
Search leakage is not FUD. Google et al., please fix it. - bjplink
http://www.gabrielweinberg.com/blog/2011/01/search-leakage-is-not-fud-google-et-al-please-fix-it.html
======
Matt_Cutts
(I'm in all-day training today, so I can't participate on this thread much.
Also, this is all my personal opinion.)

While Gabe's most recent post was a well-worded statement of his position, my
guess is that Google's response was based on the billboard, which says "Google
tracks you. We don't." On the website the billboard points to, Google
employees are portrayed wearing ski masks and trying to spy on you. That does
strike me as trying to a encourage a bit of fear?

This is a browser issue that's not specific to Google or even to search
engines, but Google is the only company mentioned on donttrack.us until you
get to the "more tools" section at the very bottom. Meanwhile, Google is the
first (and only) large search engine to offer https to the best of my
knowledge. It's a one-character addition to <http://www.google.com> for anyone
that feels strongly about this topic.

~~~
coderdude
Keep fighting the good fight. I've been annoyed by this DDG campaign since
they debuted donttrack.us. Google never took the low road in order to gain
market share and I don't see why DDG feels the need to spread FUD. Gabriel is
incredibly fortunate to have received a warm welcoming and avid following from
the developer community, but he is squandering that good fortune by engaging
in what is essentially a smear campaign that many of us see right through. He
should stick to what makes people want to use a search engine in the first
place: Outstanding search results.

~~~
ellyagg
Uh, Gabriel made a point by point analysis of the issue, and your response is
"fud" and "many of us see right through"? Can you please stick to responding
to the issue and not engaging in your own contentless smear?

~~~
seanalltogether
Gabriel has been avoiding the 2 most important points though.

1\. Most of this is theoretical

2\. Theoretically advertisers can build profiles of you based on the web pages
you visit anyway. Referer leakage or not

~~~
benologist
The only part that's theoretical is the extent we're being tracked online but
there's plenty to suggest it's "as much as possible".

\- Google's targets ads based on your browsing history - that could include
Search, Analytics, AdSense, DoubleClick, and a whole ton of other data they
have and collect. [1]

Rapleaf tracks so much that it's actually "a challenge" not to identify
people. [2]

QuantCast settled for $2.4 million for making sure their precious tracking
cookies were recreated if you delete them. [3]

Facebook just tried to give apps your fricking phone number and address. [4]

Google and their referral leaking is not really "the bad guy" in all of this -
there's no bad guy, just a bunch of companies consuming and analyzing as much
data as they can get their hands on.

It's not evil, but is it _necessary_?

[1] [http://googleblog.blogspot.com/2009/03/making-ads-more-
inter...](http://googleblog.blogspot.com/2009/03/making-ads-more-
interesting.html)

[2] <http://blog.rapleaf.com/dev/2010/07/20/anonymouse/>

[3] [http://www.wired.com/epicenter/2010/12/zombie-cookie-
settlem...](http://www.wired.com/epicenter/2010/12/zombie-cookie-settlement/)

[4]
[http://technolog.msnbc.msn.com/_news/2011/01/18/5868697-face...](http://technolog.msnbc.msn.com/_news/2011/01/18/5868697-facebook-
wont-share-phone-numbers-addresses-for-now)

~~~
iamelgringo
_It's not evil, but is it necessary?_

Gathering all this data is necessary and essential for any company who's
primary product is their users personal information. (see: Google, Facebook,
et al..)

And, corporations being what they are, people within that corporation will
optimize to try and make as much money as possible off of that information,
because it is in the corporations best interest.

~~~
benologist
"More money" for _them_ doesn't make it necessary for any of _us_.

~~~
coderdude
It does if you feel like using their services for _free_. Otherwise, feel free
to opt-out entirely by not using their resources.

~~~
benologist
You don't need to use Google services to be profiled - their ads and analytics
are virtually everywhere.

~~~
coderdude
If you don't use any of Google's services which tie an account to you then
they aren't tracking you. They are tracking a browser session and once that
cookie expires the trail stops. Even if the cookie never expires, Google
doesn't know who you are.

~~~
benologist
You don't need an account to be tracked efficiently - if that was the case
Google would be screwed since most people don't use them beyond search.

~~~
coderdude
I'm starting to think we're arguing over something entirely different. Maybe
some over-stuffing of phrases. I'm talking about Google knowing that I, James
Simmons, uniquely identified individual, am searching for [something
undesirable to have others know about]. I don't personally care either way
really, because I've given them this information. Are we talking about the
same thing or are you just talking about Google knowing from site A to site B
that your browser's owner likes Korean pop music and chocolate cake mix?

~~~
benologist
My argument or question is why does Google (and not specifically Google,
plenty of others) _need_ to know all of that stuff?

You or the other guy mentioned "to make money" which is imo a really weak
defense - we wouldn't accept that from anyone who kills, prostitutes, sells
drugs, smuggles immigrants, or even legal-but-tasteless stuff like RIAA
lawyer.

