Google just announced their new secure search beta, and DuckDuckGo announced similar measures. DDG’s are a bit more thorough, but the end result is the same – the search term is not passed through the referrer, and hence no analytics tool (not even a good old log analyzer) will have any idea of what a visitor searched for to reach your site.
They both claim to do this in the name of privacy. Google’s is a beta so it’s off by default, and it doesn’t explicitly say “privacy from webmasters“, but that is part of the end result. DDG, on the other hand, explicitly mentions “not leaking your search terms”, and this feature is enabled by default for all users – even over non-HTTPS connections. (Technical note: when you click a link on an HTTPS page, your browser does not send a referrer, which is why HTTPS search engines will result in “secret” searches that we can’t see).
Being able to search over HTTPS is probably a good thing for people in countries with vast censorship, such as China. I can understand offering this as an option that people can use. But I really hope Google never considers making this the default, because that would be very irritating for web masters – we would have no idea what people were searching for to get to our site, which is arguably the #1 reason to run analytics in the first place.
My big problem is that DDG is hiding the search term from sites by default. That’s not good for the internet at all, and I’m scared that Google may end up doing something similar (via HTTPS or not), and perhaps other search engines in the future.
Part of the problem is that this gives users a false sense of security. Yes, someone “snooping” your connection won’t be able to tell what you’re searching for, but the sites you click through to will probably have a good idea, based on your landing page – not to mention they can also see their IP address and every page they have ever viewed on my site, ever. And yet somehow, not knowing this visitor’s specific search term is protecting their privacy? Please. The only thing it does is make the life of a web master a much bigger pain in the ass than it was before.
I’m taking time out of my amazing Hawaiian vacation to write this blog post because that’s how much I care about this issue, and believe that it is not good for anyone. Of course, I wouldn’t be surprised to learn that Google Analytics will somehow magically be able to track these “secure” searches. Wouldn’t that be convenient for the likes of every other analytics service on the planet?
This all seems very familiar, doesn’t it? Other search engines may start doing this too, but really, with 90% marketshare, Google is the only one that matters. So what can you do? Blog about it. Tweet. Complain. Let Google you know that you do not like this, and let DuckDuckGo and any other engine who does this in the future know the same.