Is Passing Query String Data In Referral URLs A Privacy Violation?

from the seems-like-a-stretch dept

Achura points us to the news that Chris Soghoian, whose work I really respect, has filed an FTC complaint over the way Google handles referral URLs, saying that the company is violating its own privacy policy.
Frankly, the whole thing seems like a pretty big stretch. At issue, is the fact that Google search results URLs include the query data, and that's then included in the referral URL, allowing websites to know what people were searching on that got them to click on the website. This is, of course, how pretty much all search engines work, and websites have always used that data to analyze how people are getting to their sites. But Soghoian argues -- correctly -- that there can be personal info included in a query string, and that while Google does offer some tools to let you avoid passing on the query string, they're not that easy to find. He also suggests that Google could just provide aggregate data, rather than each query string.

While I'm pretty big in supporting privacy issues... I have to say that I really don't see this as a big issue. Soghoian tries to use examples of where query strings revealed private info, but those are in cases where the query string was revealed to other third parties who had nothing to do with the transaction in question. But providing that data directly to the site that was clicked? It's hard to see how there's a problem there. Soghoian does point out that Google does mask the query string on URL clicks that come from Gmail accounts, but that's an entirely different situation, because then you're searching through private data. When doing a websearch on public data, and providing it only to a party who is involved in the event, seems totally reasonable. There are plenty of legitimate privacy issues out there. It seems silly to focus on one that seems so inconsequential.

Filed Under: privacy, referrals, search data
Companies: google

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    R. Miles (profile), 12 Oct 2010 @ 3:34am

    The web is static, not dynamic.

    Why is it assumed so many people think web pages are dynamic, as they can "talk" to each other by the magic of the internet?

    Does Soghoian not understand why the querystring is needed or that it can easily be done through a cookie instead?

    News tip, Soghoian: Web pages don't "talk" to each other. Information is passed from one to the other so it knows what to do. Querystrings are used because "tracking cookies" seem to cause even more paranoia.

    By evaluating this data, a receiving web page can host content you're looking for, rather than approach the page as a "blank slate", which wastes your time to find the relevant information after the Google search.

    Try as an example. Type in "cowboy boots" and you'll see the link takes you to's listing for cowboy boots.

    Incredible, isn't it? All this is possible thanks to what is known as the Query String.

    By the way: I wouldn't recommend the Firefox config edit as noted above. While it does work, it also renders many websites invalid and trust me when I say there's nothing worse than someone sending an email on why our page doesn't work because of settings they elected to disable/enable.

    Enjoy your day, Soghoian, because this just made everyone else's day miserable.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.