In a move with significant privacy implications, Google said today that it will encrypt searches by
default when signed-in users click on organic results.
This means that Google will no longer pass along users' queries in the referrer headers that get sent to publishers. Instead, Google will
make available the top 1,000 searches that drove traffic to their sites in the last 30 days.
The move doesn't apply universally: Google is only turning on the
default setting for users who are signed-in. Also, Google is only encrypting results when people click on organic results. If users click on paid search ads, Google will still send search marketers
the entire query stream.
Still, the shift by Google could significantly affect users (as well as publishers and search engine optimization specialists). Among other
ramifications, the move means that Google will no longer “leak” the names of people who click on organic listings after conducting vanity searches.
The search company's move comes
one year after privacy expert Christopher Soghoian filed a complaint with the Federal Trade
Commission alleging that Google leaks users' data by sharing search queries with third parties.
Google also was sued over the practice by user Paloma Gaos. That
case is pending in federal court in San Jose, Calif.
Google's move comes at a time when privacy experts are increasingly examining data leakage via referrer headers. Last week, Stanford's
Jonathan Mayer reported that many popular Web sites leak users' screennames,
birthdates and other personal information to third parties by including that data in the referrer headers.