Feeds

Feds asked to probe Google's leaky search terms

Sharing, but not caring

Secure remote control for conventional and virtual desktops

The FTC is considering a complaint that Google conceals the fact that users' search terms are handed over to the websites they visit.

Christopher Soghoian, a well-known privacy campaigner and former FTC employee, charges that the dominant search engine's privacy policy does not explain that referral headers - which include full search terms - are routinely shared.

"If Google wants to share its users' search query data with third parties, there is nothing I can do to stop it," he wrote.

"However, the company should not be permitted to lie about its practices. If it wants to share its customers' search queries with third parties, it should disclose that it is doing so. Even more so, it shouldn't be able to loudly, and falsely proclaim that it is protecting its users' search data."

The complaint cites Google's opposition to a Department of Justice subpoena for two months' search records in 2006.

"Google users trust that when they enter a search query into a Google search box, not only will they receive back the most relevant results, but that Google will keep private whatever information users communicate absent a compelling reason," the firm claimed to court.

Soghoian wants the FTC to force Google to tell users it is sharing their search terms. It should delete existing data, he said, and do a better job of marketing its alternative encrypted search service, which does not pass on referrer headers.

Google told the Wall Street Journal that its referrer header policy follows "standard practice across all search engines".

"Google does not pass any personal information about the source of the query to the destination website," it added.

Soghoian points out that in 2006, Google took a different view over whether search terms are personal data.

"Search query content can disclose identities and personally identifiable information such as user‐initiated searches for their own social security or credit card numbers, or their mistakenly pasted but revealing text," the firm told the court in its dispute with the DoJ.

Soghoian's complaint is here (pdf). ®

Choosing a cloud hosting partner with confidence

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.