When sharing Google links, make sure you check the url for leaks first
Have you ever shared links to Google Search results before? If you have, you may have noticed that the url pointing to the search results page contains several other parameters besides the search string.
While the search string is a given, since it indicates the page you want to share, all remaining parameters are not. In fact, none of the parameters is required to open the page.
Usually, that is not a big problem even though it may leak some information about the system you are using or the search itself. For instance, it may indicate the browser that you are using, or whether Safe Search is on or off.
Take a look at the following search query that I copied after running two searches in succession on Google:
Notice anything in particular about it? Right, it does not only list the first search that you have conducted, but also the search before that.
My first search was for Star Wars, the second for Star Trek, and both search queries are in the url. This is a big issue as you may leak information to others that you may not want to reveal to them depending on the first search you have conducted.
Good news is that Google does not append the previous search string to all current searches. It happens however when you search first using the browser's address bar, e.g. the one in Chrome, and then run a second search using the search form that is displayed on the search results page.
I have tested the behavior in several browsers including Chrome and Microsoft Edge, and it is replicated across all of them.
The leak can have serious privacy implications depending on the first search you have conducted and the people you share the link with.
You have two options to avoid the scenario altogether.
- Always audit the url before you share it. You may remove everything in it after the "?" with the exception of the "q=searchstring" parameter that is required to load the correct results page on Google.
- Never start searches from the address bar but open Google directly instead to run searches only once the site has loaded.
Actually, there is a third option, and that is to use another search engine that does not leak these information. I do use Startpage but there are others like DuckDuckGo that you may want to give a try. (via Jeremy Rubin)
When I search google from my search bar (I use an https google.com added via the “Add To Search Bar” extension) I get this:
If I then search from the search page I just brought up, that is, from the web page, the url never changes (I guess some hidden pref has locked this).
If I search from the search bar again, I get the same as the first time, but of course with different search parameters.
Basically, I only ever search from the search bar – I do not like google’s suggestions on the web page search form or that form monitoring my keystrokes (i’m just against it in principal, and I find it incredibly annoying – even though the tech is awesome and useful for most people). So, long story short … I never leak that kind of stuff, and I also never give people google search urls – I simply tell them to google it
I use the Pure URL add-on for Firefox: https://addons.mozilla.org/en-us/firefox/addon/pure-url/ There are a lot of other websites that add “garbage” fields to their URLs.
Thanks. I need listed add-on sites as that is the extent of my computer ability.
I don’t know if a similar extension exists for Chrome but with Firefox there is the ‘Clean Links’ add-on which not only handles redirections but also has a ‘Remove from links’ option that enables the add-on to remove specified “extras”
For instance Mozilla’s AOM site has the habit of adding ?src= or #id= when opening an add-on’s page from either AOM’s home-page or from a search. #id= apart, if this process doesn’t have privacy issues as with Google and several others, it remains painful when you’re bookmarking an add-on’s page : if you return to the bookmarked page in another way (hence, without the “extras”) you don’t notice the page had been bookmarked.
I already encounter so many privacy issues with Google on Firefox, so much to do to limit octopussy’s hunger, I just cannot imagine a Chrome’s nightmare. How can anyone use that browser?!
I made my own Google search string for Firefox: https://www.google.de/search?pws=0&q=test
pws=0: No personalized search
That way I have a clean Google search link, without tracking in the URL.
But if you click on links via Google Search, you get a redirect to a tracking URL of Google.
There’s also a way to fix that with Greasemonkey: https://greasyfork.org/de/scripts/568-direct-google
Sometimes when sharing Google Search results I directly copy the link to the actual website as opposed to directly linking
Then depending on the url parameter it may or may not redirect to the website or back to Google Search
I didn’t know that! Thank you, Martin for sharing this information with us.
That is truly creepy. I don’t want a corporation or business such as google to have this kind of information about me. I can think of many instances where this type of “leak” would be a security issue.