.

  • http://blog.nextblitz.com galeal zino

    I’m sure Google has considered this for some time, but perhaps Amazon Silk and similar helping to push it into production?

  • Ryan

    Give it six months, then Google will begin offering this data in Google Analytics…. if they’re going to give you data, then they will want your data first.

  • http://www.gamerstube.com Joe Youngblood

    I agree with AH up there. I think Google is struggling to ‘grow’ and is looking at existing models. Time to start siphoning revenue where possible and to do that you need to end the culture of ‘free’. Since the dawn of the internet people/webmasters have hinged their profits and growth on the free nature of many things.

    However, analytics and other other things Google offers for free have had paid-for business models that succeeded even when Big-G jumped into the pool. Now Big-G is looking to get into those markets and actually make some revenue, not just offer it for good will / to abuse the data.

  • http://www.gamerstube.com Joe Youngblood

    Like many things they do to reduce revenue to competitors and enter markets they first state that it’s for the users best interest, in this case that user is the searcher. by doing this they take away a key usage of analytics tools and build a Unique Selling Proposition for their own pro-tool.

  • http://www.linkedin.com/in/joykimseo Joy Kim

    This means the more Google’s personalized search improves user experience and other Google products attract users and encourage them to stay logged in, the less information webmasters will get to understand their users and improve their content and engagement.

    The fact that Google show its commercial interest to keep the PPC advertisers pleased by giving exclusive access to query data while refusing to provide insights to site owners who want to grow and improve the traffic organically concerns me too.

  • http://quumf.com James Lowery

    This seems like a pretty bad move whichever way you look at it, but if at some point Google pull all referrer information from organic search visitors, how are paid search marketers going to spot new opportunities.

  • jhoran

    Google is trying to kill SEO. They hate it and they hate us. We will slowly be cut out of the loop and everything will go Social. They want users to stay logged in so they can recommend sites to you that people “+1′ed” in your circles.

  • http://www.jaankanellis.com Jaan Kanellis

    LOLOLOL

    So you get the referring data in paid and not search, double standard much?

    So now they are going to withhold data, your data, when using their “free” tool. I am sure the paid version will give you access.

    Sure the affected traffic is small now, but doesn’t this tells us a lot where Google is headed with GA?

  • http://pzyche.com Jason Duke

    A very good article Danny, thank you. I feel that you have to look at the wider picture and then analyse each point one by one.

    Here are my thoughts.

    Do I believe that Google originally thought about doing this to protect users’ data? – Yes I do
    Do I believe that Adwords teams, Security teams and Spam teams fought and pulled in differing directions over this? – Yes I do
    Do I feel that a half way house answer was ultimately agreed upon? – Yes I do
    Do I feel that Google did this to reduce the effectiveness of their competitors products? – Yes I do
    Do I feel that SEOs and online marketers in general will adapt and overcome? – Yes I do.

    I feel that someone suggested turning off referer information was a good thing for users. We saw it earlier in the year with the “Ajaxy” style URLs that quickly got rolled back. I believe that this started some serious discussions in the Plex and someone realised that those nasty competitors who had started to drop retargeting cookies on loads of big web sites enabled 3rd party companies to make money based on G’s IP – I can well imagine someone saying “Those cheeky bas****s who are targeting OUR users based on what they search for on OUR website. This can NOT go on”

    I can well imagine that someone thought that the answer lay in delivering BOTH security to users AND killing a competitor.

    Now having said all of that I can REALLY imagine someone shouting very loudly about “Our customers, the guys and gals that actually PAY us, they need to see the referer information to run effective campaigns”

    This is how we ended up with such a mishmash of an implementation and terrible communication and a likely insight into G corp policy and how things really work.

    I think it is totally within G’s rights to not send data such as referer, I also think it is completely dair of them to choose to send it if you pay (via Adwords) but I wished that they would be straight about it.

    Disclaimer alert: I am the CEO and founder of Pzyche.com

    Long live Pzyche, it may not be able to tell you the referer but it sure can tell you all about the person that is visiting your site, whether it’s from Google or any other source.

