Is Passing Query String Data In Referral URLs A Privacy Violation?

from the seems-like-a-stretch dept

Achura points us to the news that Chris Soghoian, whose work I really respect, has filed an FTC complaint over the way Google handles referral URLs, saying that the company is violating its own privacy policy.
Frankly, the whole thing seems like a pretty big stretch. At issue, is the fact that Google search results URLs include the query data, and that's then included in the referral URL, allowing websites to know what people were searching on that got them to click on the website. This is, of course, how pretty much all search engines work, and websites have always used that data to analyze how people are getting to their sites. But Soghoian argues -- correctly -- that there can be personal info included in a query string, and that while Google does offer some tools to let you avoid passing on the query string, they're not that easy to find. He also suggests that Google could just provide aggregate data, rather than each query string.

While I'm pretty big in supporting privacy issues... I have to say that I really don't see this as a big issue. Soghoian tries to use examples of where query strings revealed private info, but those are in cases where the query string was revealed to other third parties who had nothing to do with the transaction in question. But providing that data directly to the site that was clicked? It's hard to see how there's a problem there. Soghoian does point out that Google does mask the query string on URL clicks that come from Gmail accounts, but that's an entirely different situation, because then you're searching through private data. When doing a websearch on public data, and providing it only to a party who is involved in the event, seems totally reasonable. There are plenty of legitimate privacy issues out there. It seems silly to focus on one that seems so inconsequential.

Filed Under: privacy, referrals, search data
Companies: google

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Marah Marie (profile), 12 Oct 2010 @ 4:36pm

    Doesn't Bing/Ask/whoever pass the search query along, too?

    Frankly, I think it's a bigger deal that browser info is passed on through the search query URL from the browser search box, like so: hoo:en-US:official&client=firefox

    No one's business what browser I'm using, or whether I have something installed from Yahoo (that looks artifact-y to me, since I don't have anything from Yahoo installed, but the last user of this computer did).

    Similarly, I resent the "safe Search off" parameter crowded into a normal (non-browser search box) search query: p;aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=74aa9d8d10e40e85

    Who's business is it that Safe Search is off? Who cares? Why must that be in there?

    That the search terms themselves are in there? Well, duh. I guess they should be, since it's helpful to have them from a webmaster's viewpoint.

    Unless the person bringing the complaint thinks webmasters should have less tools at their disposal for figuring out what their visitors want, not more...duh. Just duh.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.