Feds asked to probe Google's leaky search terms
Sharing, but not caring
The FTC is considering a complaint that Google conceals the fact that users' search terms are handed over to the websites they visit.
"If Google wants to share its users' search query data with third parties, there is nothing I can do to stop it," he wrote.
"However, the company should not be permitted to lie about its practices. If it wants to share its customers' search queries with third parties, it should disclose that it is doing so. Even more so, it shouldn't be able to loudly, and falsely proclaim that it is protecting its users' search data."
The complaint cites Google's opposition to a Department of Justice subpoena for two months' search records in 2006.
"Google users trust that when they enter a search query into a Google search box, not only will they receive back the most relevant results, but that Google will keep private whatever information users communicate absent a compelling reason," the firm claimed to court.
Soghoian wants the FTC to force Google to tell users it is sharing their search terms. It should delete existing data, he said, and do a better job of marketing its alternative encrypted search service, which does not pass on referrer headers.
Google told the Wall Street Journal that its referrer header policy follows "standard practice across all search engines".
"Google does not pass any personal information about the source of the query to the destination website," it added.
Soghoian points out that in 2006, Google took a different view over whether search terms are personal data.
"Search query content can disclose identities and personally identifiable information such as user‐initiated searches for their own social security or credit card numbers, or their mistakenly pasted but revealing text," the firm told the court in its dispute with the DoJ.
Soghoian's complaint is here (pdf). ®
And his point is?
Who is going to be going through referer (sic) headers for PI when there is a million other ways to get more and better info.
I think this guy works for a specially trained Google squad who raise spurious non-issues to distract people while Google nip round the back and nick all your spoons.
As others have said, it isn't Google it's the browser.
OK, Google could use POST rather than GET so that the search term wouldn't appear in the URI.
Perhaps someone should warn this guy that every site he clicks a link on tells the new site where he came from. In his world, that must constitute stalking!!!!
What an annoying, attention grabbing tit
Google isn't doing it. Your browser sends a referrer header to the target site. This is true for all websites. Silly humans.