Google Moves To Encrypt Web Search Referral Traffic With SSL Secure Socket Layers
November 6, 2011
(Long Island, N.Y.) On October 18, 2011 Google Inc. announced on their blog that they would begin encrypting search engine results behind an SSL (Secure Socket Layer) connection for any users signed into their Google accounts while using Google.com. The official Google blog noted: “As part of our commitment to provide a more secure online experience, today we announced that SSL Search on https://www.google.com will become the default experience for signed in users on google.com.” As this change encrypts search queries from Google’s results pages, which the company claims is intended to provide improved user privacy, many familiar with the search industry question the change as the protection doesn’t extend out to pay-per-click advertisements, just algorithmic search results. Adding to the speculation is the fact that Google already offers an encrypted version of search provided a user has an interest in protecting them.
The change took place the same day as the announcement hit Google’s blog whereas anyone logged into their Google account would automatically be redirected from http://www.google.com to https://www.google.com (take notice the https://). The URLs look quite similar, but beyond the surface much more takes place. To understand what happens and how this changes effects long standing principles with the Internet, marketers and search engine optimizers, one needs to understand what exactly happens when someone performs a search.When a user visits the previously default version of Google.com which is hosted at http://www.google.com, any search which is performed will inevitably lead to a click onto a web site. That click would return the time, date, IP address and entry point for that visitor provided that web site operator has opted to receive it. In other words, if you performed a web search for “keyword” and landed on a web site, that web site owner which received the visit would have access to a record within their web site software looking something like “http://www.google.com/search?q=keyword”. This data would be found within their web site statistic logs and could show that someone had found that page by visiting Google.com and typing in the word “keyword” then clicking search. A site owners could also drill down to valuable information about the time, date, computer network (like Comcast, Time Warner, Cablevision, etc.), and general geographic area where that search was performed say Los Angeles. This information has been invaluable to marketers over the years as someone providing a local service could see how relevant their web pages are while measuring where search engine traffic is coming from. For instance, one small example of how this referral data can be used would be indicated by a user entering a geographically targeted query like “Long Island Plumber” or “Los Angeles Windshield Replacement” and a site operator could not only tell that Internet traffic is being delivered by search engines for that particular keyword, but they could also see if these pages are performing better in local markets verses national searches by the location of the majority of users. This information does not disclose any web site visitors identity individually.
The change, which automatically switches users over to the new default search engine located at https://www.google.com (again notice the https://), now hides this invaluable referral data completely, leaving web site operators “in the dark” so to speak about where their search engine traffic is coming from and why. Google handles the referral behind an SSL (Secure Socket Layer) connection, redirecting the traffic to the target site leaving minimal referral information. A web site operator may see the visit to their site, but have little information about where the traffic came from geographically and from what keyword search due to Google intercepting that traffic and handling the redirect. Google states that web site operators will continue to have access to referral data, but on a limited bases which will only be available within other Google web site services known as Google Webmaster Tools. Interestingly enough, Google has decided, at least for the time being, that they will not hold this information provided you’re an advertiser through the Google Adwords Program. Google stated on their blog: “If you choose to click on an ad appearing on our search results page, your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.” In effect, Google will allow the transfer of data, which they have determined to be a possible breach of user privacy (provided that’s the true intent) only to those paying advertising dollars to Google as they need it, otherwise, this data is off the table.According to the announcement, the company has claimed this change is expected to affect around 10% of all searches conducted at Google.com as this only applies to signed in Google users. “This is clearly a blowback measuring period for Google. It’s a big change for search engine marketers and it’s going to cause a great deal of time, just initially, for companies such as ours to assess the amount of keyword data we’re losing here and how that amount of data loss is going to grow over time. Eventually, Google users will be signed in for everything from Gmail and Google+ to similar and new Google services. As logged-in user status grows, so will the amount of data loss companies like ours will lose over time.” said Alex R, Senior Link Analyst at Los Angeles SEO Company, who helped contribute to this article. “I’m really not a fan of this new change from Google, it’s both clever and a little evil, but we’ll have to see how it goes over the next few months. There has already been a great deal of blowback from savvy marketers who are very upset about it. And unfortunately, I expect other search providers will soon follow suit.” he said.Google has been under intense scrutiny in recent months, and some media analysts have suggested that Google is possibly prone to cave to legislative actions or could be making a “token movement” to appease regulators and privacy has been a top concern for many organizations which track the search provider.
Editorial Note: Date of announcement was corrected.