The latest edition of Mozilla Firefox protects Google search queries from hackers, but not from advertisers.
Basically, Google has designed its HTTPS encryption feature to encrypt your search query under most circumstances…just not if you click on an ad that appears on your search results page. Google explains that when you click on a search result from its HTTPS site, your search terms are encrypted and not sent to the target site.
But it’s different when you click on an ad.
“If you click on an ad on the results page, your browser will send an unencrypted referrer that includes your query to the advertiser’s site,” Google writes on its Inside Search page.
This exception has been made to make advertisers happy: Google likes to equate advertiser satisfaction with customer satisfaction.
“This provides a mechanism to the advertiser so that the advertiser can improve the relevancy of the ads that are presented to you,” Google writes.
School network administrators can also get around the HTTPS protection, according to Google.
“If your network administrator has redirected you to a NoSSLSearch configuration that we have for schools…your query may not be encrypted, because you have been redirected to a non-encrypted HTTP session,” Google writes.
Mozilla touts Firefox 14’s new search encryption feature on its blog.
“We automatically make your Google searches secure in Firefox to protect your data from prying eyes, like network administrators when you use public or shared WiFi networks,” Mozilla wrote in a blog post.
However, search engine guru Danny Sullivan from Search Engine Land disagrees—Sullivan claims that unencrypted search queries will still “leak” out.
“When Firefox makes use of SSL Search, you’re still allowing all those advertisers to see the search data that supposedly is too sensitive to leak out to non-advertisers,” Sullivan wrote in a blog post. “If you really wanted to make SSL Search as Google could have—and should have—made it, then Firefox would stop passing referrers.”
Asa Dotzler, community coordinator for Firefox marketing projects, disagrees with Sullivan and claims that he’s “missed the point.”
“Danny, you misunderstood what SSL search is trying to accomplish,” Dotzler wrote in a comment over at The Verge. “We’ve made the connection between the user and Google secure from snooping. That’s what SSL does and that’s why we’ve implemented it. Google can do what ever it wants with the data once it gets it, but the bad guys sniffing your wi-fi connection cannot get at your information.”
In other words, Firefox 14 makes your data safe from the “bad guys,” but not from Google—who turns it right on over to advertisers.