When sharing Google links, make sure you check the url for leaks first

Martin Brinkmann
Oct 29, 2015
Updated • Jan 4, 2018
Companies, Google
|
7

Have you ever shared links to Google Search results before? If you have, you may have noticed that the url pointing to the search results page contains several other parameters besides the search string.

While the search string is a given, since it indicates the page you want to share, all remaining parameters are not. In fact, none of the parameters is required to open the page.

Usually, that is not a big problem even though it may leak some information about the system you are using or the search itself. For instance, it may indicate the browser that you are using, or whether Safe Search is on or off.

Take a look at the following search query that I copied after running two searches in succession on Google:

https://www.google.de/search?q=star+wars&oq=star+wars&aqs=chrome.0.69i59j69i60j69i61j69i60j69i64.2159j0j9&sourceid=chrome&es_sm=93&ie=UTF-8#safe=off&q=star+trek

Notice anything in particular about it? Right, it does not only list the first search that you have conducted, but also the search before that.

google search leak

My first search was for Star Wars, the second for Star Trek, and both search queries are in the url. This is a big issue as you may leak information to others that you may not want to reveal to them depending on the first search you have conducted.

Good news is that Google does not append the previous search string to all current searches. It happens however when you search first using the browser's address bar, e.g. the one in Chrome, and then run a second search using the search form that is displayed on the search results page.

I have tested the behavior in several browsers including Chrome and Microsoft Edge, and it is replicated across all of them.

The leak can have serious privacy implications depending on the first search you have conducted and the people you share the link with.

You have two options to avoid the scenario altogether.

  1. Always audit the url before you share it. You may remove everything in it after the "?" with the exception of the "q=searchstring" parameter that is required to load the correct results page on Google.
  2. Never start searches from the address bar but open Google directly instead to run searches only once the site has loaded.

Actually, there is a third option, and that is to use another search engine that does not leak these information. I do use Startpage but there are others like DuckDuckGo that you may want to give a try. (via Jeremy Rubin)

Summary
When sharing Google links, make sure you check the url for leaks first
Article Name
When sharing Google links, make sure you check the url for leaks first
Description
Before you share the link of a Google Search, you need to make sure that it does not contain information about your previous search.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Norio said on November 2, 2015 at 4:57 am
    Reply

    I didn’t know that! Thank you, Martin for sharing this information with us.
    That is truly creepy. I don’t want a corporation or business such as google to have this kind of information about me. I can think of many instances where this type of “leak” would be a security issue.

  2. James T. said on October 29, 2015 at 4:11 pm
    Reply

    Sometimes when sharing Google Search results I directly copy the link to the actual website as opposed to directly linking
    Then depending on the url parameter it may or may not redirect to the website or back to Google Search

  3. Albert said on October 29, 2015 at 3:04 pm
    Reply

    Hello,

    I made my own Google search string for Firefox: https://www.google.de/search?pws=0&q=test
    pws=0: No personalized search

    That way I have a clean Google search link, without tracking in the URL.

    But if you click on links via Google Search, you get a redirect to a tracking URL of Google.

    There’s also a way to fix that with Greasemonkey: https://greasyfork.org/de/scripts/568-direct-google

  4. Tom Hawack said on October 29, 2015 at 2:57 pm
    Reply

    I don’t know if a similar extension exists for Chrome but with Firefox there is the ‘Clean Links’ add-on which not only handles redirections but also has a ‘Remove from links’ option that enables the add-on to remove specified “extras”

    For instance Mozilla’s AOM site has the habit of adding ?src= or #id= when opening an add-on’s page from either AOM’s home-page or from a search. #id= apart, if this process doesn’t have privacy issues as with Google and several others, it remains painful when you’re bookmarking an add-on’s page : if you return to the bookmarked page in another way (hence, without the “extras”) you don’t notice the page had been bookmarked.

    I already encounter so many privacy issues with Google on Firefox, so much to do to limit octopussy’s hunger, I just cannot imagine a Chrome’s nightmare. How can anyone use that browser?!

  5. Chris Granger said on October 29, 2015 at 2:22 pm
    Reply

    I use the Pure URL add-on for Firefox: https://addons.mozilla.org/en-us/firefox/addon/pure-url/ There are a lot of other websites that add “garbage” fields to their URLs.

    1. tom2t said on October 29, 2015 at 7:08 pm
      Reply

      Thanks. I need listed add-on sites as that is the extent of my computer ability.

  6. Pants said on October 29, 2015 at 9:02 am
    Reply

    Heh.

    When I search google from my search bar (I use an https google.com added via the “Add To Search Bar” extension) I get this:
    [code]https://www.google.co.nz/search?hl=en&output=search&sclient=psy-ab&q=star+trek&btnG=&oq=&gs_l=&gws_rd=cr&ei=j9AxVuahJIGnmAWb9YOwCg[/code]

    If I then search from the search page I just brought up, that is, from the web page, the url never changes (I guess some hidden pref has locked this).

    If I search from the search bar again, I get the same as the first time, but of course with different search parameters.

    Basically, I only ever search from the search bar – I do not like google’s suggestions on the web page search form or that form monitoring my keystrokes (i’m just against it in principal, and I find it incredibly annoying – even though the tech is awesome and useful for most people). So, long story short … I never leak that kind of stuff, and I also never give people google search urls – I simply tell them to google it

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.