Google will now begin encrypting searches that people do by default, if they are logged into Google.com already through a secure connection. The change to SSL search also means that sites people visit after clicking on results at Google will no longer receive “referrer” data that reveals what those people searched for, except in the case of ads.

Google announced the news on its blog here, saying:

As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users.

The company also has a help page providing more information about it here.

Only For Signed-In Users; Single-Digit Impact

The change will only happen on Google.com, and only for those who are already signed in at Google with a secure connection. How many people do this? Google software engineer Matt Cutts, who’s been involved with the privacy changes, wouldn’t give an exact figure but told me he estimated even at full roll-out, this would still be in the single-digit percentages of all Google searchers on Google.com.

Postscript: I keep seeing people question this percentage, since I posted this article, not believing it will be that low. I have double-checked with Cutts on it, and he stands by it. Whether people choose to believe his estimate is another thing, of course.

The change to SSL (which stands for Secure Sockets Layer) begins today and will be fully released to everyone over the coming weeks. When it happens to someone, they’ll see a secure connection icon in their browser (often a little lock symbol) and https:// will appear rather than the usual http:// in front of the web address.

The change means that any searches can only be seen by Google and the web browser itself. A third party can’t intercept the search and know what’s being searched on.

People who administer their own networks have a way to override the default. Google says that’s important for places like schools, where if you’re trying to block porn sites, using encryption makes that impossible. Google’s help page provides more about this here.

Blocking Referrers, The Web’s “Caller ID”

Beyond encrypting search sessions, it’s common that web browsers reports “referrer” data when someone goes from one web site to another. This data tells the destination site how it was found, whether it be from a link off another site or search terms that were entered into a search engine.

To understand more about how referrers work, get used by publishers and information they potentially “leak” out about searches, please see the two posts below from us, which go into great detail about this:

In Google’s new system, referrer data will be blocked. This means site owners will begin to lose valuable data that they depend on, to understand how their sites are found through Google. They’ll still be able to tell that someone came from a Google search. They won’t, however, know what that search was.

Analytics: Can Track SEO Generally, Not Specific Terms

Even Google’s own Google Analytics will face this block. Like all analytics tools, it’ll know if someone came from “free” or “organic” search results, also called SEO traffic, but the search terms won’t be associated with a particular visit, because they aren’t being passed along.

From the Google Analytics blog:

When a signed-in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google “organic” search, but will no longer report the query terms that the user searched on to reach your site. Keep in mind that the change will affect only a minority of your traffic. You will continue to see aggregate query data with no change, including visits from users who aren’t signed in and visits from Google “cpc.” To help you better identify the signed in user organic search visits, we created the token “(not provided)” within Organic Search Traffic Keyword reporting. You will continue to see referrals without any change; only the queries for signed in user visits will be affected. Note that “cpc” paid search data is not affected.

Even though SEO traffic in general can still be tracked, those who are doing conversion analysis down to the keyword level will begin to lose out. You wouldn’t be able to tell, for instance, where someone coming to your site after finding it for a search for “blue widgets” actually entered, nor the other pages they viewed.

Another issue is that landing page targeting gets harder. For example, many have probably been to blogs that might welcome them with messages like:

Hello — I see you came here from Google after searching for “blue widgets.” Here are some stories about that topic you might also be interested in.

Without search terms being passed along, this type of basic targeting can’t happen. It also prevents much more sophisticated targeted from being used.

When I raised this issue with Cutts, he responded that much of this type of targeting gets close to cloaking, where a site might show something special only to Google, especially in hopes of ranking better. That’s against Google’s guidelines.

But Cutts didn’t outright say it was cloaking, nor is it necessarily so. Cloaking is when you do something special for Google; making pages show something different in response to search terms reported by the referrer isn’t special for Google. In fact, if Google visited a site reporting referrer terms, then it would get treated the same.

Debate aside, this type of targeting is clearly going to get harder, at least for those who aren’t running ads. As I’ll get into, referrers from ads aren’t blocked.

Search Terms Still Available In Google Webmaster Central

For some time, Google Webmaster Central has allowed sites to discover the terms that people are using to reach their web sites. This will continue to be offered, and that will remain a welcome alternative to the loss of referrer data. Here’s a past article from us on some of the content that’s offered:

Cutts stressed that Google Webmaster Central shows the top 1,000 queries that a site appeared for at Google — as well as was selected for — over a 30-day period, and that you can even pick any particular day over that period for downloading.

