Feeds

Google's encrypted search casts shadow on web analytics

SSL snuffs browser referral

Providing a secure and efficient Helpdesk

In adding SSL encryption to its primary search engine, Google isn't just protecting your traffic from anyone sniffing your network. It's also preventing third-party webmasters from tracking the search terms you used to find their sites. That may be a good thing for netizens intent on privacy lockdown. But for webmasters, it could be a bit of a problem.

Last Friday, Google told the world that an SSL-encrypted version of its core search engine was available at https://www.google.com (Notice the extra "s").

The company already offered https with several other services — including Gmail, Google Calendar, Google Docs, and Google Sites — but encrypted search is a little different. As Scroogle founder Daniel Brandt pointed out in response to our story on Google's announcement, when SSL is turned on, your browser will stop sending referral data to any non-SSL sites you visit through Mountain View's search engine.

"If you click on a link to some non-SSL page...then when you arrive at that page you will arrive with your referrer stripped," Brandt said. "The webmaster on that site won't know that you came from Google, and won't know what search terms you used to get there. He won't even know if you used a search engine (you could have just keyed in the URL in your address bar, which would also cause no referrer)."

Google acknowledges this in its "Help Center" article on SSL search, pointing out that it could affect what you see when visiting sites through its search engine. "Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy," Google says. "By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information."

A Google spokesperson (rightly) points out that this is not specific to Google's SSL implementation. "This effect is the result of the way browsers interact with HTTPS generally," he tells us. But Google controls a good 60 to 70 per cent of the US search market according to the big-name web research firms — if not much more in reality — and some have complained that with SSL search, the company will destroy web analytics as we know it.

In a blog post following Google's news, Clicky — a web analytics firm — went so far as to announce the death of analytics. "Say goodbye to search analytics," the post reads. "Google just announced their new secure search beta...the search term is not passed through the referrer, and hence no analytics tool (not even a good old log analyzer) will have any idea of what a visitor searched for to reach your site."

At the moment, Google's SSL search is tagged as a "beta" and it's optional. Users must explicitly visit https://www.google.com to use it. But Google has indicated it hopes to expand the service, and Clicky's knickers are in a twist. "I really hope Google never considers making this the default, because that would be very irritating for web masters — we would have no idea what people were searching for to get to our site, which is arguably the #1 reason to run analytics in the first place," the company says.

"Yes, someone 'snooping' your connection won't be able to tell what you're searching for, but the sites you click through to will probably have a good idea, based on your landing page —- not to mention they can also see their IP address and every page they have ever viewed on my site, ever. And yet somehow, not knowing this visitor's specific search term is protecting their privacy? Please. The only thing it does is make the life of a web master a much bigger pain in the ass than it was before."

Of course, Google itself will still have access to your search terms, and Clicky questions whether the company will somehow offer this information to webmasters through its Google Analytics service, trumping competitors like Clicky. But Google indicates it has no plans to do so. "I would point out that Analytics is no different from other third party services in terms of not receiving referrer information when users come from HTTPS sites," that company spokesman tells us.

"We have a lot of feedback about our beta feature that we need to gather and interpret before we make any decisions about how next to proceed. As it stands, this referrer effect applies only to users who elect to use the encrypted search offering each time." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.