Does the Google Referral Encryption Really Matter? A Forecast for SEO, Search, and Social

By  |  Published 

Last Tuesday, Google announced a change that has the SEO and web content community up in arms: users who are signed in to Google will be routed through the secure socket layer (SSL) version of Google. As a result, the referrer data that lets you know what keywords users typed in to their search query will no longer be available in your analytics.

Google has responded to outcries from the SEO community by insisting that this change has been made for the sake of user privacy, an explanation that has fallen short due to the embedded double standard of the change: you can see the referrer data if you are an advertiser who uses Google’s pay-per-click (PPC) service.

What Does This Change?

Analytics will continue to show that the click came from Google and that it was an organic click, but the query string will no longer be visible – instead of seeing the keywords, you’ll see (not provided) in your analytics. Below is a screenshot of the rise in (not provided) referral queries at SEOmoz.

seomoz not provided analytics

This could decrease the value of efforts made by search and content professionals to create SEO web content. If we’re unable to see what search queries directed visitors to our sites, it’s difficult to rate the effectiveness of an SEO campaign or the conversion rate of organic web content.

For instance, at We Do Web Content, we build bespoke keyword campaigns for each of our clients and monitor the performance of those keywords as part of our web content services. Being able to identify the keywords that are performing well and bringing our clients traffic is an important step in the process, so it’s unsettling at best that Google is taking away some of this important, specific data – data that helps us ensure our clients’ content is getting to the people who are looking for it.

Matt Cutts, head of Google’s Webspam team, has estimated that the impact will be in the single digits, and as webmasters leak data from their sites’ analytics, that projection has by and large been accurate; SEOmoz reported a 2.2% change. So far…

The Argument for Privacy

Google’s singular reasoning for the switch, as far as they have indicated, boils down to a more secure search experience for consumers.

There is some force to that argument; HTTP session hijacking and packet-sniffing over unsecured Wi-Fi connections is becoming more prolific and more problematic. Last year at ToorCon, an information security conference in San Diego, software developer Eric Butler released Firesheep in an attempt to highlight the failure of large websites to move towards end-to-end SSL encryption.


Simply put, Firesheep – and Droidsheep, an Android-based mobile corollary – allows anyone connected to an open wireless network to “capture” data from other users who are visiting insecure websites. This could not only expose what websites the users visited, but allow the sniffer to take over user accounts.

All told, those privacy concerns are very real, and Google has repeated ad nauseum that this move is to keep in line with the Electronic Frontier Foundation’s HTTPS Everywhere initiative. But why block the referrer data? Do browsers really care that websites know what keywords they used to find their pagesWhy herald user privacy if you’re still selling it to paying customers?

While no one is arguing that secure search is an ignoble cause, the SEO community has railed against the implicit double standard that allows Google to hide this data from consumers who don’t pay for it as AdWords customers, completely shutting out third party retargeting services and other ad networks. In doing so, Google claims that search query data belongs to them and that they may sell it if they please. And we just have to deal with it.

A Forecast of the Referrer Encryption as Google Goes Social

While Google stands by its “single-digit impact” projection, other stirrings in the ‘plex could see that figure rise over time. As the web becomes more social, Google has been repositioning itself accordingly.

Last week, Google co-founder Sergey Brin and SVP of social business Vic Gundotra announced that Google Apps will be integrated to Google+; previously, only personal Gmail accounts could subscribe to a Google+ identity.

“We’re transforming Google itself into a social destination,” said Gundotra, one of the architects of the plan to create a social context for all of Google’s web products.

Recent rollouts to Google Reader shed features like internal friending and sharing and re-introduced those utilities exclusively through Google+, and Blogger is going in the same direction. Google Music Beta promises yet another music-sharing service, targeting Facebook and Apple’s recent efforts in the same sphere.

While some social products, such as Wave and Buzz, are being phased out, others are on the way. Steven Levy’s article informative and in-depth article on the summer Google+ launch revealed thatGoogle has “well over 100 [social product] launches on its calendar.”

Granted, it’s easy to scoff at some of Google’s less-refined social attempts, but the Internet is evolving towards a people-centric climate, as opposed to the information-centric atmosphere that gave rise to Google and other search engine powerhouses. According to Gundotra, the search giant now is reacting to that transition by seeking to “make Google+ a social layer on top of everything Google offers.”

In fact, social is so crucial to Google’s future that when Larry Page took up the mantle of CEO at Google, he hard-wired the success of social products into Google’s mainframe, going so far as to tether 25% of every Google employee’s annual bonus to the success of its social products.

Are we starting to see the big picture?

Encrypted Referrer Data + Google’s Social Expansion = the Perfect Storm

One of the brilliant Facebook successes was the widespread application of its API that allowed users to sign in with other services, “like” content even when they weren’t on Facebook, and share content without going back to the site itself. In this way, Facebook made it more convenient and advantageous for users to stay logged in throughout the day. The Google+ API was unveiled a little more a month ago for publicly shared data only, so we should start seeing more extensive use of that in the next few months.


Similarly, the impact of mobile users who utilize Gmail or Google+ on their phone cannot be overstated. As more people use their phones to search and browse, we can expect to see that a substantial percentage of queries affected by the encryption will be those coming from mobile users.

In the same turn, the trajectory of Google’s social products indicates that more and more users are going to be “logged-in” to Google’s “social layer” – and that means more and more users will be forcibly funneled to Google’s SSL version.

As Google goes social, the number of (not provided) entries in web analytics is bound to increase, long after the SEO community has accepted the change as par for the course.

So while webmasters and SEO-ers may be seeing only single-digit impacts right now, it’s important to be mindful of why those numbers are currently so low and ask ourselves whether or not those figures will increase. My prediction is yes, absolutely. How much? Well, I’m not going to risk opining on that figure, but SEO-ers and web content services providers should carefully monitor the impact of the switch in their analytics.

As social becomes the norm, more and more users will be logged-in, providing valuable data to only those who pay for it. In the meanwhile, we encourage you to monitor the percentage of search referrals that are affected by this switch to prepare yourself if Google implements this change on a broader scale or how the increase of logged-in users over time is going to impact your data.