Feeds

Google's encrypted search casts shadow on web analytics

SSL snuffs browser referral

Build a business case: developing custom apps

In adding SSL encryption to its primary search engine, Google isn't just protecting your traffic from anyone sniffing your network. It's also preventing third-party webmasters from tracking the search terms you used to find their sites. That may be a good thing for netizens intent on privacy lockdown. But for webmasters, it could be a bit of a problem.

Last Friday, Google told the world that an SSL-encrypted version of its core search engine was available at https://www.google.com (Notice the extra "s").

The company already offered https with several other services — including Gmail, Google Calendar, Google Docs, and Google Sites — but encrypted search is a little different. As Scroogle founder Daniel Brandt pointed out in response to our story on Google's announcement, when SSL is turned on, your browser will stop sending referral data to any non-SSL sites you visit through Mountain View's search engine.

"If you click on a link to some non-SSL page...then when you arrive at that page you will arrive with your referrer stripped," Brandt said. "The webmaster on that site won't know that you came from Google, and won't know what search terms you used to get there. He won't even know if you used a search engine (you could have just keyed in the URL in your address bar, which would also cause no referrer)."

Google acknowledges this in its "Help Center" article on SSL search, pointing out that it could affect what you see when visiting sites through its search engine. "Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy," Google says. "By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information."

A Google spokesperson (rightly) points out that this is not specific to Google's SSL implementation. "This effect is the result of the way browsers interact with HTTPS generally," he tells us. But Google controls a good 60 to 70 per cent of the US search market according to the big-name web research firms — if not much more in reality — and some have complained that with SSL search, the company will destroy web analytics as we know it.

In a blog post following Google's news, Clicky — a web analytics firm — went so far as to announce the death of analytics. "Say goodbye to search analytics," the post reads. "Google just announced their new secure search beta...the search term is not passed through the referrer, and hence no analytics tool (not even a good old log analyzer) will have any idea of what a visitor searched for to reach your site."

At the moment, Google's SSL search is tagged as a "beta" and it's optional. Users must explicitly visit https://www.google.com to use it. But Google has indicated it hopes to expand the service, and Clicky's knickers are in a twist. "I really hope Google never considers making this the default, because that would be very irritating for web masters — we would have no idea what people were searching for to get to our site, which is arguably the #1 reason to run analytics in the first place," the company says.

"Yes, someone 'snooping' your connection won't be able to tell what you're searching for, but the sites you click through to will probably have a good idea, based on your landing page —- not to mention they can also see their IP address and every page they have ever viewed on my site, ever. And yet somehow, not knowing this visitor's specific search term is protecting their privacy? Please. The only thing it does is make the life of a web master a much bigger pain in the ass than it was before."

Of course, Google itself will still have access to your search terms, and Clicky questions whether the company will somehow offer this information to webmasters through its Google Analytics service, trumping competitors like Clicky. But Google indicates it has no plans to do so. "I would point out that Analytics is no different from other third party services in terms of not receiving referrer information when users come from HTTPS sites," that company spokesman tells us.

"We have a lot of feedback about our beta feature that we need to gather and interpret before we make any decisions about how next to proceed. As it stands, this referrer effect applies only to users who elect to use the encrypted search offering each time." ®

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?