    Data is the new king and G are flexing their muscles in the data wars and doing what they can to ensure they reign long and hard.

  • http://www.ericitzkowitz.com Eric Itzkowitz

    Good ole Google and their passive aggressive marketing… Let’s give users a little bit of nothing and try to swing this bigger something in right under the veil of good.

    As a business person, I totally get what Google is doing; they have to do things like this to please their investors. Nonetheless, I wish they would have been more honest/transparent about this change, many others in the past and with future changes, as well.

    HOWEVER… GOOGLE… Don’t F’ing pitch me on increased privacy when this change will effect but a mere minutia of your overall audience. I for one am not buying it! Your real strategy, as it has always been, is to continue to erode the organic (aka free) opportunities and force… oops, I mean persuade the majority of businesses using Google to buy more advertising.

    From a business person’s perspective: Nice move Google!

    From an AdWords advertiser’s perspective: Hey, thanks for letting us continue to see data down to the keyword level. That’s down right nice of you considering I have spent a small fortune advertising with you. Not really sure I want more people jumping in now because they have to. Hope my cost per click doesn’t go up, but it will.

    From an SEO’s perspective: I understand the change will not horribly impact my insight into my business, but I like the balance of free/paid right now and you are F’ing up my ratio AGAIN. Bite me!

  • http://www.nametrader.com/nametrader-on-twitter/ Steve Jones

    I can see a few potential reasons why they’re doing this:

    1. The obvious – They may ultimately give it out in Analytics, either free or premium, and basically destroy all competitors in that field.

    2. Even if they don’t do that, as many have said, they don’t like SEO and always do whatever they can to discourage it or reduce its effects, which not having referrer data would do.

    3. Their main online competition lately has been Facebook, where privacy hasn’t exactly been a strong suit. Google may be doing this to champion privacy on its biggest stage (search) to try and convince more people in to Google+, i.e. a positioning move.

    4. Could simply be a way to get more people to log in while searching in an attempt to ultimately lure them in to using Google+.

    However it pans out, I understand webmasters being upset, but if Google feels that encrypted search gives its visitors a better experience, then how can you really argue against it? The vast majority of 700+ million people on Facebook that aren’t on Google+ are not webmasters, and they clearly have a huge focus on making sure Google+ is their successful attempt at social, so those are the people they are after, at the expense of webmasters if needbe.

  • http://www.oneneverends.com Alan Bush

    I’m actually half-expecting this to be some late April Fool’s Joke. As what is already iterated I think this is probably the most terrible idea come out of Google. They disarming the small business owner’s ammunition. In the name of “security” which for one, there’s absolutely nothing vulnerable by knowing the query of a user except providing data to the person’s site HOW that person found your site. Whether you are logged in or not, I can’t see that randomdude@gmail.com did a query that found my site. And even if I could, wouldn’t it make more sense to just block THAT information rather than the keyword? It is absolutely ridiculous to omit keyword information.

    Now if this is based on the select few that want to CHOOSE to have their results encrypted or blocked from analytics, that is understandable. But as someone pointed out, it’s the default (or likely to be the default) of anyone signed in. This means, if you use Google directly after signing in to your Gmail and/or Google + account, you’re opting in. Most of the average populace don’t know or don’t care about changing these settings so they’ll just roll with it. And this will skew analytics results to have gaping holes in the data provided. Yes I know they’re organic but I can’t tell who came in from where if they’re on the personalized setting…which is probably even MORE important than ever now given all the crazy updates and algorithm changes.

    Bing, I may be heading your way more frequently.

  • TimmyTime

    “In Google’s new system, referrer data will be blocked. This means site owners will begin to lose valuable data that they depend on, to understand how their sites are found through Google.”

    This will not matter anyway, soon enough Google isn’t going to send much our way, and maybe that’s why they did it. They don’t give a rats @ss about you or privacy, just MONEY, especially with Larry as CEO.

    If you get a visitor from Google, be happy and don’t ask questions. Google had a 28% increase of clicks from last year and over 10% from the past quarter. Many people that call search engines their business decided to miss that tiny detail along with few others. How convenient for them.

  • http://www.travelsize.ie Mick OHea

    Currently, if you have a number of high volume traffic keywords, and you suddenly notice a drop in traffic, you’d look at which keyword it was for, check the SERPs, and if you’ve dropped start looking for news of an algo change, or some other possible cause.
    With aggregated data, it’s going to be a lot harder to work out which keyword(s) are responsible for a traffic drop, or surge, unless you’re monitoring rankings for all of them daily. And even then it might not be a SERP related issue, could be down to seasonal factors, a trending news story, anything.

    It also makes it harder to keep an eye on Google. Another, more evil, corporation might use this as a first step down a road towards being able to manipulate SERPs without being detected as easily. /tinfoilhat

    It massively changes the search dynamic. Webmasters allow search engines to crawl their sites for free, in exchange for traffic, and detailed information about the source of that traffic. Search engines use the information gained to make money. Google are now unilaterally effectively saying they’re going to pay less by offering inferior traffic information.

    The biggest joke is that Google make a big deal about it protecting user’s security. In fairness, who’s in the best position to use your data for their own benefit? Some random snooper in an internet cafe, any of the dozen small websites you visit daily who currently get your keyword data and little else, or the world’s biggest search corporation which will still be keeping a record of everything you search for.

  • TimmyTime

    “It also makes it harder to keep an eye on Google. Another, more evil, corporation might use this as a first step down a road towards being able to manipulate SERPs without being detected as easily. /tinfoilhat

    THANK GOD Google is nice and doesn’t care about squeezing every penny or else…. And thank god we have truly independent search bloggers that keep an eye on that and report in an unbiased manner.

  • http://www.homecliq.com Zakary Venturo

    I don’t know. Maybe it just makes you work a little harder.

    So you got to do some manual searches yourself, look at related search queries on the front of the page, use their keyword tool in AdWords, but I would think you would have a fair idea to do this from knowing what landing page someone ended up on.

    Nothing stops you from narrowing it down to specifics at conversion.

  • http://yeltv.com Vincent

    For those who didn’t test it yet: I did:

    with http://www.google.com
    (organic?) referrer is utmctr=heeh%20breda%20vergunningen – http://www.heeh.nl
    Both for signed-in and not signed in.

    on https://www.google.com the referrer looks like this (SSL encoded)
    0CCkQFjAA&url=http%3A%2F%2Fwww.heeh.nl%2F&ei=GH-eTpHDEM6F-wb73cGDDQ&usg=AFQjCNFyettknvZdhxsiD6eG0yr3GNiZ0A&sig2=iZKabLPynyM6PzBNjjeDJg http://www.heeh.nl

    In the W3C log the site is still http://www.google.com and not https. I’m sure they will force https before XMas 2011

  • http://uk.linkedin.com/in/rashidmamun Mamun Rashid

    Amid various security concerns all over the internet, I doubt the “search term” is in the top ten for any user.

    Wouldn’t it be better for Google to just declare that it is launching a premium products and therefore taking away the freemium product. How does that work with it’s motto of making world’s information available to the masses?

    What a poor attempt at making money. You should be ashamed Google!

  • http://www.nathanielbailey.co.uk Nathaniel Bailey

    Ok so this bit may end up pissing a lot of parents off and even making google have to change how this is done:

    “People who administer their own networks have a way to override the default. Google says that’s important for places like schools, where if you’re trying to block porn sites, using encryption makes that impossible.”

    So parents, google is basically saying that unless you know how to manage your network, you cant block your children from seeing porn sites etc?!

  • Mike

    I think I’m delighted. A competitor site generates a new tag page for every incoming query they get, and they’re using it to spam Google’s index with hundreds of thousands of junk pages. I don’t want to have to pull lame moves like this just to stay ahead, so I welcome anything that makes it less of a problem.

  • http://www.stevenmapes.com steven mapes

    Wow, this is a massive mistake.
    Receiving search data per user is really important for business analysing their keyword, for SEO, for rendering a site or page best suited for the user especially on a shopping cart site. If I have an exact match on the item you are searching for I will most likely want to take you directly to that page and decrease the clicks needed for the user and thus increase my conversions.

    By removing this Google are taking away this as well as limiting the actual keyword and phrases that users are searching on.

    If Analytics gave all the results everyone ever needed it would not be an issue but, frankly, its not a tailored solution and is the case of my main employer, its not able to cope with the design of the platform so using it for keyword performance analysis across all of the dimensions that we need to produce is impossible.

    This is actually going to have a potentially huge negative effect on rankings of sites and will undo the work that people have spent months on consolidating pages, removing duplicate content and low quality pages, using the canonical tag etc.

    Here’s why.

    In the past, if a site has category pages with pagination that then linked to thin content product pages to reduce the chances of the sites being penalised by your algorithms for duplicate content they would canonicalise the pages back to the category page.

    Imagine the category was “shoes”. If the end-user searches on “Nike Shoes” and finds their page, they would click that then the page may say “actually you searched for “nike shoes” lets apply a filter or even redirect them to a specific nike category”. They will not be able to do this now.

    So instead they will have to remove the canonicalisation and actually add thin pages back into their site maps and allow them to be spidered which will increase the chances of having both duplicate and thin content which will obviously now have a negative affect on the entire site!

    So effectively by doing this Google will be undoing the work that Panda etc has tried to do to clean up search results. The winners are Google and the content writers.

    I really hope that they realise the massive mistake that this is as, judging by there past trends, this will be rolled out to be the default for all users.

    Its also a massive concern to me that the Webmaster blog says “don’t worry the data will be available within Analytics”, but then the Analytics Blog says “oh no it won’t”

  • http://www.bazingawebdesign.com B.W.D.

    How will this impact those of us who use Organic Keyword Ranking tools like Advanced Web Ranking to track our position in the Search Engines for a set of keywords?

    Also, will it impact keyword discovery tools like WordTracker?

  • JezC

    … but we already lose about 20% of the data, from browsers that give no, false or misleading referer_info fields, anyway. When you look at Google Analytics, “Direct” is over-represented as a result, and organic searches are under-represented. So long as there isn’t a preferential skew in the search terms, a few percent change does nothing to really affect the already high noise generated by not-knowing about a substantial fraction of visitors whose browsers don’t pass referrer data, or the various other causes of the loss of originator.

    Compare the tracking data from AdWords URLs, with the referer_info and you’ll see (one view) of the problem. They often don’t match – and that’s in AdWords accounts that don’t use the Display Network – pure Google based search.

    The amount of data lost – *IF* the 1-2% is accurate – is down in the noise.

  • A.H.

    “Google Certified Ecommerce”
    “Google Certified Adwords Professionals”
    “Google Safe Site Assured”
    “Google Approved Content”
    “Google Approved spying on users and serving up ads”

    Thanks Big G!

  • http://www.stanleyoppenheimer.com/blog Stan Oppenheimer

    Not to get vindictive and such

    but I’m curious – If it’s possible to block an SSL incoming search from the Google Site?.

    Google would change its tune pretty fast if the logged in user, could not access popular content! This would only affect the logged in Users – but this would take a large number of players to implement this.

    This would be a polite way of pulling the welcome doormat over this policy.

    Just a thought.

  • Gary

    Boo Hoo. All these webmasters on here complaining that they won’t know how their web page is accessed, and therefore won’t be able to continue to “bomb” people with more advertising junk in an effort to increase their own profit margins.

    Hey, guys and gals, maybe some people at Google care about their customers’ personal privacy concerns and don’t give a hoot about whether you can make your website ultra profitable using their tools. Believe it or not, search engines weren’t invented for your personal benefit, but rather to enable an enhanced customer experience for the Google user.

  • http://smackdown.blogsblogsblogs.com/ mvandemar

    @Gary – “Hey, guys and gals, maybe some people at Google care about their customers’ personal privacy concerns”

    BWAHAHAHAHAHAHAHA! F’in good one! :D Heh, heh… yer such a kidder.

  • http://searchengineland.com/ Danny Sullivan

    Gary, perhaps you missed this. Google is going to block passing along information to sites that don’t pay to be in their results, under the claim of greater privacy for its searchers.

    But for those who do pay to be listed through ads, they can get all that same information that was deemed to private to give out.

    If Google really cared about customer privacy, it wouldn’t provide that information only to its advertisers, which in turn can be used to retarget those customers across the web.

    Believe it or not, Google wasn’t created as a non-profit enterprise for the benefit of consumers. It was created as a for profit enterprise that ultimately seeks to benefit Google itself. Google usually does understand that what benefits it is what benefits the consumer. But in this case, it’s clearly deciding that advertisers should get the edge over consumer privacy.

  • B.S.

    Thank you, Google. I search for information, not sales pitches. I want to be connected with websites which focus on informing me.

  • http://www.tom-collinson.com Tom Collinson

    From my point of view as an SEO this is horrible news, however let’s be perfectly honest – 99% of all SEO is about ‘gaming the system’ and getting unwarrented boosts in rankings. This change has the ability to address that and SEO will continue its evolution into a more traditional marketing role – links will still count but your ability to manipulate your link profile will diminish.

    With the growth of the social web and its integration with Google it just reinforces the need to provide quality content that’s worthy of links, rather than being able to identify key terms that you don’t otherwise deserve to rank for and creating a link building campaign that will manipulate Google.

    It’s certainly hypocritical though to say it’s in the interest of users privacy unless you pay for the data, in which case their privacy can go to hell.

  • B.S.

    @Tom Collinson,

    Bingo! To be “optimized” should mean “to be discoverable.” It should not mean “to rank high.” Create quality content about your subject. Make your content discoverable (i.e., follow Google’s SEO guidelines). Then, allow nature to take its course. If you feel your content needs more eyes, pony up the dime for marketing rather than scamming search engines.

  • http://propsblog.com Blake Waddill

    For those staying this is great because it kills SEO spammers… doesn’t this just make spammers work to rank for an even wider variety of keywords instead of only targeting some?

    I don’t understand the outrage of websites knowing what search term I used to get there…

  • Britt

    So does this mean that if I were willing to pay for Natural Search traffic, Google would be willing to share the referrer information with me?

    Just wondering…..

  • Britt

    On a more serious note:

    I think the most duplicitous part of this announcement is the suggestion that users should really be afraid of how the sites they click to from Google may use their search data, when in the vast majority of cases sites are using this data primarily on an aggregate level for analytics.

    What users should really fear is how _Google_ will use their search data, and the reality is that it is precisely when you _are_ logged into Google that Google can and will use this data to build a user profile for you which they will sell to advertisers. Until Google can also assure us that they are not internally using this data, I personally feel safer logged out than in.

  • http://www.lauralippay.com lauralippay

    There’s a lot I’d like to say about this, but since I have limited time, let me just narrow it down to ^%(@^%#@&%**& &@$&^!!*@!**!&@(*^*!!!$&@%!@^!

  • http://about.me/alexedlund Alex Edlund

    “Thank you, Google. I search for information, not sales pitches. I want to be connected with websites which focus on informing me.”

    @BS
    Again, this will not impact PPC advertisers. If anything it will become even more competitive and you will see ads as prevalent as ever.

  • http://www.measurablemarketing.eu Claireipowell

    Hi Danny, Thanks, this is comprehensive coverage.

    Google is playing the privacy card, but in half measures … user defined would have been better than default.

    If this was really about users security and privacy, Google would have been totally transparent and given users choice around how their data is used, rather than serving up default settings that suits Google.

    If you are interested, the impact on users, Google and marketers and web publishers is written up in my blog post: http://www.measurablemarketing.eu/2011/10/google-is-playing-privacy-card-but-in.html

  • http://www.saveamillionshots.com Laurie O’Toole

    Thanks Danny – good coverage of the whole affair. My question is whether anyone has looked at the “Single Digit Impact” issue.

