Feeds

Google's encrypted search casts shadow on web analytics

SSL snuffs browser referral

Security for virtualized datacentres

In adding SSL encryption to its primary search engine, Google isn't just protecting your traffic from anyone sniffing your network. It's also preventing third-party webmasters from tracking the search terms you used to find their sites. That may be a good thing for netizens intent on privacy lockdown. But for webmasters, it could be a bit of a problem.

Last Friday, Google told the world that an SSL-encrypted version of its core search engine was available at https://www.google.com (Notice the extra "s").

The company already offered https with several other services — including Gmail, Google Calendar, Google Docs, and Google Sites — but encrypted search is a little different. As Scroogle founder Daniel Brandt pointed out in response to our story on Google's announcement, when SSL is turned on, your browser will stop sending referral data to any non-SSL sites you visit through Mountain View's search engine.

"If you click on a link to some non-SSL page...then when you arrive at that page you will arrive with your referrer stripped," Brandt said. "The webmaster on that site won't know that you came from Google, and won't know what search terms you used to get there. He won't even know if you used a search engine (you could have just keyed in the URL in your address bar, which would also cause no referrer)."

Google acknowledges this in its "Help Center" article on SSL search, pointing out that it could affect what you see when visiting sites through its search engine. "Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy," Google says. "By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information."

A Google spokesperson (rightly) points out that this is not specific to Google's SSL implementation. "This effect is the result of the way browsers interact with HTTPS generally," he tells us. But Google controls a good 60 to 70 per cent of the US search market according to the big-name web research firms — if not much more in reality — and some have complained that with SSL search, the company will destroy web analytics as we know it.

In a blog post following Google's news, Clicky — a web analytics firm — went so far as to announce the death of analytics. "Say goodbye to search analytics," the post reads. "Google just announced their new secure search beta...the search term is not passed through the referrer, and hence no analytics tool (not even a good old log analyzer) will have any idea of what a visitor searched for to reach your site."

At the moment, Google's SSL search is tagged as a "beta" and it's optional. Users must explicitly visit https://www.google.com to use it. But Google has indicated it hopes to expand the service, and Clicky's knickers are in a twist. "I really hope Google never considers making this the default, because that would be very irritating for web masters — we would have no idea what people were searching for to get to our site, which is arguably the #1 reason to run analytics in the first place," the company says.

"Yes, someone 'snooping' your connection won't be able to tell what you're searching for, but the sites you click through to will probably have a good idea, based on your landing page —- not to mention they can also see their IP address and every page they have ever viewed on my site, ever. And yet somehow, not knowing this visitor's specific search term is protecting their privacy? Please. The only thing it does is make the life of a web master a much bigger pain in the ass than it was before."

Of course, Google itself will still have access to your search terms, and Clicky questions whether the company will somehow offer this information to webmasters through its Google Analytics service, trumping competitors like Clicky. But Google indicates it has no plans to do so. "I would point out that Analytics is no different from other third party services in terms of not receiving referrer information when users come from HTTPS sites," that company spokesman tells us.

"We have a lot of feedback about our beta feature that we need to gather and interpret before we make any decisions about how next to proceed. As it stands, this referrer effect applies only to users who elect to use the encrypted search offering each time." ®

Business security measures using SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.