Google’s latest secure search update, in perspective

In the world of digital, the theme for the past week was all about security, with Google announcing it will extend its Secure Sockets Layer (SSL) encryption to paid searches, something which has previously been in place for organic search. This story broke with the usual mix of sensationalism, excitement and irrational fear. Here is my two cents on what this all means.  


What is SSL?

Many internet services use what are known as Secure Sockets Layer (SSL) connections to encrypt information that travels between your computer and their service. This is usually recognisable by a web address starting with ‘https’ or a browser lock icon, and is commonly used by online banking sites and ecommerce websites. Other sites will use it to protect your passwords when you enter your login information and it essentially hides that data from third parties.


Google’s secure search

By way of background to Google’s latest secure search announcement and a quick history lesson:

In May 2010, Google announce encrypted Google web search as an option on via In Google Analytics, users would be greeted with a ‘(not provided)’ in place of where there used to be keywords for the searchers that used this option.

In October 2011, Google announced that if a user is signed into a Google account, any search performed will be done on an SSL and will no longer pass the search term referrer data.

In September 2013, another announcement from Google that all searches would now be made encrypted using HTTPS. That meant that no keyword data would be passed to site owners or be viewable in analytics platforms, including Google Analytics. Publishers and SEO professionals found it harder to understand which search terms brought users to their sites from organic search (pretty useful information to know).

However, this information was still available for searches that resulted in a paid click on AdWords.


Now, in April 2014, rumours started circulating last week that Google was going to restrict access to paid search keyword data for all third-party providers, leaving marketers, analytics platforms and bid-management technologies in the dark on the performance of managed paid keywords. However, this is not the case.

Paid search query data will no longer be appended to referral URLs and won’t be passed to analytics or other software other than AdWords. The important thing to note here is the difference between a query and a keyword. Queries are what a user typed in before clicking on an ad. Keywords are the terms that advertisers select to bid on. The two are not the same thing.

You can still view keyword data as you could before in all analytics and search management platforms. In short, this change is not going to be problematic to those with a vested interest in paid search.

The query data is still available in AdWords and can be passed to trusted third parties via the AdWords API. However, analytics software that was accessing paid search query data without going through the AdWords API will now not be able to view this.


Privacy and security are the biggest single threat to Google

Nearly everyone involved in digital media, myself included, saw these updates as a deliberate disruption to the search ecosystem.

SEO professionals lost a major data asset to report and optimise on, making it harder to second-guess how to drive traffic for free on Google and in turn lead to a heavier reliance on paid media on Google – deepening Google’s pockets as a result.

Also, much of Google’s valuable first party data would remain within Google, further strengthening its monopoly.

However, the past week has also revealed the so-called ‘Heartbleed’ security flaw. This potentially crippling security bug for the internet was made public last week, but has been in existence for several years now.

System administrators have been scrambling desperately to patch up one implementation of the TLS/SSL security protocol called ‘OpenSSL’ to ensure that their version is the new and up-to-date one. The flaw puts every piece of communication between a user and a server that uses OpenSSL at the risk of being exposed to a third party. A hacker can act as a server to request data directly from a user, and vice versa.

Two out of every three servers around the world use this encryption technique as their security.

When you consider the potential damage that these types of security breaches can have on ecommerce, the levels of confidence and future investment in online, privacy and security are the biggest single threat to Google – way ahead of free organic clicks over paid ones.

Google has the search market pretty much sewn up with dominant global market share and a wonderfully simple and scalable business model of matching up relevant paid ad placements with user searches. Paid advertising still makes up 97% of Google’s revenue.

If its core offering in search is seen to be a security black hole, then users will think twice about using Google as the default tool to navigate the internet. However, as long as people continue to search on Google, it will always make money here.

To view the secure search updates by Google as a ploy to increase revenues is short-sighted. Search is its core product and the focus will be on ensuring that this continues to be market leading. A secure internet is good for Google and all its users.


Jonathan Keane
BY Jonathan Keane ON 15 April 2014
Jonathan Keane is in charge of account and product development at Agency M. With over six years’ experience in digital media, Jonathan has worked on award-winning campaigns for some of the biggest agencies in London and Sydney. His passion lies in connecting human behaviour with the online advertising world through the use of data and market leading technology solutions. Outside of work, his focus is on family, friends, travel, food and sport.