Google’s SSL Encryption: protecting your privacy or killing off competitor Ad Networks?

Google witholds search query data

“Do no evil”


What’s happened?

On Tuesday 18th October Google told us that searches made by users that are signed-in would, by default, be made via the SSL version of Google (https// As a result, webmasters will no longer be able to see the search query (keyword) that sent their visitors to their websites. Most, but not all, of search marketers are less than pleased with the change.

 Why have they done this?

Google say this change is part of their on-going “commitment to provide a more secure online experience” and is primarily a feature to protect the privacy of their users. An odd justification, if you ask me, considering the same data they are withholding “to protect users’ privacy” is still available for those who are willing to pay Google for the privilege. Yes, search query data will still be served to webmasters for paid search results!

Funnily enough, not everybody in the SEO sphere is utterly convinced that privacy protection is the real reason behind this change. Most notably, Ian Lurie, has declared full on war with Google arguing that it couldn’t possibly be down to privacy when they serve adverts according to the body of emails and have photographed almost every inch of the world for anybody to view online. Lurie goes on to categorically state that Google’s SSL encryption is there purely to shut out competing ad networks. Previously, third-party ad networks have relied on the referring query string containing the keyword referral data to serve relevant targeted ads. Now the query string is missing this vital piece of information (keywords), these ad networks will almost certainly suffer. It can’t be long before a law suit is filed against the search giant, surely?

 It’s not all bad

Here at Passion Digital we’re not big on whinging. Whilst we can definitely see the impact this change is going to have, there’s really not a great deal we can do about it. First things first, you need to be tracking the numbers of these ‘referral data-less’ visitors. Here’s a great custom report to do just that in Google Analytics (an early Christmas present):

Once you’re tracking the visits coming from those (pesky) signed-in visitors the future doesn’t look all that bleak after all. Considering that these signed-in users will have come from a SERP that was heavily customised to that individual person based on various factors such as browser history, social activity etc. the data from these visitors, in actual fact, wouldn’t have been that useful anyway. Now that we’ve separated the types of visits we can concentrate on those that have arrived from the main Google search algorithm. After all, this will still be the source of the (vast) majority of all organic visits to a website, and is the only algorithm we can really optimise for.

What can we do?

  • Try and kick up a fuss – write a snotty letter to Google asking them to revert the changes as it’s making your life harder. (Good luck)
  • Give up.
  • Change your entire site to run behind the https protocol.
  • Get on with it:
    • Remember messrs Yahoo and Bing are still giving us our data (for now).
    • Use internal search data more in our website analyses.
    • Concentrate and optimise for visitors who have arrived via the main Google algorithm.

[schema type=”person” name=”Tom Katte” jobtitle=”Client Director” url=”/about-us” email=”” ]