(I'm in all-day training today, so I can't participate on this thread much. Also, this is all my personal opinion.)<p>While Gabe's most recent post was a well-worded statement of his position, my guess is that Google's response was based on the billboard, which says "Google tracks you. We don't." On the website the billboard points to, Google employees are portrayed wearing ski masks and trying to spy on you. That does strike me as trying to a encourage a bit of fear?<p>This is a browser issue that's not specific to Google or even to search engines, but Google is the only company mentioned on donttrack.us until you get to the "more tools" section at the very bottom. Meanwhile, Google is the first (and only) large search engine to offer https to the best of my knowledge. It's a one-character addition to <a href="http://www.google.com" rel="nofollow">http://www.google.com</a> for anyone that feels strongly about this topic.
"The only reason I've heard to not prevent search leakage is that marketers use Referrer info to do better search engine optimization (SEO). But the information doesn't have to disappear, just the current mechanism of transferring the information in a personally identifiable way."<p>I struggle to see how this could work in a way that's a fraction as useful to webmasters as the current system. Sites that sell things like to tie keywords to conversions. They can learn, for example, that keyword X drives sales, but keyword Y doesn't, and assign resources accordingly. Online businesses become more efficient, and searchers get more of what they want. I think it's largely a good thing all round.<p>My respect goes to DuckDuckGo for coming up with a clever way to differentiate themselves from their competition. However, if the problem is that sites are inadvertently sharing keywords with third-party ad networks, then point the finger at those ad networks, not at Google. Blaming Google makes about as much sense as blaming Firefox, Safari, Internet Explorer and the web in general for sending referrers in the first place.
Referrers aren't passed on to all the elements loading on the page. If you click to nytimes.com from a Google search, the referrer is sent once in the HTTP request to nytimes.com and then your browser makes all the other required requests separately once it gets back the HTML page. When the ads are loaded they don't get your Google referrer, they'll either get nothing or a nytimes.com referrer. You can work around this with JS (which is how Google Analytics works), but it's completely unnecessary for the problems Gabe's talking about...<p>Referrers aren't needed for targeting. On that Gout example, Google knows you researched gout so they can target you with gout ads on sites that run AdSense or DoubleClick (which is a lot of ads). If you visited another site about gout that ran ads from a different network, then they too could target you. The referrer has nothing to do with it, it's what you're requesting.<p>If you don't want targeted advertisements, it's far more effective to use adblock or modify your /etc/hosts file than it is to use DDG.
"It's unfortunate that DuckDuckGo is preying on people's fears and offering incomplete information in order to garner attention," a company spokeswoman said in an e-mailed statement.<p>It really is impressive that you're on their radar enough to warrant a reaction like that.
Constantly attacking Google over something the vast majority of users don't care about seems like a bad idea.<p>I was ready to try duckduckgo if it could give me the results I wanted (Despite the hugely irritating UI and infinite scroll).<p>But the constant attacking Google seems bad business to me. It <i>IS</i> FUD. Google doesn't track you. Your browser sends a referer header, which it has done since the dawn of time. Who cares?<p>flagged.<p>I think you're going to lose a lot of goodwill Gabriel.
If you don't want to wait for other people to fix this, there is a handy Firefox addon called No Referrer. It can block referers selectively, either when you click a link on a certain URL, or when you click a link that points to a certain URL. It uses regular expressions so it should be flexible enough.<p>It also blocks referers being sent from localhost/local URLs. I would be interested in trying out an option that only allows referers to be send to the same domain or its subdomains. The interesting part is seeing how many things that option would break.<p>EDIT: Forgot the link.<p><a href="https://addons.mozilla.org/en-US/firefox/addon/no-referrer-misspelled-referer/" rel="nofollow">https://addons.mozilla.org/en-US/firefox/addon/no-referrer-m...</a>
If you care about search leakage, turn the Referer header off in your browser. Problem solved. Why is it any website's job to change the way HTTP is designed to work?
<a href="https://encrypted.google.com" rel="nofollow">https://encrypted.google.com</a><p>SSL pages prevent referer headers from being sent.<p>Easy.<p>The country specific pages dont have equivalents, so no encrypted.google.co.uk, but you can get the same effect using the gl parameter in the URL, so the url for a UK search would be:<p><a href="https://encrypted.google.com/search?gl=uk&q=foo" rel="nofollow">https://encrypted.google.com/search?gl=uk&q=foo</a><p>Get your list of valid country codes here: <a href="http://www.google.com/cse/docs/resultsxml.html#countryCodes" rel="nofollow">http://www.google.com/cse/docs/resultsxml.html#countryCodes</a>
Perhaps I'm not thinking malevolently enough, but in what situation would the search terms that I used be enough to invade my privacy? Presumably, the content of the site is related to whatever you searched for (otherwise you wouldn't click on the link).<p>If you are willing to click the link and go to the site, the site will most likely have some idea of why you are there, and what you are interested in, regardless of the referrer headers (because, you know, the site is hosting the content that you are reading).<p>It seems that if I am willing to visit the site at all, I should also be willing to disclose trivial information like this. So I'm not sure why I should care.<p>Saying that this is not disclosed also seems a little disingenuous. Referrer headers are pretty standard. If you have a problem with Google doing this, you also have a problem with pretty much every other site that uses hyper-links. It seems that there is a lot of useful semantic information that could be gathered by being able to identify which documents reference your document. Eliminating referrer headers seems like it would be a net loss (pun not intended).
In Gabriel's defense, I'd say there's something very antithetical between FUD and a detailed description on how to fix the (alleged) problem. I don't know of any other FUD campaign in which a simple solution was provided -- one which won't directly benefit the entity raising the objection. It's Google, et al.'s decision which way they want to go -- whether they take his advice or ignore it.<p>But one could excuse the billboard potentially to a person trying to highlight that this is a big issue. But again, this seems quite different from an incumbent that is trying to cast doubt via obfuscation, which has usually been the case in FUD...
Also posted on site:<p>I agree that the amount of information a well-tagged website can collect on users is frightening, but I don't think that stripping search keyword data from the referrer is the solution. I think Gabriel is going after the wrong thing.<p>Here's why:
A good Search Engine will never send a user to a page that isn't textually relevant to the search they entered. In 99.9% of cases, the text they entered is ON the page they hit. So if a user searches for: [SOMETHING CREEPY] they will be hitting a page that already has [SOMETHING CREEPY] published.<p>To put it another way: "Your Keyword data is never going to give a website something it didn't already have. It's just going to reveal what pieces of its content are of interest to you."
The author is singling out out one company and saying they should be doing things differently than the rest of the web, because of what 3rd parties can do as a result. Why not go after the advertisers if they are the real miscreants? FUD!<p>There is absolutely no reason that Google should break the web to pacify this guy.
While I appreciate that DDG would want to differentiate itself from its competition, if the actual goal is improving user privacy on the internet I don't understand why this is being treated as a Google issue rather than a browser one. Google is an important site, but just one site of many. Wouldn't it make more sense to try to convince browser makers to have HTTP_REFERER turned off by default, either in entirety or for cross-site purposes?<p>It also seems worth noting that if for some reason you wish to continue using Google instead of DDG, and if you are concerned about the potential privacy issues, you can already change your browser not to send the referer header:<p><a href="http://kb.mozillazine.org/Network.http.sendRefererHeader" rel="nofollow">http://kb.mozillazine.org/Network.http.sendRefererHeader</a><p><a href="https://chrome.google.com/extensions/detail/dkpkjedlegmelkogpgamcaemgbanohip" rel="nofollow">https://chrome.google.com/extensions/detail/dkpkjedlegmelkog...</a>
Even if search engines stop sending keywords in referral data, the ad networks and webmasters will still be able to piece together your browsing history. Every day there is less and less anonymity on the web, and for the most part people are ok with it. Ten years ago very few people would willingly use their real name online. Facebook changed that.<p>The web as we know it has been built on the assumption that search engines pass along keywords in referrer data. Changing this would have a significant negative impact on a lot of businesses. Considering that most users don't really seem to care about privacy, at least if you judge by actions and not what they say, I don't see why a company like Google would ever stop sending along keyword data to webmasters. They'll piss off webmasters who buy ads from them, and it won't help them increase their share of the search market.
There aren't enough people at the FTC to read the complaints that would flood in if Google changed this and Google Analytics became the only tracking platform that could do SEO keyword analysis.
I don't feel qualified to say whether this is FUD or not, but it certainly imposed some fear on me. I don't know what a Gout is and now I'm afraid to search for it.