Google Goes Encrypted – But Are Things Really As Private As They Say?

Chris Goddard is a partner with Seattle Web Marketing Firm Odd Dog Media


Sometimes small changes have a big difference.

Yesterday, Google announced that, rolling out to all users over the next week, users who are logged in will be hitting https://www.google.com as oppose to http://www.google.com – and it’s that little ‘s’ that has a lot of people in my business worried.

So what’s the change all about?

In what I would describe as a deft move on the PR front, Google is leveraging the increasing public fears about online privacy by announcing that from now on, logged in users will receive an SSL encrypted connection to Google.com – the same kind of security used by banks and credit card companies to prevent the wrong people seeing the information flowing between your web browser and the website.

There’s nothing wrong with that on the surface. Privacy is good. However in enacting this new privacy policy Google has both stuck it to website owners and slightly fudged the truth on just how private everything is.

To understand that, we first need to understand what happens when you go to Google and perform a search.

Say I’m after the award winning Faronics product Deep Freeze. I go to my browsers, go to Google and type in “Deep Freeze” and here is what I see:

 

Pretty straight forward: I have a list of relevant links to choose from as well as some paid listings at the top. I can click on one of those links and be brought to the site to read about Deep Freeze.

As of right now (where it seems my Google account is pre-SSL-rollout), when I click on any of those search results or ads, in addition to being sent over to the website, Google also passes a piece of information called the “referrer” which contains my search query.

This information is incredibly useful to website owners – it allows us to not only understand better how people are finding our website and make changes accordingly, but many website owners use that information to give users a better experience – displaying content on the page related to the user’s original search term that helps them find what they’re looking for.

With the new rollout of SSL as the default, this information is no longer going to be available. Well… almost. And it’s that almost that has some web consultants like me well…let’s just say “upset” would be putting it very lightly.

While clicks on the standard search results – what we call organic results – are no longer going to pass that valuable information, clicks on paid ads will continue to pass this information along like normal.

Money Money Money

All web marketing costs money in some form or another – whether it’s directly paying for advertising or by investing time and talent in producing great content, it all costs something.

There’s always a contest between spending money on online advertising and spending money on content creation. While I believe advertising has its place, I typically encourage my clients to focus on creating content. The way I see it, if a client writes a great blog post that gets a ton of views, shares on Social Media and a handful of links from other blogs, they’ve created an asset that extends further than just the incremental sales they might make of the traffic. And assuming that the content was good enough to get shared and viewed a bunch of times, we can assume it’s probably pretty good and therefore has added to the overall quality of content on the web.

The trouble with this change to encrypted search isn’t so much the direct effects of lost data, which, while annoying, might only represent a single or low-double digit percentage of overall search traffic. My concerns are three-fold:

  1. In all the media hoopla that will likely be made from this new privacy feature, few journalists will likely take the time to explain that this privacy doesn’t actually extend to clicking on paid ads, which by industry estimates are approximately 12-18% of search clicks. Google buys itself praise from privacy advocates all the while, as one of the largest aggregators of personal data on the web, continues to pass information to those who pay them.
  2. Google is sending a clear signal to website owners that it is more concerned about them spending money on Adwords than creating good content. It’s simple – if I create a great piece of content, it spreads virally, I get a ton of search traffic to my site and subsequent sales, I won’t receive some of the important analytical information about the visitors to my website that I would have had if I just purchased ads on Google. That creates a clear incentive away from investing in content to just buying ads.
  3. Google is playing the old “do as I say not as I do card”. Millions of websites use the collection of small bits of information to help them create a better user experience as well as learn how to make their sites better – and Google is no exception. In fact, between Google Search, Gmail, Docs, Google Analytics, Adwords, Adsense, Chrome, Google Toolbar (and many more services), Google actually collects more data about users on the web than just about anyone. By encouraging people to log in to get privacy protection in their searches, Google is really encouraging people to open up even more of themselves to Google’s immense user-data libraries. Google gets to use user data to make their sites better – but they’ll block it for others unless they pay the advertising costs?

So what now?

The fact is I support moves towards web privacy – even if they sometimes make my job as a marketer harder. What I don’t like is that privacy essentially being for sale to advertisers.

There has to be a balance. Some limited user information should be passed from website-to-website. Marketing money props up content creation on the web and without accurate analytical information being reported, the money might go elsewhere.

But that’s my opinion. How about yours? Has anyone had the SSL turned on for your Google Account yet? Do you even do searches logged in and does this new privacy feature make you more likely to do so?

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.