Is Passing Query String Data In Referral URLs A Privacy Violation?
from the seems-like-a-stretch dept
Achura points us to the news that Chris Soghoian, whose work I really respect, has filed an FTC complaint over the way Google handles referral URLs, saying that the company is violating its own privacy policy.While I'm pretty big in supporting privacy issues... I have to say that I really don't see this as a big issue. Soghoian tries to use examples of where query strings revealed private info, but those are in cases where the query string was revealed to other third parties who had nothing to do with the transaction in question. But providing that data directly to the site that was clicked? It's hard to see how there's a problem there. Soghoian does point out that Google does mask the query string on URL clicks that come from Gmail accounts, but that's an entirely different situation, because then you're searching through private data. When doing a websearch on public data, and providing it only to a party who is involved in the event, seems totally reasonable. There are plenty of legitimate privacy issues out there. It seems silly to focus on one that seems so inconsequential.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, referrals, search data
Companies: google
Reader Comments
Subscribe: RSS
View by: Time | Thread
You're making a variation of "If you've nothing to hide..."
[ link to this | view in chronology ]
Re: You're making a variation of "If you've nothing to hide..."
[ link to this | view in chronology ]
Re: Re: You're making a variation of "If you've nothing to hide..."
[ link to this | view in chronology ]
It's more than the query
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ridiculous
You could argue that any referrer is a privacy infringement as it reveals what place you visited before. In that case it's not limited to Google at all, but the entire web does this. Anyone who doesn't want to pass this information on, can already block it.
This isn't a Google feature, this is a browser client feature. Google doesn't tell your browser to pass this on, YOU do (you could block it but you don't).
[ link to this | view in chronology ]
Re: Ridiculous
People who are not you can Google you is that your fault?
It is in your control to stop other from doing it?
So here we are asking for that data to be obfuscated and not send in clear text to everyone to see and collect what is the problem with that?
[ link to this | view in chronology ]
Re: Re: Ridiculous
Aside from that, you have the right to disable referrer headers but you do not have the right to force others to. Not Google and not your ex-wife.
[ link to this | view in chronology ]
Although you might not agree it's of much importance, it suggest there could be some good use of it. (e.g.: your e-store might suggest "recommandation" / "related items" with reference to this search string to help customers find more relevent goods.)
[ link to this | view in chronology ]
Although I wasn't really aware of Google doing this until I first dug around Analytics, I'd still place it towards the lower end of the scale of privacy concerns.
[ link to this | view in chronology ]
So let me get this straight...
Someone has bought the keywords "lace underwear", and I get to see their ad.
But when I click their ad, they don't just see that their ad triggered on the keywords "lace underwear", they actually see that I came to their site from a google results page for the string "lace underwear for men".
Is that the problem ?
Jeez, the guy has too much time on his hands.
The REAL issue would be if
a) google started giving people access to the search strings their ad was shown for, not just those it was clicked thru for. But I'm sure they never will because
1. It is evil and also stupid
2. The amount of data they'd be handing over would be enormous and no-one would want to have to deal with it (esp as it is so unqualified)
b) google passed other info that they know about you too (say an email address if you're signed into gmail or whatever else they know, maybe even a cell phone number for mobile searches).
Again, this would be
1. Evil
2. Stupid
c) google included your GPS coords (for a search from a phone) without you having had a very clear opt in first. Of course, this might be implied if the adverstiser has asked for his ad to be selectively shown...
The problem is not actually with google (on whom public gaze is permanently trained) but people offering similar services through apps that might have far access more personal info and which may not work anything like a good old fashioned browser. Not nearly as many people keeping them honest.
What I think google SHOULD do with adwords is include in their quality score a "rapid return" clause. That is, if I click through an ad and within 5 seconds I have reversed back to the results page or come straight back for another search, then I probably did not find what I wanted, and the landing site may not be offering what the ad taster implied. And it would be OK to pass that info to the advertiser, IMHO, so they could learn from their mistake.
[ link to this | view in chronology ]
Not actually Google...
[ link to this | view in chronology ]
Re: Not actually Google...
[ link to this | view in chronology ]
Re: Re: Not actually Google...
[ link to this | view in chronology ]
Re: Not actually Google...
So Google choose exactly what to send at that point.
[ link to this | view in chronology ]
Re: Re: Not actually Google...
[ link to this | view in chronology ]
Is Passing Query String Data In Referral URLs A Privacy Violation?
[ link to this | view in chronology ]
The web is static, not dynamic.
Does Soghoian not understand why the querystring is needed or that it can easily be done through a cookie instead?
News tip, Soghoian: Web pages don't "talk" to each other. Information is passed from one to the other so it knows what to do. Querystrings are used because "tracking cookies" seem to cause even more paranoia.
By evaluating this data, a receiving web page can host content you're looking for, rather than approach the page as a "blank slate", which wastes your time to find the relevant information after the Google search.
Try Amazon.com as an example. Type in "cowboy boots" and you'll see the link takes you to Amazon.com's listing for cowboy boots.
Incredible, isn't it? All this is possible thanks to what is known as the Query String.
By the way: I wouldn't recommend the Firefox config edit as noted above. While it does work, it also renders many websites invalid and trust me when I say there's nothing worse than someone sending an email on why our page doesn't work because of settings they elected to disable/enable.
Enjoy your day, Soghoian, because this just made everyone else's day miserable.
[ link to this | view in chronology ]
Re: The web is static, not dynamic.
[ link to this | view in chronology ]
Website magic
[ link to this | view in chronology ]
Doesn't Bing/Ask/whoever pass the search query along, too?
http://www.google.com/search?q=google+sucks&ie=utf-8&oe=utf-8&aq=t&rls=com.ya hoo:en-US:official&client=firefox
No one's business what browser I'm using, or whether I have something installed from Yahoo (that looks artifact-y to me, since I don't have anything from Yahoo installed, but the last user of this computer did).
Similarly, I resent the "safe Search off" parameter crowded into a normal (non-browser search box) search query:
http://www.google.com/#sclient=psy&hl=en&safe=off&q=google+is+evil&aq=f&am p;aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=74aa9d8d10e40e85
Who's business is it that Safe Search is off? Who cares? Why must that be in there?
That the search terms themselves are in there? Well, duh. I guess they should be, since it's helpful to have them from a webmaster's viewpoint.
Unless the person bringing the complaint thinks webmasters should have less tools at their disposal for figuring out what their visitors want, not more...duh. Just duh.
[ link to this | view in chronology ]