Post-PRISM, Google Confirms Quietly Moving To Make All Searches Secure, Except For Ad Clicks

Not ProvidedIn the past month, Google quietly made a change aimed at encrypting all search activity — except for clicks on ads. Google says this has been done to provide “extra protection” for searchers, and the company may be aiming to block NSA spying activity. Possibly, it’s a move to increase ad sales. Or both. Welcome to the confusing world of Google secure search.

Two Years Ago: Secure Searching For Logged-In Users

In October 2011, Google began encrypting searches for anyone who was logged into Google. The reason given was privacy. Google said it wanted to block anyone who might potentially be eavesdropping on a string of searches made by an individual and also prevent the actual search terms themselves from being seen by publishers, as some of them might be too “private” to reveal.

This Month: Secure Searching Being Made Default For Everyone

Now, Google has flipped on encryption for people who aren’t even signed-in. When asked about this last week, Google confirmed the shift, saying:

We added SSL encryption for our signed-in search users in 2011, as well as searches from the Chrome omnibox earlier this year. We’re now working to bring this extra protection to more users who are not signed in.

I sent a series of follow-up questions to Google after getting that statement and am still waiting for a response to them, so I’ll update as I hear more. Is this worldwide? How soon until it happens for everyone?

A Sudden Change

One key question is “Why so suddenly?,” what prompted Google to make such a change out of the blue. And it was sudden.

When searches are encrypted, search terms that are normally passed along to publishers after someone clicks on their links at Google get withheld. In Google Analytics, the actual term is replaced with a “Not Provided” notation.

Over the past two years, the percentage of search terms as “not provided” has increased as Mozilla’s Firefox in July 2012Apple’s Safari browser in iOS 6 in September 2012 and Google’s own Chrome browser in January 2013 have used encrypted search, even when people aren’t signed in at Google.

That’s lead to a steady increase but not giant leap in “not provided” activity. But in the past month, the increased encryption on Google’s side has produced a dramatic spike:

Not Provided Count - Charting the rise of (not provided) in Google Analytics-1

The chart above is from a site called Not Provided Count, and it tracks the percentage of terms being withheld across 60 different web sites. You can see the spike that began around the week of September 4 and which currently shows almost 75% of terms being withheld.

It was after viewing this chart on Friday that I asked Google if there had been some type of change, because the percentage of not provided terms can also vary from site to site — or even for “basket” of sites for different reasons. As noted, the change is real, and confirmed by Google.

There are two main reasons why Google may have made such a quick switch, and perhaps both are even factors.

Done To Block The NSA?

The first is the whole US National Security Agency spying thing. In June, Google was accused of cooperating to give the NSA instant and direct access to its search data through the PRISM spying program, something the company has strongly denied. That hasn’t saved it from criticism.

Since then, Google’s waged a campaign to allow it to be more transparent about the number of spying requests it says it does receive — on a limited basis and not involving direct access — but which it’s forbidden by US law from disclosing. It also began increasing encryption between its own data centers.

I suspect the increased encryption is related to Google’s NSA-pushback. It may also help ease pressure Google’s feeling from tiny players like Duck Duck Go making a “secure search” growth pitch to the media. Duck Duck Go and have seen large gains in traffic, though relatively speaking, what’s large is nothing for Google. The PR loss is far, far greater than the user loss, if any. But Google doesn’t like PR losses of any type.

Done To Boost Ad Sales?

The other reason is that Google recently made a change so that one of the easiest ways for publishers to see the actual terms that have been withheld over time is through the Google AdWords system.

See, apparently search terms aren’t so private that Google withholds them entirely. Rather, it withholds them from being transmitted in the clear across the internet. Publishers can still see these terms by going into the Google Webmaster Tools area, though they only see the top 2,000 per day and only going back for 90 days (something Google said earlier this month will increase to one year, in the future).

If publishers don’t somehow constantly archive these terms, they’re lost. But a change to Google AdWords in August allows publishers to store the terms as long as they like, for easy and instant access — as long as they use Google’s ad system.

It’s an odd situation that Google won’t archive search term data within the toolset it expressly built for non-advertisers — Google Webmaster Tools — but does allow this through its ad system. It suggests that terms have been withheld all along in part to create new Google advertisers.

Privacy Loophole Remains For Advertisers

That’s especially so given that ad search traffic has never been made secure. No encryption stops people from eavesdropping on the terms used when someone searches at Google and clicks on an ad. Google’s also never prevented this information from flowing directly to advertisers, in the way it has for non-advertisers.

More Background

So. Increased privacy to thwart the NSA? Or a handy excuse to do that and increase potential ad sales? If I learn more, I’ll update. Meanwhile, for more background, see the key article from earlier this month, below:

Postscript (5:05pm ET):

Google’s sent this update:

We want to provide SSL protection to as many users as we can, in as many regions as we can — we added non-signed-in Chrome omnibox searches earlier this year, and more recently other users who aren’t signed in. We’re going to continue expanding our use of SSL in our services because we believe it’s a good thing for users….

The motivation here is not to drive the ads side — it’s for our search users.

It’s still not clear why Google seems to have ramped up things especially today.

Related Topics: Channel: SEO | Features: Analysis | Google: AdWords | Google: Analytics | Google: Webmaster Central | Legal: Privacy | Top News


About The Author: is a Founding Editor of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • jaimie bisbee

    my aunt recently purchased a great Mercedes-Benz B-Class Electric
    Drive Hatchback only from working part-time off a macbook… Continue Reading

  • Prenatal Cradle

    Google appears to be on a mission to crush small business, no doubt the result of big-money bribes at executive levels.

  • In Vader We Trust

    The G empire is coming to the dark side. EXCELLENT!!!!

  • Eliran

    Very sad to hear that.. No more information about search queries :(

  • Bijutoha

    Now I am satisfied on “Google now encrypts all search query data.” Really a great job from google to inspire white hat seo.

  • John Stein

    Yeah…..sign me up for a “conversation” with Google-nsa-usa!!!! Google is soon done!!!!

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide