Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Switching to SSL By Default For Logged-In Users

Posted by Unknown on from the except-for-other-google-services dept.

nonprofiteer writes "Google plans to encrypt search for signed-in users, so that websites will no longer get to see the search terms that led a user to their site, though they will get aggregated reports on the top 1000 search terms that led traffic to their sites."

17 of 133 comments (clear)

  1. Refreshing by Anonymous Coward · · Score: 5, Insightful

    This will break those sites that automatically generate content based on your search query.

    1. Re:Refreshing by Moheeheeko · · Score: 3, Funny

      Its always fun to mess with those sites just a bit. "find 'weapons grade uranium' for sale here!"

    2. Re:Refreshing by Qwell · · Score: 3, Informative

      referer

      --
      As of 10/06/03, I hate COBOL developers.
    3. Re:Refreshing by kabloom · · Score: 3, Informative

      And I should point out (since the GP doesn't know about referers, he probably needs more than a one word answer) that the Referer is a field in your HTTP request that's automatically sent by your browser telling it the address of the website that you came from. Since Google (and other search engines) put the query string in the URL of the search results page (like they should), the website can read the results out of the URL and know what your search terms were.

      Google didn't invent this as a way to invade your privacy -- it's been a feature of the web since the early days.

    4. Re:Refreshing by williamhb · · Score: 4, Interesting

      And I should point out (since the GP doesn't know about referers, he probably needs more than a one word answer) that the Referer is a field in your HTTP request that's automatically sent by your browser telling it the address of the website that you came from. Since Google (and other search engines) put the query string in the URL of the search results page (like they should), the website can read the results out of the URL and know what your search terms were.

      Google didn't invent this as a way to invade your privacy -- it's been a feature of the web since the early days.

      It's also what was behind the "Bing copies Google" ridiculousness some time ago. For Bing toolbar users, the HTTP request when you visit any site is also sent to Microsoft (if you have "suggested sites" turned on), so they get the traffic stats. Bing also used the Referer that brought a user to a page as one of its minor indexing terms. By clicking a link on a page, the user has indicated they think the link is relevant to what they are looking for -- so the Referer, and especially any query contained within it, is pretty good information. And it's the user's information -- the user both typed the search query, and chose to click the link. Google's experiment spammed the signal by ordering employees to visit a page for a made-up search query (non-existent words) so that those paid click-throughs would be the only information Bing could receive for those made-up words. The words didn't exist, so Bing couldn't index them off the web -- so it doesn't matter what algorithms Bing uses, that forced the paid click-throughs to be the only results because there was no other source of data in the world for those words. Google then spun it that it was Google's information that Bing was using (Google own their generated results page, most of which was not clicked on and did not appear in Bing) rather than the human user's information (what sites the user chooses to visit). The difference being that if it's the human user's information (if your clicks belong to you not Google), then the human user within his rights to give that information to whomever he likes, including Microsoft, and Microsoft are within their rights to use it as an index signal, albeit according to them it was a very minor one.

      There is a current relevance to this history. That Referer information from the user's browser is valuable data. By making this change, Google is ensuring that they get this valuable data and other's don't. They get to see the full details of both where you came from and where you went; others only get the full details of where you went, and no longer get full details on where you came from. That's a straightforward business advantage. They can then sell more detailed stats to companies (in a freemium model), sell tools that let you access the Referer information that users used to give you for free, etc. While there's a privacy angle to this story (your data is now sent to fewer places), there's also money in this decision.

  2. Good or bad? by Daetrin · · Score: 4, Insightful

    Is this going to be considered good because it helps protect our privacy from the websites? Or bad because Google is effectively monetizing the private information by keeping the details to themselves (and using it?) while only handing out aggregate data to everyone else? I can see arguments being made either way.

    --
    This Space Intentionally Left Blank
    1. Re:Good or bad? by blair1q · · Score: 5, Insightful

      How is it private information when you presented it to Google for them to do the legwork on finding 1.8 million matching websites?

      They're making it a shared secret between you and Google instead of a broadcast message to every link you choose to click.

      They're monetizing it because, well, they are the ones who gave you the free advice. 1.8 million times.

  3. Re:Some deal by Hatta · · Score: 3, Informative

    Never mind, I should RTFA. For the rest of us who didn't: encrypted.google.com.

    --
    Give me Classic Slashdot or give me death!
  4. Re:Google Analytics - SEO's will be upset by irventu · · Score: 3, Funny

    I am a *search engine optimization* person and I'm NOT happy about it--this takes away about 90% of data used for SEO strategy.

    --
    Christopher Pecoraro - Irventu.com
  5. Re:Javascript on links... by hawguy · · Score: 4, Interesting

    Also, they moved the "cached" search results inside the website preview.

