If you work in the search marketing world, you know the story by now — Google has decided not to pass in keyword data when users are logged into their Google accounts. The last part of that sentence (in bold) is incredibly important, and we’ll get to that in a minute.
Google claims that they’re making this change for privacy reasons — and strangely predictably, nobody believes Google. But I do. And I will tell you why.
But before we go down that path, let’s get a couple things straight: This isn’t about premium analytics packages. This isn’t about other advertising networks using Google’s keyword data for retargeting. This is about how Google grossly compromised user privacy for more than one month for the sake of getting a product to market as quickly as possible.
And now they’re trying to clean it up before anyone notices.
The REAL Privacy Problem
From September 15, 2011 – October 18, 2011, it was possible for any webmaster with a hacker-leaning mindset to do something we never could have imagined before: to tie an individual Google search back to the actual human being who typed it into their search box — if that user was logged into their Google account.
Take a second to think about the impact there. We use Google to find help for private and sensitive things that we don’t want others to know. We put a great deal of trust in Google to keep our searches private. The thought of our privacy being compromised is scary enough on its own — but it’s even scarier when you realize that this wasn’t even a hack.
Google provided all of the tools anyone would need to do this.
They made it possible by launching the Google+ API before it was safe.
How it Worked
As with all social APIs, developers using the Google+ API can access public parts of any user’s profile data.
So for one month, each time your keyword data was passed through in the referrer to a given website and you were signed into your Google account, anyone could write a simple program with the API to tie YOU back to the search that brought you to the site.
By closing keyword referrals for logged in users, Google is cleaning up the gaping privacy hole that left our searches exposed for over a month.
How do you think the FTC would feel about this? What about privacy advocacy groups? The United States Congress?
It’s no wonder that Google has remained uncharacteristically silent on their motivations for making the switch.
Google Hasn’t Gone Far Enough
By blocking keyword referrals for logged in users, Google is taking good steps towards cleaning up this privacy mess — but they need to go all the way.
First, I know my PPC friends won’t like to hear this, but if Google wants to make things right, they need to close off the referring keywords for Adwords customers as well. Sorry, it sucks, but you’ll learn to deal with it.
Second, Google needs to come clean. All of their users have a right to know. A vague post on their Analytics blog just isn’t going to cut it.