Is Passing Query String Data In Referral URLs A Privacy Violation?

from the seems-like-a-stretch dept

Achura points us to the news that Chris Soghoian, whose work I really respect, has filed an FTC complaint over the way Google handles referral URLs, saying that the company is violating its own privacy policy.
Frankly, the whole thing seems like a pretty big stretch. At issue, is the fact that Google search results URLs include the query data, and that's then included in the referral URL, allowing websites to know what people were searching on that got them to click on the website. This is, of course, how pretty much all search engines work, and websites have always used that data to analyze how people are getting to their sites. But Soghoian argues -- correctly -- that there can be personal info included in a query string, and that while Google does offer some tools to let you avoid passing on the query string, they're not that easy to find. He also suggests that Google could just provide aggregate data, rather than each query string.

While I'm pretty big in supporting privacy issues... I have to say that I really don't see this as a big issue. Soghoian tries to use examples of where query strings revealed private info, but those are in cases where the query string was revealed to other third parties who had nothing to do with the transaction in question. But providing that data directly to the site that was clicked? It's hard to see how there's a problem there. Soghoian does point out that Google does mask the query string on URL clicks that come from Gmail accounts, but that's an entirely different situation, because then you're searching through private data. When doing a websearch on public data, and providing it only to a party who is involved in the event, seems totally reasonable. There are plenty of legitimate privacy issues out there. It seems silly to focus on one that seems so inconsequential.

Filed Under: privacy, referrals, search data
Companies: google

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Griff (profile), 12 Oct 2010 @ 2:03am

    So let me get this straight...

    I type in "lace underwear for men".
    Someone has bought the keywords "lace underwear", and I get to see their ad.
    But when I click their ad, they don't just see that their ad triggered on the keywords "lace underwear", they actually see that I came to their site from a google results page for the string "lace underwear for men".

    Is that the problem ?

    Jeez, the guy has too much time on his hands.

    The REAL issue would be if

    a) google started giving people access to the search strings their ad was shown for, not just those it was clicked thru for. But I'm sure they never will because
    1. It is evil and also stupid
    2. The amount of data they'd be handing over would be enormous and no-one would want to have to deal with it (esp as it is so unqualified)

    b) google passed other info that they know about you too (say an email address if you're signed into gmail or whatever else they know, maybe even a cell phone number for mobile searches).
    Again, this would be
    1. Evil
    2. Stupid

    c) google included your GPS coords (for a search from a phone) without you having had a very clear opt in first. Of course, this might be implied if the adverstiser has asked for his ad to be selectively shown...

    The problem is not actually with google (on whom public gaze is permanently trained) but people offering similar services through apps that might have far access more personal info and which may not work anything like a good old fashioned browser. Not nearly as many people keeping them honest.

    What I think google SHOULD do with adwords is include in their quality score a "rapid return" clause. That is, if I click through an ad and within 5 seconds I have reversed back to the results page or come straight back for another search, then I probably did not find what I wanted, and the landing site may not be offering what the ad taster implied. And it would be OK to pass that info to the advertiser, IMHO, so they could learn from their mistake.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.