    Now you can't get cached results if you have javascript disabled, and you still have to wait for that lame thumbnail to pop up in order to hit google's cache.

    So that's where the cache link went! I assumed they stopped providing cached pages at all.

    I really don't care to see the thumbnails that are so tiny that the text is unreadable, I wish they'd bring the cache link back to the search results page.

  6. HTTPS Everywhere by Anonymous Coward · · Score: 5, Informative

    ...is a Firefox plugin that does that for you anyways. Google has a standard HTTPS page, as does a number of other sites, like Wikipedia.

    While I applaud Google for doing this for its signed-in customers, people should be using HTTPS for everything, everywhere, if possible. Sure, it has its flaws, but better flawed privacy than no privacy.

  7. Re:Some deal by scdeimos · · Score: 3, Insightful

    You are the product.

  8. Re:the top 1000 search terms by TechLA · · Score: 3, Insightful

    Google isn't doing it offer better privacy. It's doing it cause trouble for competing services. It basically requires all website owners to sign up with Google to access Analytics and Webmaster Tools. It's purely an anti-competitive thing and intented to destroy their compteitors. I'd be surprised if FCC doesn't start to crack on Google's monopoly tactics soon. Google is the new Microsoft.

  9. cryptome.org had some great posts on SSL by AHuxley · · Score: 3, Informative

    http://cryptome.org/0005/ssl-broken.htm on this issue.
    Welcome to en.wikipedia.org/wiki/Clipper_chip, Enigma or the fun of Data Encryption Standard era standards in your new safe browser.

    --
    Domestic spying is now "Benign Information Gathering"
  10. Everyone benefits by FyberOptic · · Score: 3, Insightful

    This is particularly beneficial to all the hapless people who think using open wifi is perfectly safe. And it saves Google from having to deal with stolen accounts as a result. That's why it's so popular on places like Twitter and Facebook, too.

    That's not to say that SSL is perfect, and a hapless user can still be tricked or spied upon once somebody starts ARP spoofing'em or SSL stripping or what have you. But some protection is better than none.

  11. Re:Some deal by swillden · · Score: 3, Insightful

    They are able to charge a premium for that targeted advertising because other people selling products feel they are getting better bang for their buck (as opposed to blanket advertising on television, or spam/UCE) due to the higher conversion rates.

    It's actually more direct than that.

    The vast majority of Google's advertising revenue comes from pay-per-click advertising, and the ad that is shown is selected based both on your likely interests and on a real-time auction among advertisers. So, Google's goal is to put in front of you the highest-paying ad that you are likely to find sufficiently interesting that you click on it. More precisely, you can think of each possible ad you could see as having an expected value to Google, which is determined by the amount the advertiser will pay Google if you click on it times the probability that you will click on it, and Google's goal is to display the ads with the highest expected value.

    Thus, the more Google knows about who you are and what you're looking for right now, the better job it can do at estimating the click probability function for each ad.

    From Google's perspective, this is a win-win-win. It's a win for Google, obviously, because it's the way they make the most money. It's a win for the winning advertiser because the advertiser got an interested (at least enough to click) person to their site, for a price that's a little less than what they offered to pay -- plus Google also provides advertisers with extensive feedback that helps them optimize the effectiveness of their ads and even their site (but doesn't share any user info). Finally, it's a win for the user because it provides ads about things that are interesting and useful to him/her.

    In Google's view, if Google shows you an ad that you don't click on, that's a failure. That means Google fails most of the time, but really hard problems are like that. It also means that it's better to display no ads than ads that the user won't care about. If Google were able to do its job perfectly, you'd click on every single ad Google shows you, and proceed to buy from each advertiser -- and you'd be happy about it because in each case you found just what you were looking for.

    The perhaps non-obvious implication of all of this is that users are not Google's product. Not from Google's perspective. Rather, advertisers and users are both customers, and Google maximizes its income by serving both effectively, by pointing users towards products they actually want to buy. The service Google sells is a sort of digital matchmaking service, and while it's the advertisers who pay Google, the users are at least as important -- since they're the ones who ultimately pay the bills.

    At least that's true for pay-per-click advertising. Google does do some pay-per-impression advertising, and that's different. In the pay-per-impression model the goal is to build brand recognition or to steer consumer perception, and there the user is definitely the product. That's a pretty small piece of Google's business, though.

    (Disclaimer: I work for Google, but not in anything ad-related, and everything I've said above is public knowledge.)

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  12. Re:the top 1000 search terms by datavirtue · · Score: 3, Informative

    Engaging Webmaster Tools is just part of maintaining an active website. Google analytics just slows your site and is not any better than your own server logs.

    --
    I object to power without constructive purpose. --Spock