The data they gather is probably almost always "I like x music" or other
innocuous stuff. But it's not always. What if you're searching about a rash on
your junk (Google Search), or clocking up lots of views on bondage stuff on
RedTube (Google Analytics), or you were browsing a forum for suicidal people
and clicked a link to a site that had AdSense? Or pirating a ton of stuff?

Google and god knows who else has a lot of deeply personal information that
"making money" doesn't justify - we say, search and browse _very_ intimate
stuff on the web, and we don't even know who it's being shared with.

My stance is most of it is just none of their business, even if they've chosen
to _build_ a business around it. Although I'm singling out Google they're just
the easiest example.

~~~
coderdude
>My argument or question is why does Google (and not specifically Google,
plenty of others) need to know all of that stuff?

Alright, but do you assume that they know it is _you_? By name, by your
identity? If not then why do you care if they know your user-agent likes
bondage? Are you worried about seeing ads for bondage movies while you're not
searching for bondage, while perhaps someone is looking over your shoulder?

>we wouldn't accept that from anyone who kills, prostitutes, sells drugs,
smuggles immigrants, or even legal-but-tasteless stuff like RIAA lawyer.

I've noticed something about people arguing on your side of the fence. They
keep dragging in ridiculous extremes to try and prove their point; Comparing
those extremes to Google (or whoever) knowing information about you. Another
guy in here was comparing this to being watched in your home with video
cameras against your own will.

>Google and god knows who else has a lot of deeply personal information that
"making money" doesn't justify

So stop giving it to them. They won't know who is searching this information
unless you link your identity to an account and therefore enable them to link
it to your human identity. As for whether or not it's justified I think is
subjective. It's a moral issue and it's entirely subjective.

>we say, search and browse _very_ intimate stuff on the web, and we don't even
know who it's being shared with.

There was a time when you could search and browse anything on the Web without
the repercussion of someone else finding out about it. But that era is over.
No amount of arguing this fact will bring it back. In the Web of 2011 and
beyond if you search for bondage videos and you are logged into your Google
account then Google will have a way to map it to you. If you don't log in,
don't create an account, then they won't. It's that simple.

In the Web of today, if you search for it, you just have to be aware that
people have the technological means to know about it and there is no good
reason for them to not want to know about this information. It helps them make
the decisions they need to make to generate more money -- the entire purpose
of a business. No altruistic causes here.

~~~
andrewcooke
>In the Web of 2011 and beyond if you search for bondage videos and you are
logged into your Google account then Google will have a way to map it to you.
If you don't log in, don't create an account, then they won't. It's that
simple.

No it's not. They're likely going to track IP addresses and make assumptions
there. And even if limited IPv4 addresses give some protection for a while,
browsers can be fingerprinted.

I'm sorry, but people like you are way too complacent. People like us know a
little history. Things can get nasty.

~~~
coderdude
>No it's not. They're likely going to track IP addresses and make assumptions
there.

So? Unless Google is getting direct data from ISPs and requesting personal
information about your identity from them then your IP address is just as
useless to them as it is to me for linking your tastes to your human identity.
Browser fingerprinting, in the Panopticlick sense, is just as useless to that
end. At Google's scale the Panopticlick method doesn't even work because of
how many people they come across. Once the number of browsers that match your
"fingerprint" is > 1 it becomes useless to them.

>I'm sorry, but people like you are way too complacent.

I'm not complacent, I just know what I'm talking about. Take the tin-foil hat
off.

>People like us know a little history. Things can get nasty.

You are so full yourself. You have no idea what you're talking about.

~~~
benologist
[http://online.wsj.com/article/SB1000142405270230441050457556...](http://online.wsj.com/article/SB10001424052702304410504575560243259416072.html)

~~~
coderdude
You could at least add some commentary to your comment. I've read that article
and I don't see the implications to our discussion here. They linked together
all the information that women (and everyone else) put out there for others to
scrape. That is not the same as the keyword/referrers/logged into Google
argument that we are having.

~~~
benologist
Just thought I'd show you how identifiable you really are, without your
knowledge or consent or even knowing who the companies tracking you are.

And it's exactly the same as what we're discussing - Rapleaf was even one of
the companies I specifically mentioned earlier. These companies don't look at
any single piece of data individually, they collate as much as they can and
the result is ... what I linked to.

Referrers and search terms are just two _easily ended_ streams of data.

~~~
coderdude
Yes, you are correct. It is very easy to link all this data together to create
a profile about a person. They probably have more data about each of us than
any of us realizes. I think even I might be surprised by how much a company
like Rapleaf has put together about me.

------
bromley
"The only reason I've heard to not prevent search leakage is that marketers
use Referrer info to do better search engine optimization (SEO). But the
information doesn't have to disappear, just the current mechanism of
transferring the information in a personally identifiable way."

I struggle to see how this could work in a way that's a fraction as useful to
webmasters as the current system. Sites that sell things like to tie keywords
to conversions. They can learn, for example, that keyword X drives sales, but
keyword Y doesn't, and assign resources accordingly. Online businesses become
more efficient, and searchers get more of what they want. I think it's largely
a good thing all round.

My respect goes to DuckDuckGo for coming up with a clever way to differentiate
themselves from their competition. However, if the problem is that sites are
inadvertently sharing keywords with third-party ad networks, then point the
finger at those ad networks, not at Google. Blaming Google makes about as much
sense as blaming Firefox, Safari, Internet Explorer and the web in general for
sending referrers in the first place.

