Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Switching to SSL By Default For Logged-In Users

Posted by Unknown on from the except-for-other-google-services dept.

nonprofiteer writes "Google plans to encrypt search for signed-in users, so that websites will no longer get to see the search terms that led a user to their site, though they will get aggregated reports on the top 1000 search terms that led traffic to their sites."

6 of 133 comments (clear)

  1. Refreshing by Anonymous Coward · · Score: 5, Insightful

    This will break those sites that automatically generate content based on your search query.

    1. Re:Refreshing by williamhb · · Score: 4, Interesting

      And I should point out (since the GP doesn't know about referers, he probably needs more than a one word answer) that the Referer is a field in your HTTP request that's automatically sent by your browser telling it the address of the website that you came from. Since Google (and other search engines) put the query string in the URL of the search results page (like they should), the website can read the results out of the URL and know what your search terms were.

      Google didn't invent this as a way to invade your privacy -- it's been a feature of the web since the early days.

      It's also what was behind the "Bing copies Google" ridiculousness some time ago. For Bing toolbar users, the HTTP request when you visit any site is also sent to Microsoft (if you have "suggested sites" turned on), so they get the traffic stats. Bing also used the Referer that brought a user to a page as one of its minor indexing terms. By clicking a link on a page, the user has indicated they think the link is relevant to what they are looking for -- so the Referer, and especially any query contained within it, is pretty good information. And it's the user's information -- the user both typed the search query, and chose to click the link. Google's experiment spammed the signal by ordering employees to visit a page for a made-up search query (non-existent words) so that those paid click-throughs would be the only information Bing could receive for those made-up words. The words didn't exist, so Bing couldn't index them off the web -- so it doesn't matter what algorithms Bing uses, that forced the paid click-throughs to be the only results because there was no other source of data in the world for those words. Google then spun it that it was Google's information that Bing was using (Google own their generated results page, most of which was not clicked on and did not appear in Bing) rather than the human user's information (what sites the user chooses to visit). The difference being that if it's the human user's information (if your clicks belong to you not Google), then the human user within his rights to give that information to whomever he likes, including Microsoft, and Microsoft are within their rights to use it as an index signal, albeit according to them it was a very minor one.

      There is a current relevance to this history. That Referer information from the user's browser is valuable data. By making this change, Google is ensuring that they get this valuable data and other's don't. They get to see the full details of both where you came from and where you went; others only get the full details of where you went, and no longer get full details on where you came from. That's a straightforward business advantage. They can then sell more detailed stats to companies (in a freemium model), sell tools that let you access the Referer information that users used to give you for free, etc. While there's a privacy angle to this story (your data is now sent to fewer places), there's also money in this decision.

  2. Good or bad? by Daetrin · · Score: 4, Insightful

    Is this going to be considered good because it helps protect our privacy from the websites? Or bad because Google is effectively monetizing the private information by keeping the details to themselves (and using it?) while only handing out aggregate data to everyone else? I can see arguments being made either way.

    --
    This Space Intentionally Left Blank
    1. Re:Good or bad? by blair1q · · Score: 5, Insightful

      How is it private information when you presented it to Google for them to do the legwork on finding 1.8 million matching websites?

      They're making it a shared secret between you and Google instead of a broadcast message to every link you choose to click.

      They're monetizing it because, well, they are the ones who gave you the free advice. 1.8 million times.

  3. Re:Javascript on links... by hawguy · · Score: 4, Interesting

    Also, they moved the "cached" search results inside the website preview.

    Now you can't get cached results if you have javascript disabled, and you still have to wait for that lame thumbnail to pop up in order to hit google's cache.

    So that's where the cache link went! I assumed they stopped providing cached pages at all.

    I really don't care to see the thumbnails that are so tiny that the text is unreadable, I wish they'd bring the cache link back to the search results page.

  4. HTTPS Everywhere by Anonymous Coward · · Score: 5, Informative

    ...is a Firefox plugin that does that for you anyways. Google has a standard HTTPS page, as does a number of other sites, like Wikipedia.

    While I applaud Google for doing this for its signed-in customers, people should be using HTTPS for everything, everywhere, if possible. Sure, it has its flaws, but better flawed privacy than no privacy.