May 23, 2010

Google Encrypted Search

It's often fun to read the response that the internet community has to Google's launches, especially ones that I'm somewhat familiar with.  There is always a bit of tinfoil hat concerns about Google's intentions.

Late last week we launched to Beta an Encrypted Google Search option.  Most discussions focus on the privacy aspect of this launch, but there are a number of discussions noting that this disables referrer (and hence query) passing for many destination websites: take the webmasterworld discussion for one example.  The tin foil hat interpretation is that Google hidden agenda is to prevent webmasters from seeing their query data.

Fortunately, it's easy to see what is actually going on.  When you surf using the HTTPS protocol, the goal is to encrypt(hide) your surfing traffic from your transmitting network, not from the destination sites.  However, if you click from a HTTPS page to an HTTP page, passing the referrer would leak a small amount of data about your encrypted traffic to the network.  As a result, all web browsers that I know of send an empty referrer string in this case.  Interestingly, if you navigate between HTTPS pages, even on different domains, the referrer is passed.  This is consistent with hiding the data from the network but not the destination site.

If a webmaster so desired, they could move their entire site onto HTTPS and then start getting the HTTPS referrers sent to their server again.  If Google's intent was to prevent websites from seeing query strings, there are much easier ways to do so, such as using POST.


Jason said...

I suppose the complaining webmasters would reply that serving their entire site as https is slower and more expensive. I guess they would really only need to serve the landing page securely to get referrer data. People can already disable referrers in Firefox, so it's not like you get an absolute list of all queries from your logs as it is.

In any event, Webmaster Tools is sharing more and more query data so hopefully it makes up for it.

SETH said...

Hey, any idea if instant search will make it to encrypted anytime soon?