Feeds

Google's encrypted search casts shadow on web analytics

SSL snuffs browser referral

Top three mobile application threats

In adding SSL encryption to its primary search engine, Google isn't just protecting your traffic from anyone sniffing your network. It's also preventing third-party webmasters from tracking the search terms you used to find their sites. That may be a good thing for netizens intent on privacy lockdown. But for webmasters, it could be a bit of a problem.

Last Friday, Google told the world that an SSL-encrypted version of its core search engine was available at https://www.google.com (Notice the extra "s").

The company already offered https with several other services — including Gmail, Google Calendar, Google Docs, and Google Sites — but encrypted search is a little different. As Scroogle founder Daniel Brandt pointed out in response to our story on Google's announcement, when SSL is turned on, your browser will stop sending referral data to any non-SSL sites you visit through Mountain View's search engine.

"If you click on a link to some non-SSL page...then when you arrive at that page you will arrive with your referrer stripped," Brandt said. "The webmaster on that site won't know that you came from Google, and won't know what search terms you used to get there. He won't even know if you used a search engine (you could have just keyed in the URL in your address bar, which would also cause no referrer)."

Google acknowledges this in its "Help Center" article on SSL search, pointing out that it could affect what you see when visiting sites through its search engine. "Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy," Google says. "By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information."

A Google spokesperson (rightly) points out that this is not specific to Google's SSL implementation. "This effect is the result of the way browsers interact with HTTPS generally," he tells us. But Google controls a good 60 to 70 per cent of the US search market according to the big-name web research firms — if not much more in reality — and some have complained that with SSL search, the company will destroy web analytics as we know it.

In a blog post following Google's news, Clicky — a web analytics firm — went so far as to announce the death of analytics. "Say goodbye to search analytics," the post reads. "Google just announced their new secure search beta...the search term is not passed through the referrer, and hence no analytics tool (not even a good old log analyzer) will have any idea of what a visitor searched for to reach your site."

At the moment, Google's SSL search is tagged as a "beta" and it's optional. Users must explicitly visit https://www.google.com to use it. But Google has indicated it hopes to expand the service, and Clicky's knickers are in a twist. "I really hope Google never considers making this the default, because that would be very irritating for web masters — we would have no idea what people were searching for to get to our site, which is arguably the #1 reason to run analytics in the first place," the company says.

"Yes, someone 'snooping' your connection won't be able to tell what you're searching for, but the sites you click through to will probably have a good idea, based on your landing page —- not to mention they can also see their IP address and every page they have ever viewed on my site, ever. And yet somehow, not knowing this visitor's specific search term is protecting their privacy? Please. The only thing it does is make the life of a web master a much bigger pain in the ass than it was before."

Of course, Google itself will still have access to your search terms, and Clicky questions whether the company will somehow offer this information to webmasters through its Google Analytics service, trumping competitors like Clicky. But Google indicates it has no plans to do so. "I would point out that Analytics is no different from other third party services in terms of not receiving referrer information when users come from HTTPS sites," that company spokesman tells us.

"We have a lot of feedback about our beta feature that we need to gather and interpret before we make any decisions about how next to proceed. As it stands, this referrer effect applies only to users who elect to use the encrypted search offering each time." ®

Build a business case: developing custom apps

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.