Feeds

Google illegally divulges user searches, suit claims

HTTP referrer headers: SEO's best friend

Choosing a cloud hosting partner with confidence

Attorneys on Monday accused Google of intentionally divulging millions of users' search queries to third parties in violation of federal law and its own terms of service.

The complaint, filed in federal court in San Jose, California, challenges Google's longstanding practice of including search terms in HTTP referrer headers, which are easily readable by websites that users click on. It claims Google has repeatedly experimented with systems that keep search terms private but has has never rolled them out because it has a vested interest in sharing the information with third parties, including search engine optimization services.

“Over protests from privacy advocates, however, Google has consistently and intentionally designed its services to ensure that user search queries, which often contain highly-sensitive and personally-identifiable information ('PII'), are routinely transferred to marketers, data brokers, and sold and resold to countless other third parties,” the complaint alleges.

The lawsuit goes on to say that Google can cross reference search terms with data held by DoubleClick, which in 2007, the search behemoth agreed to buy for $3.1bln in cash. Combined with a user's IP address and additional information from services including Google Analytics, third parties can connect “the dots of 'anonymous' data” to link queries to a specific individual, a phenomenon known as “reidentification,” the complaint states.

That's precisely what happened in 2006 when AOL released more than 20 million search queries that supposedly had been anonymized. The company soon discovered that many of the 658,000 AOL users in the dataset could be identified making highly personal searches. User data Netflix publicly released to help improve its movie rating system has faced similar problems.

Monday's lawsuit claims that on numerous occasions, Google has experimented with systems that don't share search queries with third-party websites. In November 2008, for instance, the company started testing a method for delivering results that used advanced AJAX technologies. The new system prevented browsers from passing along the search terms to websites, a change that outraged many web masters, who are always eager to know precisely how visitors find their sites.

Google quickly issued a public statement that said: “At this time only a small percentage of users will see this experiment. It is not our intention to disrupt referrer tracking, and we are continuing to iterate on this project and are actively working towards a solution.”

Google soon ended the test, and though similar experiments have since been launched on a limited basis, the complaint alleges.

The lawsuit alleges that the practice violates its own terms of service, which promise that personal information will be shared only with a user's consent. The complaint also claims it runs afoul of the federal Electronic Communications Privacy Act, and a variety of California state laws. The complaint (PDF), which was filed on behalf of a Google user named Paloma Gaos of San Francisco County, seeks class-action status so others can be represented as well.

A Google spokesman declined to comment because, he said, the company has not yet received a copy of the complaint. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.