Yahoo has now joined Google in making all searches people do automatically go through a secure server, to help prevent eavesdropping by outsiders. Unlike Google, however, Yahoo has failed to make an important change to how “referrer” data is passed along, which will result in people thinking Yahoo Search has suddenly dropped in popularity.
Yahoo.com Goes Secure
The switch only seems to be happening on Yahoo.com, not on other Yahoo properties I’ve checked like Yahoo UK, Yahoo Germany, Yahoo France or Yahoo Japan. Yahoo did confirm to us that the switch happened but didn’t clarify on exactly which Yahoo properties, though we specifically asked.
Rather, Yahoo said the rollout was on-going and part of plans announced at the end of last year:
As announced in November 2013, Yahoo is moving towards using https as the default for searches. We are currently in the process of rolling this out. [Our] Tumblr post [about it].
The post doesn’t specifically talk about Yahoo Search going secure. It says that all Yahoo products will be made more secure (so that would include search), but then goes on to say that users would be given an option to encrypt data. With Yahoo’s search change, no option is given. It’s been made secure by default — which for users, is generally a good thing. Few tend to change defaults.
Yahoo did say that all its properties should see a similar change by March 31, 2014:
Yahoo will encrypt all information that moves between our data centers and offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014. This effort will extend to all of our properties.
Yahoo didn’t say when exactly the change happened, but we were tipped to it by a reader yesterday as it being fairly recent. The Washington Post noted that Yahoo confirmed its email services would move to secure servers on January 8, so perhaps search was changed at the same time or near to it.
What Secure Search Means For Consumers
By going to secure search, Yahoo is sending all queries through a secure server, one that can’t easily be eavesdropped on by outsiders, such government agencies like the NSA or private third-parties.
You can see the change happen because if you go to http://yahoo.com (the http:// prefix representing an ordinary, unsecure server), after doing a search, you’ll see that the URL has changed to https:// (representing that a secure server was used to process the search and send results to you).
The change, as explained, should help prevent eavesdropping of searches, which can individually be sensitive but are far more a concern if someone can intercept a series of them and construct a profile of what a particular person has been searching for.
What Search Search Means For Marketers
The move to secure search also means that Yahoo no longer passes along “referrer” data that tells web sites the terms they were found for, in most cases. Think of referrer data as a “caller ID” for the web. In the past, if someone searched on Yahoo, then clicked on one of the listings, the destination site would be told that a search was done on Yahoo and the terms that were used to find them.
For example, if someone searched on Yahoo for “books” and clicked on a listing for Amazon, Amazon would be able to tell that it received a visitor from Yahoo and that the visitor searched for the word “books.”
With the change, this no longer happens. Yahoo is sending no referrer data at all from its secure server to unsecure sites (which are most sites out there). This means marketers who are getting traffic from Yahoo won’t know this at all. They’ll instead see a plunge in traffic coming from Yahoo and a rise in traffic from “direct” visitors.
One site, Marketing Champu, has already noted a drop in its logs. Many more sites will be noticing this going forward.
See our related story on Search Engine Land for more about this:
FYI, for those who run secure servers, it does appear Yahoo is following standard protocol and passing referrers to those. We’re double-checking with Yahoo about this.
How Yahoo Is Screwing Up Its Popularity, Unlike Google
As said above, Google also went to secure search by default, back in September, as our story below explains:
However, publishers did not find that as a result, Google was suddenly dropping in popularity. The reason is that Google purposely has made changes so that it passes along some referrer information — enough that people know that a search happened on Google — but not the actual search term itself.
As a result, Google continues to be accurately measured by marketers in terms of how much aggregate traffic it sends them, even if they are left in the dark about the exact terms used.
Why didn’t Yahoo do the same? My guess is Yahoo didn’t even think about it. But when asked about the lack of referrer data and how that may impact Yahoo’s apparently popularity, the company said:
As the rollout is not complete, we aren’t able to comment yet on this.
The Loopholes In Google’s Protection
Actually, there is one case where Google keeps transmitting search term data in the clear, not through any secure method. That’s for its advertisers.
Google purposely left a loophole in its security so that so that advertising terms continue to be passed on. It also left loopholes so that individual terms continue to be passed on within its Google Webmaster Tools service. Both mean that Google’s secure search isn’t as secure as it could be, but Google seems happy with that trade-off. More about this below:
- The Questions Google Refuses To Answer About Search Privacy
- How Google could have made the Web secure and failed — again
What About Bing?
You may have heard that Bing has gone to secure search this month, too. That’s not quite correct. Earlier this month, Bing made a secure version of its search service available for anyone who wants to use it. But if you don’t use it, then searches continue to be unsecure. The default has not changed to use secure search, as it the case with Google and Yahoo.
Our story below has more about this:
Most Secure: Yahoo, Then Google
Overall, the rundown is like this:
- Yahoo: secure search by default, no search terms passed, no referrers passed, except for advertisers
- Google: secure search by default, search terms passed to advertisers or through Google’s publisher tools
- Bing: search search optional, no search terms passed, no referrers passed
Yahoo appears to provide the most security for searchers because by default it is passing no information along at all, not even individual terms. It might. however, be passing ad clicks. We’re checking further on that.
Postscript: Yahoo tells us that it is providing full referrers to advertisers.
Google provides great security by default to prevent eavesdropping in order to build a search profile of someone, but it provides no real security when it comes to the privacy of individual terms.
Bing provides security, but only for those who seek it out.
See also our Search Engine Land for more about Yahoo’s change and its impact on analytics: