A change in iOS 6 made by Apple and not anticipated by Google means that for the past week or so — and likely for some weeks to come — those reaching web sites from Google’s search engine after doing searches from within Safari will be counted as “direct” traffic rather than “search” traffic.
As we reported last week, those using the built-in search box within Safari are now having their searches sent though Google SSL Search, if they use iOS 6. Apple apparently made this change in order to increase privacy for searchers. It won’t officially confirm that but neither is it saying that our assumptions are wrong.
Only Apple could have made the change within the Safari search box (Google certainly didn’t ask for it, as explained below). The shift to using Google SSL Search is similar to how Firefox made a similar change earlier this year and Google itself did so last October, for signed-in users.
Change To Protect Privacy
In those cases, the change meant that what people searched for wasn’t exposed to potential “eavesdropping” when they clicked on a link from Google’s search results and were sent to a destination web site. This type of eavesdropping can happen because normally a web browser sends what’s called “referrer” information when someone clicks from one page to another. It’s sort of like a Caller ID for the web.
The browser reports the URL of the page you clicked from to reach a new page. If that page is from a search engine, the referrer often contains what you searched for in it. In this way, analytics programs like Google Analytics can separate out “search” traffic from “referral” traffic and show the most popular terms used to reach your web site.
Our article, The Death Of Web Analytics? An Ode To The Threatened Referrer from 2010, explains more about how referrers work to pass search terms.
Last year, Google stopped passing search terms when it switched on Google SSL Search for signed-in users, except for when people clicked on ads. Those referrers still exposed search terms, a potential eavesdropping leak, but a compromise Google felt comfortable with. The stories below explain more about this:
Even with the change, publishers at least could tell that a search referral had happened. That’s because Google SSL Search was configured to still pass along referral information, just stripped of the actual terms. In other words, publishers were told an “empty” search had happened to reach their web sites (something Google Analytics reports as “not provided”).
When Firefox began using Google SSL Search earlier this year, more search term data was lost, more “empty” searches reported — but at least the traffic still appeared as if it was coming from Google searches. That’s not the case with Apple’s shift.
Searches Become “Direct” Traffic
As it turns out, Google SSL Search is configured by Google differently for mobile browsers. The mobile version doesn’t send any referral information at all. Nothing goes out to publishers from a click on unpaid listings. Nothing goes out from paid listings (except within the AdWords reporting system).
It’s not just that search terms are stripped. No referral is passed, period. This means that anyone who does a search using Google through Safari’s search box in iOS 6 and clicks from Google’s results to a site will appear to the publisher as if they directly went to the site rather than having found it via Google.
Consider these stats from Search Engine Land, drawn from the past three weeks. They show visits to us by iOS operating system version. You can see that iOS 5.1.1 is the leading source (51%), with iOS 6.0 right behind (37%):
Now consider these stats, which show that for iOS 5.1.1, the leading way users of that operating system find our web site is through Google (27%) followed by direct visits (22%):
Here’s the situation for iOS 6 visitors:
Google drops from the leading source of iOS traffic (as it was with iOS 5) down to fourth, at only 9% overall. Visitors using iOS 6 finding us directly skyrockets to 49%, if you believe the stats.
You shouldn’t believe them. People haven’t suddenly changed their behavior in iOS 6, seeking us out directly. It is, as I’ve explained, that iOS 6 now sends many Google searchers through Google SSL Search, where the lack of referral information means stat programs assume they are direct visitors.
By the way, an easy way for those with Google Analytics to see the impact on their own sites is a special comparative dashboard Dan Barker created; read more about it here.
Google SSL Search: Desktop Vs. Mobile
To recap, searches made through Google SSL Search operate like this:
- Desktop: Referrers passed from unpaid listings, stripped of search terms; full referrers passed from paid listings
- Mobile: No referrers passed from any listings
The only caveat is that if someone clicks from a Google SSL Search listing that leads to a secure web site, then the full referrer would pass. This is technically how referrer passing should always work. It doesn’t work that way with desktop search because Google has deliberately changed things to ensure that search traffic can be registered in some way (“empty” searches for unpaid listings; full search term data for paid clicks).
The Speed Issue
So why hasn’t Google made the mobile version of Google SSL Search work the same way? Speed, it seems. Google told us:
If you go to google.com on most mobile web browsers today, you don’t get SSL. Currently there’s significantly more latency for SSL connections on mobile devices that we believe creates a poor user experience, so we’re looking into the best way to make HTTPS connections faster on mobile devices. That’s why we don’t yet show personal results on mobile, either.
For now, SSL Search on desktop continues to be a leader for offering more secure searches, which other major search engines don’t offer in any form.
For the web browser on iOS 6 with SSL on by default, our web servers don’t yet take that fact into account. We’re investigating different options to address this issue.
To be clear, if you’re on Safari (or any mobile web browser) and you sign-in to Google, you will not automatically be shifted to a secure connection for your searches, as you would if you did the same using a desktop browser. That’s because doing so would slow things down. Google wants to keep things speedy, so privacy from potential eavesdropping is deemed less important with a mobile connection.
But anyone can force a secure searching connection by going to Google’s SSL Search (https://google.com). That’s what Apple is doing. It’s routing searches there. Since Google wasn’t expecting this, it hasn’t changed how the mobile SSL connection passes referrers.
Google Fix Might Restore Referrals (& Make Privacy Worse)
Hopefully, Google will fix things on its end quickly. It’s unlikely that Apple’s going to change people back to a less secure connection. It is likely that searches done with Google and through Safari’s search box will continue to grow, as people continue to upgrade to iOS 6. That means more of those searches will mistakenly appear as direct traffic (this isn’t an issue for the alternative Safari search engines of Bing and Yahoo, since they have no secure search that Apple can route people to).
There’s also a rich bit of irony. Right now, Apple’s change means that many iOS 6 mobile users are getting a more secure version of Google SSL Search than desktop users, since the mobile version doesn’t have the deliberate leak to advertisers that Google allows. If Google “fixes” the mobile version to operate like the desktop version, it will actually have made it less secure.
Alternatively, Google could make a fix that allows referrals to pass from unpaid links and ad links but stripped of search terms from both. Doing so would ensure that search traffic would be properly registered but without the hypocrisy to declaring that search terms are so private that they need protection from eavesdropping except when it comes to keeping advertisers happy.
- The Death Of Web Analytics? An Ode To The Threatened Referrer
- Google To Begin Encrypting Searches & Outbound Clicks By Default With SSL Search
- Google Puts A Price On Privacy
- Google’s Results Get More Personal With “Search Plus Your World”
- 2011: The Year Google & Bing Took Away From SEOs & Publishers
- Firefox 14 Now Encrypts Google Searches, But Search Terms Still Will “Leak” Out
- Safari Shifts To Google Secure Search in iOS 6, Causing Search Referrer Data To Disappear