This post discusses Google SSL, almost a year after its launch in 2010.
It discusses a test which raises some questions about the effects on Google Analytics tracking data, AdWords tracking data, user privacy, and what the extent of these effects have been.
What is Google SSL?
Google SSL is a Beta version of Google Search which uses Secure Sockets Layer (SSL), so that when a user enters a search query, it is kept private between the user’s connection and Google. It is an end to end encrypted solution for search terms sent between the user and Google.
What have the affects been?
The proposition offered by Google SSL is that search queries will not be shared and cannot be intercepted by any third party. Despite Google Analytics being a Google service, not a third party, so in theory if Google shared search data from a Google SSL Search with Google Analytics, it would not be passing it on to a third party, there has been great concern that it will still affect referral information in Google Analytics.
Most web browsers tend to strip away user referral information as default when moving from a secure connection to a standard connection (from https to http). This could mean that any visit which originated from Google SSL would be logged as direct traffic within Google Analytics, as there would be no traceable referral data.
To test this, we performed an experiment using Google SSL on our own website.
We used the Sea Monkey browser for this, as a browser which we generally receive only a very small number of visits through.
We then searched on Google SSL in Sea Monkey, using the search query ‘Koozai Tara’.
Prior to this, we set up a custom segment in Google Analytics, to segment any visits from the Sea Monkey browser.
When we looked at the data, it revealed that there had only been one visit to our site using a Sea Monkey browser on that day:
When we further explored the visit, it confirmed that the pages visited were the same as those we had clicked on in the experimental visit through Google SSL.
The results of our experiment suggest that when searching from Google SSL, the referral data is stripped away and listed as direct traffic within Google Analytics. This proves that on a basic level, Google SSL has impacted Google Analytics data. The question this raises however is how much traffic is actually generated from Google SSL searches and whether this is enough to have an impact on traffic analysis in Google Analytics to skew interpretation of direct traffic levels.
We have only tested this within the Sea Monkey browser, so please note that other browsers may behave differently and not strip out referral data.
AdWords advertising still appears when a user searches on Google SSL:
We performed the same test that we performed to test organic referrals from SSL for AdWords, using the Sea Monkey browser and a filter to track any visits. We searched for a keyword we are bidding on, located our ad and clicked on it. The filter on analytics had one visit from a sea monkey browser that day, showing as search engine traffic:
We were also able to see the keyword which we searched for in the data. This means that although the SSL keyword data from organic searches is not shared with Google Analytics, AdWords SSL keyword data is.
We tried to explore this further in the AdWords interface by examining the search queries which had triggered impressions that resulted in a click on that particular day. Unfortunately it said there was ‘Not enough data to display particular queries’, so we are unable to conclude whether the AdWords SSL keyword data is shared with the AdWords interface.
From an advertiser’s perspective, it is positive that a searcher’s search query which resulted in an AdWords click can still be tracked within Google Analytics. This means conversions as a result of clicks from ads served on Google SSL can still be tracked down to keyword level using Google Analytics.
The searcher’s privacy has not seen any dramatic change, as Google still uses their search data in the same ways it did previously.
The main thing that may have changed for the searcher, is that their search query cannot now be seen by third parties, such as internet service providers, employers, or anyone else who might want to intercept their search query data. Users would still be at the same level of risk from hackers, as if their computer is infected with malware the hacker could still access their search queries.
It would be interesting to see how many users of Google SSL are aware that their search queries are still shared with Google Analytics if they choose to click on an AdWords ad.
It is difficult to tell whether searching on Google SSL has affected the level of personalisation in search results. In theory it should remain the same as when using regular Google Search, because to implement personalisation in a user’s search results, the search data would only need to be shared with Google, not any third parties, and so this is still within the level of privacy Google SSL Search has promised to provide.
If the searcher is logged into their Google account, Google are still able to influence the search results by using other data they have about the user, such as their bookmarks:
This suggests that some level of personalisation still remains when using SSL and that Google could use search data from SSL searches to further personalise search providing that data is not shared with any third party.
Has Google SSL Improved User Privacy?
The tests above show different levels of privacy using SSL dependant on whether the searcher chooses an organic or paid search result. Both Google Analytics and Google AdWords are Google services, so this begs the question of what exactly Google class as a ‘third party’.
The aim of Google SSL was to increase user privacy and prevent search queries from being shared with third parties. Until Google define exactly what they deem to be a third party, it is difficult to judge whether this has been achieved.
What is the extent of the affect of Google SSL?
It is difficult to tell whether Google SSL has had a dramatic affect on traffic analysis without knowing how many users SSL has. Assuming that for most websites the level of traffic received from SSL is a minority in comparison to other sources, it is unlikely that being deprived from SSL referral data has not had a large impact on traffic analysis.
It would be interesting to hear from any websites who have seen a large increase in direct traffic in the last year and think it may be attributed to Google SSL traffic.
Please feel free to add your comments below.