Former FTC Staffer Alleges Google Says One Thing, Does Another
Specifically, Soghoian says that the referring URLs -- those transmitted by Google to Web site operators when visitors click on their links after searches -- can in themselves provide enough information to identify users. That's because those referring URLs contain the terms users search for -- and people sometimes type their own names, addresses or other identifying information into the query box.
Google responds that passing along referrer headers is a standard practice across all search engines. "A sports website might find it useful to know whether its users arrived because they searched for 'football' rather than 'baseball,'" the company says. "Google does not pass any personal information about the source of the query to the destination website."
In May Google rolled out an encrypted search service that doesn't pass along referrers when users land on unencrypted results pages. But Soghoian alleges that consumers have no reason to use this feature because they don't understand the company's practices. "If users don't know that their queries are being shared with third parties, why would they bother to use the encrypted search service in the first place," he asks.
Soghoian likely isn't exposing any new business practices in his complaint given that search engines have sent along this type of data for many years. In fact, in some ways the most notable aspect of the petition is that it appears to mark the first known complaint to the FTC about Google's practice regarding referring URLs.
Still, even if Google and other search engines have sent along referrer information in the past, that doesn't mean they should continue to do so without notice to consumers. People who are concerned about privacy might well be more careful with their queries -- or at least might assess whether they really want to click through from a search results page -- if they understood exactly what data was going to be transmitted to the destination site.