Warning: Firefox is About to Start Stealing Our Data
Posted by: formicmediauser
Back in October of 2011 (that long ago?) on the “Official Google Blog” it was announced that search was going to become more secure. Awesome. But, wait there’s a catch (Official Google Blog, October 18, 2011):
As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra “s”) when you’re signed in to your Google Account. This change encrypts your search queries and Google’s results page. This is especially important when you’re using an unsecured Internet connection, such as a WiFi hotspot in an Internet cafe. You can also navigate to https://www.google.com directly if you’re signed out or if you don’t have a Google Account.
What does this mean for sites that receive clicks from Google search results? When you search from https://www.google.com, websites you visit from our organic search listings will still know that you came from Google, but won’t receive information about each individual query. They can also receive an aggregated list of the top 1,000 search queries that drove traffic to their site for each of the past 30 days through Google Webmaster Tools. This information helps webmasters keep more accurate statistics about their user traffic. If you choose to click on an ad appearing on our search results page, your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.
In the internet marketing world this meant that extremely useful, highly relevant keyword data would appear as “(not provided)” if someone was logged into their Google account, performed a search and was brought to the site through an organic listing. At first, in November, it looked like this was affecting approximately 8.875% of web traffic. Then, reports started rolling in with people claiming numbers as high as 30%.
Yesterday, things got worse for internet marketers spending any time hoarding over Google Analytics data. In his blog, Christopher Soghoian, a security and privacy researcher, announced that Firefox was jumping into the game of Google encrypted search:
A few days ago, Mozilla’s developers quietly enabled Google’s HTTPS encrypted search as the default search service for the “nightly” developer trunk of the Firefox browser (it will actually use the SPDY protocol). This change should reach regular users at some point in the next few months.
This is a big deal for the 25% or so of Internet users who use Firefox to browse the web, bringing major improvements in privacy and security.
I’m in no way a mathematician, but if we *guess* that 10% of data was “(not provided)” before Firefox jumped on board, and that Firefox user account for 25% of Internet users, we can back into what we can expect to see.
10% encrypted already (of this 25% were already using Firefox), so 7.5% plus 25% (32.5%) of all Internet users; ergo a *rough estimate* of what our “(not provided)” data will look like in the coming months:
Site Visitors: 10,000 per month via organic search
Pre-encryption: You saw 10,000 visible search queries per month in Analytics
Google logged in account encryption (November 2011): about 9,000 visible search queries per month – 1,000 encrypted queries
Firefox and Google logged in combo (the very near future): about 6,750 visible search queries per month – 3,250 encrypted queries
And for those that like data visualization:
Again, take it for what it’s worth based on estimates from my own experience and those published on the web, but OUCH – Thank a lot Firefox…