    We’ve just completed our own research on (not provided) instances in Google Analytics reports and this is what we have found so far.

    Across a sample of 140 websites analysed (this research base will grow by the day) since 18th October to date, the average number of (not provided) queries expressed as a percentage of organic keyword visits is 2.82%.

    But we have also seen a site with 325 of 1373 – 23.67% of visits affected! (the full research is on our blog and we’ll update daily) – shout if you want a copy.

  • http://www.blueridgeonline.com B.R.M.

    This is a perfect example of Google trying to have internet dominance. I will guarantee you Google will offer this with a paid version of Google analytics. Why else would they pass this information along with paid ads? Google is not very good at competing with other companies in a market they are interesting in profiting from. It is simpler to buy them out or change the rules to accommodate what they want then too have to compete against others. If Google really wants to help with consumer privacy they would devote all these panda efforts into removing spyware, dangerous downloads, and botnets. At some point Search Engines are going to have to be regulated just as the telephone systems are. Companies today depend more on Search Engines then they do their telephones ringing. Google knows this that is what is so darn frustrating. Bottom line it is just like the occupy on wall street, websites are being categorized by who spends the most with Google and which sites profit Google more by running Google Ad-words. And lord knows if you are a webmaster trying to make a living and sell a link on your own website you could be punished. Does anyone not see the irony in this?

  • http://sparringpads.com S.P.

    Is MC on to something http://searchengineland.com/mc-hammer-announces-wiredoo-search-engine-97766

    More alternative SE are welcomed, perhaps if you can rank across multiple SE for your KW you could gain the same traffic.

    Not loving Google right now but will adapt.

  • http://www.capoeirascience.com Andy Cientista

    This is terrible terrible news. Google is harming the openess of the web and skewing success to those with big budgets. Pretty soon the Internet will be a model of the outisde world with big corporations taking the lions share.

    Let’s not forget that Google trades on an image of representing the Internet, they don’t this is pure greed disguised in ‘privacy concerns’. It should not be default.

    Time for a new Search Engine to enter the fray, one like Google used to be.

  • http://roshanjoshi.com.np Roshan Joshi

    Google real-time is still tracking the data despite signing in (SSL login). so that is one possible workaround.

  • http://searchengineland.com Jonathan Hochman

    Danny,

    This story is probably too far past for anybody to notice if I post a comment, but you should know that HTTPS is not a panacea for Internet security. It is a good login pages and forms that handle sensitive information. However, putting the entire web under HTTPS would be a huge and unnecessary expense.

    1. HTTPS uses more bandwidth than HTTP. Changing the whole Internet to HTTPs would literally require building more data centers and power plants.
    2. HTTPS pages tend to load more slowly, especially on mobile devices and congested networks.
    3. HTTPS offers no real security advantages for static, brochure-like HTML pages. If somebody wants to hack the network and spy on me browsing the Lands End catalog, they will learn that I prefer polo shirts and turtlenecks. So what.
    4. Most site owners don’t have a security certificate. It can cost a few hundred dollars per year per domain to set up HTTPS.
    5. When a site is switched to HTTPS stuff can break. Debugging that broken stuff is expensive.

    Site owners need to understand when HTTPS is beneficial and when it is detrimental, and be smart about how they use technology because there are trade offs. There are good security measures site owners can take, and I’m concerned that your post give some people the wrong idea and may divert resources away from their best use.

    Google should give logged in users the ability to block referrer info. When not blocked, Google should continue to provide this info to site owners according to tradition. That would be the fairest result.

    Best regards,
    Jonathan Hochman

  • les_madras

    Danny, I believe Google is doing this to deny search signals to Facebook.  Like buttons are everywhere on the web, and Facebook is recording but not yet using referrer signals. Taking away search signals will impair Facebook ad targeting for years to come.

  • http://www.facebook.com/guilhermeviebig Guilherme Viebig

    This is bullshit, like les_madras comment, tey´re just doing it to avoid other people to take benefit, happens that now, other people are powerfull, like facebook

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!

 


 

Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide