Firefox 14 Now Encrypts Google Searches, But Search Terms Still Will “Leak” Out
Firefox 14 has officially launched today, which means all Google searches are encrypted by default. However, due to a Google loophole, the encryption will not prevent things you search for from “leaking” out to Google’s advertisers nor potentially showing up as search suggestions or in data reported to web sites through Google Webmaster Central. The Firefox team saidof the change:
We automatically make your Google searches secure in Firefox to protect your data from potentially prying eyes, like network administrators when you use public or shared WiFi networks.
This is true. The “secure” version of Google search that Firefox will be using — called Google SSL search — does prevent anyone from “eavesdropping” on what you’re searching for. However, Google SSL search will tell advertisers what you searched for, if you click on their ads. If Firefox were trying to make searching fully secure, it would also block what’s called “referrer” information from being passed along, in addition to using Google SSL Search. Technically, this shouldn’t be a problem. However, Firefox apparently has decided against doing this. Our previous story explains more:
As for Google, it could also prevent referrer information from being passed along to advertisers, if it wanted. However, it made a deliberate choice to keep providing this information. The choice continues to be confusing. When Google made the change last October to block referrer informationfor non-advertisers last year, the argument was that this was intended to protect privacy, that search terms themselves were potentially sensitive and revealing information. However, those same potentially sensitive terms are provided to advertisers, plus they may be revealed within things like Google Autocomplete or in data reported to publishers through Google Webmaster Central. The articles below explain more about these issues:
- Google Puts A Price On Privacy
- 2011: The Year Google & Bing Took Away From SEOs & Publishers
- Google’s Results Get More Personal With “Search Plus Your World”
- Google “Search Plus Your World” To Launch Beyond US? Likely, As Secure Search Set To Expand
Postscript: My Debate With Firefox
I’ve been having a bit of a back-and-forth between Asa Dotzler, the director at Mozilla who oversees Firefox, who both accuses me of not understanding how Google SSL Search works and misrepresenting what Mozilla has said about how it will provide privacy within Firefox. Actually, I’ve come to think that Mozilla doesn’t understand how Google SSL Search works and itself has been misrepresenting how privacy protection will work — and not work — within Firefox.
SSL Search Blocks Two Types Of Leakage, Not One
Here’sthe comment at The Verge where Dotzler tells me I don’t understand what’s happening:
Danny, you misunderstand what SSL search is trying to accomplish. We’ve made the connection between the user and Google secure from snooping. That’s what SSL does and that’s why we’ve implemented it. Google can do what ever it wants with the data once it gets it, but the bad guys sniffing your wi-fi connection cannot get at your information.
Given that I’ve been writing about Google SSL Search in-depth (see those links above) since Google launched it last October, yeah, I have a pretty good idea of what it is and what Google was trying to accomplish with it. My replyat The Verge:
I’ve not misunderstood what SSL search is trying to accomplish. In fact, I probably understand it better than you do. Otherwise, I wouldn’t be having to explain the next part. SSL Search was rolled out because Google said that search term data was too sensitive to be leaked out, either through eavesdropping on a connection (what encryption prevents) or by passing along those terms in referrer data to publishers. SSL Search blocked BOTH of those things, because Google itself felt they were co-equal issues. SSL Search, however, specifically did not block passing referrer data to Google’s advertisers. Sensitive search terms data was apparently not so sensitive for Google’s advertisers to have access to. When Firefox makes use of SSL Search, you’re still allowing all those advertisers to see the search data that supposedly is too sensitive to leak out to non-advertisers. If you really wanted to make SSL Search as secure as Google could have — and should have — made it, then Firefox would stop passing referrers. Alternatively, you could use the completely separate Google Encrypted Search. That would prevent referrer leakage except in the extremely rare case where someone left Google for another secure site. The site would still see the referrer, but at least the data would remain encrypted. I’m pretty sure that by using SSL Search, the referrer data is being passed along without encryption, potentially opening up the ad clicks from Google to eavesdropping.
If you want to understand more about this, the referrers, the difference between Google SSL Search and Google Encrypted Search and how it all plays out with Firefox, I’ll refer you back to reading this previous post from me: Firefox To Use Google Secure Search By Default; Expect More “Not Provided” Keywords To Follow.
Firefox Told Consumers Change Would Help Strip Search Terms From Referrers
Now, you could excuse Firefox from all this, I suppose, and say that Mozilla is only talking about how it supports the first part of what Google SSL Search means to protect, the actual connection, the direct conversation with you and Google. However, that’s not what Firefox said when it started talking about adding SSL support last May. From its post then:
Additionally, using HTTPS helps providers like Google remove information from the referrer string. While Google users may expect Google to know what they are searching for, Firefox users may not be aware these search terms are often transmitted to sites they visit when they click on items in the search results; enabling HTTPS search helps sites like Google strip this information from the HTTP referrer string, putting the user better in control of when and to whom their interests are shared.
There’s no mention of the fact that actually, HTTPS doesn’t help Google at all in stripping referrer strings. That’s because Google has decided to deliberately override how HTTPS is supposed to strip information. If you want to understand more about that, in detail, see my previous post, Google Puts A Price On Privacy. There’s also no mention that referrer data from ad clicks will continue to be transmitted to sites. If I had to guess, I think Mozilla posted this because it didn’t understand that Google wasn’t following the standard process of how encryption is supposed to break referrers if you pass to an unencrypted site. That’s unfortunate for Mozilla, because it put it in the position of making a claim about what the Firefox change would do without an important caveat. When I pointed this out to Dotzler on Twitter, his responsewas:
You’re misrepresenting what Mozilla said. We said “it helps providers like Google remove …” which it does.
Yet Firefox Also Says Change Has No Impact On Google Stripping
Again, it doesn’t help Google, and if Mozilla fully understood how Google SSL Search worked, it wouldn’t have made that claim in May nor would Dotzler have repeated it in tweet above. Moreover, repeating that claim makes absolutely no sense when Dotzler also said this today in another comment at The Verge:
If Google wants to pass on the search term they can, regardless if the connection is SSL or not. A user sends a search term to Google (which is protected from eavesdropping by SSL) and then Google generates a page of results based on that search term. There’s nothing preventing Google from attaching that search term to the referrer coming from Google. SSL says nothing about that. What the SSL connection between Firefox and Google does is to protect your searches from people snooping on your wi-fi connection or otherwise intercepting your connection.
Apparently, HTTPS doesn’t help at all with stripping referrers since “there’s nothing preventing Google from attaching that search term to the referrer” as Dotzler wrote. That’s the opposite of what Firefox blogged in May and what Dotzler tweeted to me about my supposed “misrepresentation” of what Mozilla said.
How SSL Is Supposed To Strip
Dotzler also said, in terms of referrer stripping that “SSL says nothing about that.” Well, Google told me that it did say something about this, as I covered before. And here’s are the specs for HTTP 1.1 that specifically talk about why browsers shouldn’t pass referrer information when someone goes from a secure site (say Google) to a non-secure (say an advertiser’s site) environment. Those are the same specs cited from by the Wikipedia page that Mozilla’s own May blog post pointed at, when it raised the issue of referrer stripping.
No mistake. It is a big privacy improvement for searchers using Firefox that the browser has shifted to Google SSL Search. It’s a nice move for Firefox to make, even though it will cause more marketing data to disappear.
But it’s a pity that not one story covering the change that I’ve seen listed on Techmeme (other than our own) mentions the advertiser loophole that Google SSL Search left open. It’s an important point. It’s certainly one that Mozilla could have mentioned in its own post today.