It has been a month since Google started to replace keyword data with ‘(not provided)’ for Google.com organic search traffic. SSL (secure sockets layer) search was released on October 18 for American users and was made the default option for every search done on Google.com. Since this change, keywords used in a search done with Google’s SSL search now appear as ‘(not provided)’ in all analytics packages, including Google’s own. Making SSL search the default for their users is the latest way that Google is incorporating the SSL encryption protocol with more of their services.

Currently Google’s SSL search only restricts what user generated data it passes on in a few ways. Keyword data won’t be passed on if:

• the user is using Google.com
• the user is currently logged in, or
• the user clicks on an organic link in the normal search results.

However, for searches performed through SSL search, keyword data will be passed on if:

• the user is not using Google.com
• not logged in, or
• clicks on a paid AdWords link in the normal search results

The amount of search traffic affected by this change seems to match the informal estimates of Matt Cutts, head of Google’s Web Spam team. Some online marketers are starting to report higher numbers within their own verticals – keywords appearing as ‘(not provided)’ mostly represent just a single digit percentage of organic search in the States, and even less for the rest of the world. In Australia, unless the site’s audience is from the USA or especially web savvy, it is rare to see more than 1% of keyword referrers returning as ‘(not provided)’. As more users remain logged in to use services such as Gmail, YouTube and Google+, the amount of keyword information that will be ‘(not provided)’ will only increase.

Losing sight of the customers

Keywords are far more revealing about what a visitor is trying to do, what their interests are and how they describe products or ideas. Segmenting traffic by the words they used to arrive on the site can reveal a lot about how effective a campaign is through changes in campaign terms, identifying returning customers through navigational terms like the use of brands and URLs as queries, and also the success or otherwise of search optimisation campaigns. There is a lot more that can be done with keyword data and search is an important part of any marketing mix. This is why Google implementing SSL search matters. ‘(not provided)’ does not differentiate between a search for a product or a brand, or a store location.

On the official Analytics blog, Google indicated that keyword data available in Google Analytics through Webmaster Tools won’t be affected by SSL search. This data is far more generalised and for sites that receive a reasonable amount of traffic, won’t display all data. This data also can’t be linked to user behaviour on the site and its utility is very limited. As SSL search accounts for a greater proportion of traffic, conversion optimisation and tracking the effectiveness of marketing campaigns will be harder and less reliable. Until the user clicks on a paid link.

Insecure security

In fact, Google’s SSL search isn’t really that. By implementing SSL search in such a way as to continue passing keyword referral information to AdWords users, Google had to ignore some standards, such as how referrer header information is passed between HTTPS and HTTP sites.

Reading referrer information is how analytics products like Google Analytics can determine where a visit came from and associate other information with the visitor such keywords from a search engine. Under current standards HTTP sites can pass this information to HTTP and HTTPS sites, but HTTPS sites can only pass this information to other HTTPS sites and this is all handled by the browser.

If SSL search was actually following these standards, as their first secure search option on https://encrypted.google.com still does, only other HTTPS sites would see the keywords the visitor used, while HTTP sites won’t, regardless of whether the link was paid or not.

SSL search as implemented by Google on https://www.google.com/ behaves differently. It does not matter if the destination site is HTTP or HTTPS. It is the type of link clicked that determines what happens to the keyword data, rather than whether the other site is secure.

End of free data and precise metrics?

Search engines have provided traffic and invaluable insights about customers for as long as they have existed. An appreciation of the value of this data has even begun to spread beyond the Internet silos within many companies.

SSL search is going to affect more traffic over time and marketing campaigns with an online element will just have to adapt. Segmenting campaign traffic through using social media touch points and microsites are all alternatives for tracking the effectiveness of some campaigns. Increased use of AdWords is another way to collect more data, as well as traffic. Monitoring which pages appear for which terms in search is also another way to segment visitors.

Google’s market share guarantees that SSL search will have a significant impact on search engine marketing. The popularity of services such as Gmail and Google Docs will encourage more people to remain signed in as they search and as SSL search is rolled out internationally, ‘(not provided)’ will account for even more traffic. Even with all its flaws and the issues surrounding its implementation, SSL is not going to go away.