It appears to be incoming search terms for a webstie that has the ExtremeTracking service installed. So it's not really that it's public, it's more that the incoming search terms are just saved along with personal identifying information (ISP/IP) etc.
Website states:
"Adding the tracker to your site is not complicated. If you are familiar with HTML-editing just copy and paste the tracker code into the source of your pages and you are ready. The tracker code can also be handled fine with WYSIWYG editors and content management systems, scripts and blogs. You can use one and the same code for all your pages or the more advanced code to report groups of pages, it is all possible. We will be happy to help you through. At your My Account you find all your tracker details and setup instructions clearly explained as well as your personal code-checker to check if you have copied your code correctly."
Just to be clear, this has been happening since Google started when sites would just leave their incoming traffic logs available for indexing. Referrer spam exists specifically to glean value from this. What is interesting is that the whole "big data" thing is really about connecting pre-existing dots like this into valuable information. The privacy reaction (like in this article) are to lock all the doors and bar the windows. But a lot of this data is already out there and it's only going to spread further.
I just got an email from LinkedIn that someone I used to know looked at my profile. Does they mean this person wanted me to know that? Certainly not, but it's possible to track and beneficial for LinkedIn, so now I know.
I worry for the openness of the web (via over-reaction) just as much as these emergent privacy issues. There are no easy answers here.
Ah. Thank you for finally letting me realize the point of referrer spam (I've never left logs lying around in Net-accessible places and it boggles the mind that anybody would - bandwidth consumption if no other reason...)
In late 2011 Google started stripping the search term from the HTTP referrer [1] that is passed on to the site for some searches (depending on where you are and whether you are logged in).
Since then the number of searches affected by this has steadily increased [2], so this sort of tracking is going to become less and less of a concern.
Is there a more authoritative source? This article comes off very heavily as "Here's some FUD. Oh by the way, our product just so happens to alleviate the problem that we just pointed out."
Referral data has been available since the beginning of Google. You get the referrer, extract the search terms of the URL and link it to the visiting IP.
This doesn't show up if you're using HTTPS search. The URL is encrypted and the terms can't be extracted IIRC.
So, the only problem is a tracker (which I never heard of) giving out that referral data. And it's publicized by a site who ends up promoting its VPN (and not mentioning the HTTPS solution).
HTTPS doesn't pass the referrer to non-HTTP sites, but will to HTTPS sites. What Google does on top of that, I don't know. They could easily bounce you through an HTTP redirect that does pass the search terms.
Only if you're not signed in to Google. If you are, Google no longer sends your search terms to the website when you click.
Ironically, people in incognito mode do not want to be tracked, but via this method, are much easier to track in terms of matching IP addresses to search terms.
When Google first came out and said they would default to secure search, the SEO industry got pretty heated. They initially said it would affect queries "in the single digits". This number has grown much higher, with most people reporting 20-60% of traffic showing up in their analytics as "not provided".
While most SEOs said this was monopolistic behavior by Google, attempting to take more market share from other ad networks (when you can't extract the keyword from the referring URL, it's harder to provide relevant ads), this is an example of secure search actually being quite useful.
That said, it makes us all the more reliant on Google for more and more. There's definitely no easy answer here.
I've been using a Firefox addon called RefControl for a long time now. It forges the referer header to be the root of the website that you're on. I've never noticed a problem caused by this.
We could turn off HTTP referers tomorrow, and the number of sites it would break would be tiny, whilst the benefits to the general public regarding privacy would be humongous
This wont happen, because the major browser vendors make money from advertising and tracking. You think Google would do this for Chrome? Microsoft for IE?
It makes no sense that your browser should by default tell websites that you visit where you came from. If referers didn't already exist, and Google came along and added them today to Chrome or Microsoft added them to IE, the level of protest would be epic.
Extremetracking == the same as Google analytics + IP addresses tracking + more detailed info per visitor's IP
Extremetracking offers free tracking - which offers free .js tracking widget for site. The problem with "free" tracking is that it exposes all your visitors + all their search terms + all their referrers to the whole world - which is what this article found out.
I bought Pro for 1 month to see if I can squeeze any more business out of that compare to Google analytics.
Unfortunately it does not offer visitor cross-reference data (what other sites given visitor visited).
Nothing to do with SEO.
I can see that extreme's tracking screen is much more convenient that Google analytics and allows to quickly dive into specific visitor's history.
The bottom line to discover - does this tool allows to deliver more business to customer
Agreed. The "flaw" they claim they have "discovered" is a browser feature, and an old one at that. I have problems with plenty of other Google features, but it's outrageous to blame Google for something one's browser does every time one clicks a link on any website anywhere.
If I am not mistaken, only the website you click on after searching will know the search term, so how does using a VPN protect you from this? For example, if I search for Yahoo and click on the Yahoo.com result, this rogue website(assuming Yahoo is not it) won't be able to access that search keyword from my IP.
Your true public IP address won't be disclosed if you're using a VPN as an intermediary. Sort of like private domain registrations; sure, there's an address to associate, but it's meaningless.
Of course, using a SSL connection to Google would be sufficient on this case, since that prevents the referrer from being included when you visit a search result.
With always-on routers usually being the DHCP lease recipient for residential broadband, even dynamic IP addresses are typically a lot more "sticky" than most people expect. Couple that with the location-specific info available via reverse DNS on residential IPs, and it doesn't take a vivid imagination to see how easily even a loosely correlated search history could be used against you when applying online for jobs, healthcare, credit, etc.
I would honestly be shocked if there aren't risk assessment departments (or entire companies) already specializing in applying techniques like that to filter resumes, bias interest rates, and raise premiums accordingly.
It appears to be incoming search terms for a webstie that has the ExtremeTracking service installed. So it's not really that it's public, it's more that the incoming search terms are just saved along with personal identifying information (ISP/IP) etc.
Website states: "Adding the tracker to your site is not complicated. If you are familiar with HTML-editing just copy and paste the tracker code into the source of your pages and you are ready. The tracker code can also be handled fine with WYSIWYG editors and content management systems, scripts and blogs. You can use one and the same code for all your pages or the more advanced code to report groups of pages, it is all possible. We will be happy to help you through. At your My Account you find all your tracker details and setup instructions clearly explained as well as your personal code-checker to check if you have copied your code correctly."