The Google Blog mentions this, as well. The Google Webmaster Central Blog also has a short post up about the change. Google’s clearly sensitive to the fact that publishers all over the web are suddenly going to feel like they’re having information taken away from them by Google.

It is good that the Google Webmaster Central data is there. However, the search data won’t be tied to visitor activity. You’ll be able to tell that someone found your site in various ways, but what they did next — if they converted in some way and so on — won’t be shown.

Perhaps Google might release a way for that data to be merged into Google Analytics. Indeed, I’ve seen some already guessing that Google will do things like this to help support itself. Just two weeks ago, the company rolled out a feature for everyone that integrates Google Webmaster Central data into Google Analytics. See our posts below for more background on this:

If Google can find a way to do so, without harming the user privacy that it’s trying to protect, that would be great. I can’t say at this time if it would be possible, however. It’s likely very difficult.

It would also be good if Google expanded the 30-day period on Google Webmaster Central, perhaps removing it entirely, so that publishers could go back as far as they like.

Referrers Still Passed For Ads

Referrer blocking won’t be happening with ads. If someone clicks on an ad, the advertiser’s site will continue to receive all the same information it currently gets with unencrypted search.

Why allow this? Google told me it feels advertisers need to have this additional data to evaluate their campaigns.

From Google’s blog post, it wrote:

Your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.

In talking with Cutts, he stressed that it was important that advertisers know search terms used in relations to their ads for, among other reasons, so they can quickly tell if they’re pulling in traffic for off topic terms.

For example, someone might advertise on “hilton” and suddenly get a lot of traffic for “paris hilton” — knowing the exact terms like this could then allow them to better refine their campaigns.

The problem with this, as I see it, is that this data is already reported to advertisers through the AdWords system. In addition, that data shows up pretty quickly. Within minutes, to my knowledge, you can see exactly the terms that are generating traffic off your ads.

Cutts also argued that it makes sense to share with advertisers using a metaphor of walking around in a mall but not being known. “But as soon as you go into The Gap and actually buy something, then the person gets to know who you are; they can send you a paper catalog.”

I disagree. It’s not like that at all. No one knows who you are when you walk into a store. They only know when you conduct a transaction. Clicking on an ad from Google is a transaction between the searcher and Google, not the searcher and the advertiser. If the searcher converts at the advertiser’s site, then that’s a transaction where actual knowledge of the person might get transmitted.

What advertisers don’t get, if you block the data, is the ability to have customized landing pages as I’ve described earlier. They also lose the ability to do conversion tracking through the site, based on search terms. Both of these are important. But only SEOs are being blocked from this, not those doing CPC paid search. If you pay, you effectively still get to play with that data.

The data also is helpful for retargeting, where someone is shown an ad through the Google ad network based on their initial visit to an advertiser’s web site. Google itself doesn’t allow retargeting to be done using someone’s search history. But because advertisers can see particular terms that people use to reach their sites, they can still use those terms as a way to segment visitors for ads they’ll see later around the web. Here’s more about retargeting:

Half-Full Privacy Change May Look Half Empty

The new referrer blocking change doesn’t just discriminate against the SEO side of the search marketing family. It also sends a terrible signal to consumers. It says that referrer data is important enough to protect, but not important enough when advertiser interests are at stake.

To be fair, Google is concerned that people are more likely to do sensitive searches that somehow reveal private information in referrer data through clicks on its free listings. But this could still happen in relation to ads, as well.

I appreciate that Google’s trying to get the balance right, something Cutts said to me repeatedly, as well as all this being a a first step that will likely evolve. I also appreciate what he said about the change already improving the current state of privacy:

What you’re getting today is better than what you were getting yesterday.

But still, it would seem better if all referrers were blocked. As a marketer, I hate saying that. But as a consumer, it does provide more protection. And for Google, blocking them all doesn’t create this mixed message that might backfire on them with privacy advocates.

Consider that in 2007, before any government seriously pushed on the topic, Google began voluntarily anonymizing some of the search records it maintained. That just got it attacked by some privacy groups and the EU for not doing enough, despite the fact that it was far better privacy than people had it before.

Half measures haven’t helped Google with privacy in the past. This half measure, I think, is likely to blow up in its face. At the very least, consumers should have an option to block all referrers.

Postscript: Google sent me across two links suggesting I’m wrong about this prediction. The first is reaction from the ACLU, which praised the move, even noting that it doesn’t apply to ads but didn’t have anything negative about that. I found that pretty surprising. Meanwhile, privacy advocate Chris Soghoian, who has been one of the most outspoken people pushing for Google to end referrer sharing, praised the move on Twitter, saying: Thank you @mattcutts for putting user privacy over the SEO community. Intentional search term leakage via referrer header was inexcusable Just over a year ago, Soghoian filed an FTC complaint over Google passing along referrer data with search terms. That prompted a class-action lawsuit from another party to follow. I don’t know the current status of either action, at the moment. Soghoian also praised Google for the move over its rivals: Google to deploy HTTPS by default for signed in search users. Bing & Yahoo still don’t offer HTTPS even as opt-in option When I asked Soghoian about leakage related to ads, he said that should be blocked and added that SSL should be made the default for all searches: Google should scrub all referrers. This is a good start, but not perfect. I try to say nice things when companies deserve it. I would also like all Google visitors to get the benefit of SSL & referrer scrubbing, not just single-digit signed in users

Google said the positive reactions from the ACLU and Soghoian are typical of what it is seeing elsewhere, too, including the EFF. I don’t see anything at the EFF site yet.

Postscript 2: The EFF is now up, saying:

Today, Google announced that it is switching its Search service for logged-in users over from insecure HTTP to encrypted HTTPS. This is a significant win for users: HTTPS is an essential protection against surveillance and alteration of your search traffic — whether by governments, companies or hackers …

There is one small caveat that users should be aware of with the new encrypted-when-logged-in Google. If you click on an advertisement, and the advertiser’s website is HTTP rather than HTTPS, Google will send the search terms for that specific query to the advertiser over HTTP.

Wow. Seriously, I’m stunned. The EFF, which pushes for all encrypted communication, doesn’t have a problem with Google leaving a gaping hole in the data it releases?

Of course, blocking referrers isn’t the same as encrypting searches. I guess the EFF considers the encryption portion of what Google has done to be more important.

Google Encrypted Search Ironically Not So Encrypted?

Speaking of half-measures, it turns out that the Google Encrypted Search service that Google launched last year is actually less secure than the new service that’s rolling out by default for signed-in users.

I loved that Google launched that service, just as I’ve loved that it shifted things like Gmail to being encrypted by default and the greater trend that we’ve been seeing where many web sites go encrypted. In an age when people connect through wireless networks with little thought of how they might be monitored, encryption isn’t just nice, it’s essential.

But Google Encrypted Search, as Google told me today, doesn’t block referrer data in the way that the new service does, not if you’re going from one encrypted server to another.

For example, if you used Google Encrypted Search and clicked on a result to come here to Search Engine Land, because we don’t run encryption, the referrer isn’t passed along. But Cutts said that if we did run encryption — or if any site did — they they would get the referrer data passed along.

The new service entirely blocks referrers, at least from non-ad links. It seems like Google Encrypted Search should do the same blocking, and for all links, non just the free ones. If Google’s stepping up the privacy game, then those who are deliberately seeking privacy by using the service should get full protection.

By the way, I’m double-checking on the issue with Google Encrypted Search and referrers still being passed through in the right circumstances, because the help page about the new default SSL search suggests this doesn’t happen.

Postscript: Google has stressed that this is the way the SSL protocol works in general, to preserve referrer information when moving between two https servers and not any attempt by the company to make Google Encrypted Search somehow less secure. I’d still say that if the new SSL search is going above-and-beyond by blocking some referrers, then Google Encrypted Search should do the same.

Don’t Panic — But Yes, Search Referrers Are Dying

This change is, according to Google, only going to impact a tiny number of those searching — a single-digit percentage, as I’ve said. Anyone not signed in to Google will still send referrer data with search terms in them.

This means there will still be plenty of data to sample, even by SEOs, for doing conversion analysis down to the search term level. There will still be plenty of landing page opportunities. There’s still plenty of direct data through your own analytics on how people are finding you.

It also means, in the short term, that Bing can continue to sample Google’s data in a way that Google dislikes.

By the future is clear. Referrer data is going away from search engines, and likely from other web sites, too. It’s somewhat amazing that we’ve had it last this long, and it will be painful to see that specific, valuable data disappear.

But from a consumer perspective, it’s also a better thing to do. As so much more moves online, referrers can easily leak out the location of things like private photos. Google’s move is part of a trend of blocking that already started and ultimately may move into the browsers themselves.

Overall, I can appreciate Google making the change to default secure searching. But making that change with a big hole opened, if you’re willing to pay for ads, isn’t right.

Postscript: See our follow-up pieces: