Feeds

Feds asked to probe Google's leaky search terms

Sharing, but not caring

Beginner's guide to SSL certificates

The FTC is considering a complaint that Google conceals the fact that users' search terms are handed over to the websites they visit.

Christopher Soghoian, a well-known privacy campaigner and former FTC employee, charges that the dominant search engine's privacy policy does not explain that referral headers - which include full search terms - are routinely shared.

"If Google wants to share its users' search query data with third parties, there is nothing I can do to stop it," he wrote.

"However, the company should not be permitted to lie about its practices. If it wants to share its customers' search queries with third parties, it should disclose that it is doing so. Even more so, it shouldn't be able to loudly, and falsely proclaim that it is protecting its users' search data."

The complaint cites Google's opposition to a Department of Justice subpoena for two months' search records in 2006.

"Google users trust that when they enter a search query into a Google search box, not only will they receive back the most relevant results, but that Google will keep private whatever information users communicate absent a compelling reason," the firm claimed to court.

Soghoian wants the FTC to force Google to tell users it is sharing their search terms. It should delete existing data, he said, and do a better job of marketing its alternative encrypted search service, which does not pass on referrer headers.

Google told the Wall Street Journal that its referrer header policy follows "standard practice across all search engines".

"Google does not pass any personal information about the source of the query to the destination website," it added.

Soghoian points out that in 2006, Google took a different view over whether search terms are personal data.

"Search query content can disclose identities and personally identifiable information such as user‐initiated searches for their own social security or credit card numbers, or their mistakenly pasted but revealing text," the firm told the court in its dispute with the DoJ.

Soghoian's complaint is here (pdf). ®

Beginner's guide to SSL certificates

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.