How Google could have made the Web secure and failed -- again
Google confirms it made a change to better protect the privacy of how people search. However, it left loopholes and once again failed to seize an opportunity to encourage all sites to go secure.
You probably didn't notice, but this week, your searching activity on Google got a little safer from prying eyes. When you go to Google, it likely will transfer you automatically to its "encrypted" service, one designed to prevent potential "eavesdropping" on your searches. What's not to like with that? Chiefly, a loophole Google has left in for its advertisers and a lost opportunity to get all sites to go secure.
Blocking "eavesdropping" of search activity
Encrypted search -- officially, Google SSL Search -- protects you from "eavesdroppers" in the same way you're protected through an encrypted connection when you do online banking. Only you and the site you're talking with can "hear" your conversation. So with encrypted search, what you're searching for can't be heard by third parties. Assuming, of course, no one like the National Security Agency or hackers have cracked the "keys" to that encryption.
Google made a big push to increase the use of encrypted searches. Anyone who had logged into Google, such as to check Gmail, would be sent to the Google SSL Search, if they wanted to search for something.
This week, Google confirmed it is forwarding users to Google SSL Search even if they aren't signed in. From the statement Google gave to me when I wrote about this on my Search Engine Land site:
We added SSL encryption for our signed-in search users in 2011, as well as searches from the Chrome omnibox earlier this year. We're now working to bring this extra protection to more users who are not signed in.
In short, everyone is -- or will soon be -- protected from eavesdropping, even if they don't remember to sign in. Google's got your back! Or so it seems on the surface. As it turns out, search data remains exposed in several ways.
The loophole for advertisers
Perhaps the most glaring loophole is that if you do a search and click on an ad, what you searched for isn't protected at all. Google is continuing, with a deliberate decision it made two years ago, to transmit search terms "in the clear" to its advertisers.
That's something I've always found disturbing. There's only one reason for Google to leave in this loophole: to make its advertisers happy. If search data is private, as Google clearly believes it to be with these encryption moves, then why allow advertisers to still see it?
This hypocrisy is so embarrassing that Google doesn't even acknowledge it on its help page about Google SSL Search. Google notes that Web sites might know the search terms people use to reach them but not the exact reason why this might happen: because Google makes an exception for its advertisers.
The search terms "on their own" loophole
Search terms on their own clearly aren't private, in Google's opinion. Otherwise, there's no reason why it would continue to leave another major loophole in place. Publishers can log in to Google Webmaster Tools and see the top 2,000 terms used to reach their sites, going back for 90 days.
If there are "private" or "sensitive" search terms within that data, there's nothing Google has said it does to filter these out. Either private terms still get exposed or search terms on their own aren't so private.
By search terms "on their own," I mean just the words themselves, disconnected from any information that could link the search terms to an individual, such as a user ID, a cookie, or an IP address. That's what Google SSL Search service does. It strips the terms away from possibly identifying information, except for the case of Google's advertisers.
Is privacy a cover for ad motives?
The bottom line is that Google's move has indeed made searching safer. But it hasn't made it as safe as it could be, according to Google's own arguments about search term privacy.
The loophole left in for advertisers has suggested to many marketers that the "privacy" argument is also a convenient cover for Google to claw back some visibility on how publishers get found by Google, perhaps to boost its ad sales.
Google denies any such motive. But that doesn't really matter if the end result is the same.
How the entire Web could have been made secure
Sadly, there's an easy way Google could have made searching via Google and browsing the Web more secure. Google could have allowed publishers to continue seeing the terms used to reach their sites through the decades-old "referrer" system, an industry-standard practice that Google unilaterally broke in 2011, as part of its encrypted search change.
The catch? All those publishers would have to do is provide secure sites of their own, something that would benefit everyone.
I made this suggestion back in 2011 and it remains a valid option. Google clearly doesn't think search terms on their own are private, or it wouldn't expose them through Google Webmaster Tools. It also clearly doesn't consider the combination of search terms with possibly personally identifying information to be private, or it wouldn't continue to transmit them this way to advertisers.
Rather, Google seems most concerned about someone eavesdropping on an entire stream of searches linked to a particular individual. That's the only thing that adds up when the loopholes it allows are considered. Transmitting search terms using the original referrer system, only to sites that agree to be secure, would address this issue.
Google, which has pushed for the Web to be faster, could use encrypted search as a way to make the Web more secure. Believe me, many publishers would immediately go secure, just as they sped up their sites when Google dangled the "carrot" of better rankings for faster sites. Plus, it would stop speculation that encrypted search is more about protecting Google's bottom line than protecting users.
It would be a great move to make. How about it, Google?