In a move with significant privacy implications, Google said today that it will encrypt searches by default when signed-in users click on organic results.
This means that Google will no longer pass along users' queries in the referrer headers that get sent to publishers. Instead, Google will make available the top 1,000 searches that drove traffic to their sites in the last 30 days.
The move doesn't apply universally: Google is only turning on the default setting for users who are signed-in. Also, Google is only encrypting results when people click on organic results. If users click on paid search ads, Google will still send search marketers the entire query stream.
Still, the shift by Google could significantly affect users (as well as publishers and search engine optimization specialists). Among other ramifications, the move means that Google will no longer “leak” the names of people who click on organic listings after conducting vanity searches.
The search company's move comes one year after privacy expert Christopher Soghoian filed a complaint with the Federal Trade Commission alleging that Google leaks users' data by sharing search queries with third parties.
Google also was sued over the practice by user Paloma Gaos. That case is pending in federal court in San Jose, Calif.
Google's move comes at a time when privacy experts are increasingly examining data leakage via referrer headers. Last week, Stanford's Jonathan Mayer reported that many popular Web sites leak users' screennames, birthdates and other personal information to third parties by including that data in the referrer headers.