~~~
calbear81
Thank you for pointing this out bromley. I've been reading Gabriel's responses
and in no place does he mention that keyword level data is needed for
understanding differences in user behavior based on entry keyword. This might
not make a difference if you run a content site, but for any type of commerce
site, I don't want to know how "Google" does, I want to break it down to the
keyword level and better understand where efforts should be focused.

I also don't think that the keywords are shared with 3rd party networks
explicitly. I think what's happening instead is that you search for something,
you land on a page relevant to that something, and the ad network code is
reading the content on the page and assigning a keyword target or theme to
your search. For example, you might search for a Ford F-150 and you get to
Edmunds and the ads are sold on a "by make/model" basis using ad segmentation
so the ad network now can assign your cookie a "Pickup trucks" behavioral tag
but it never had to read the referrer header, it was implied.

------
jonknee
Referrers aren't passed on to all the elements loading on the page. If you
click to nytimes.com from a Google search, the referrer is sent once in the
HTTP request to nytimes.com and then your browser makes all the other required
requests separately once it gets back the HTML page. When the ads are loaded
they don't get your Google referrer, they'll either get nothing or a
nytimes.com referrer. You can work around this with JS (which is how Google
Analytics works), but it's completely unnecessary for the problems Gabe's
talking about...

Referrers aren't needed for targeting. On that Gout example, Google knows you
researched gout so they can target you with gout ads on sites that run AdSense
or DoubleClick (which is a lot of ads). If you visited another site about gout
that ran ads from a different network, then they too could target you. The
referrer has nothing to do with it, it's what you're requesting.

If you don't want targeted advertisements, it's far more effective to use
adblock or modify your /etc/hosts file than it is to use DDG.

~~~
tghw
While it is true that the requests that load the ads don't include the
referrer, any Javascript loaded directly into the page _can_ access the
referrer (window.location.orgin). A lot of ad networks work this way, meaning
they do have access to those search terms.

~~~
kleinsch
In many cases, ads are loaded in iframes, which hide the referrer from the ad
network. It's not in all cases, but most big publishers don't want malformed
ad network JavaScript to destroy their entire page, so they wrap ad calls in
iframes to protect against that.

------
benologist
"It's unfortunate that DuckDuckGo is preying on people's fears and offering
incomplete information in order to garner attention," a company spokeswoman
said in an e-mailed statement.

It really is impressive that you're on their radar enough to warrant a
reaction like that.

~~~
seanalltogether
I fear he's losing his goodwill and credibility by taking this angle of attack
though. His whole argument really boils down to the fact that advertisers are
retarded, not that privacy is being exposed.

~~~
kleinsch
Agreed. Especially since most cases similar to his argument are retargeting,
not query leakage.

In his example, if the user actually clicked directly from Google to
Wikipedia, Google would be the only one who knew about the user's interest in
gout. Google isn't in the business of sharing this information (believe me, it
wish they were ;).

In most cases that people might assume to be related to this, you search for
Timbuk2 bags, click through to their site, then are bombarded with ads all
over the internet for Timbuk2 bags. This has nothing to do with search
leakage, this is retargeting. Timbuk2 drops advertiser pixels on their site so
they can later target those users with advertising.

Most advertisers are stupid. They don't have the fancy tech to handle and
parse search terms, target users, and display ads. They're probably using RMX
or DoubleClick, where you only have the ability to retarget users that have
seen certain pixels. They may be using AdSense or AdWords to target queries,
but those are using Google's own data, which has nothing to do with search
leakage.

I think DuckDuckGo rocks, but as someone working in the online advertising
industry today, this issue seems manufactured for publicity. This information
is useful in theory (and I'm sure a small number of companies are using it)
but there are much bigger issues that are getting exploited by everyone.

------
axod
Constantly attacking Google over something the vast majority of users don't
care about seems like a bad idea.

I was ready to try duckduckgo if it could give me the results I wanted
(Despite the hugely irritating UI and infinite scroll).

But the constant attacking Google seems bad business to me. It _IS_ FUD.
Google doesn't track you. Your browser sends a referer header, which it has
done since the dawn of time. Who cares?

flagged.

I think you're going to lose a lot of goodwill Gabriel.

~~~
epi0Bauqu
This is my last post on the subject. I felt that my position was being read
unfairly, and I wanted to set the record straight. I apologize if it did not
come off that way as it was _clearly_ not the intention.

I truly believe this is an unnecessary leaking of personal information. And I
address the browser argument directly in the post, as well as the argument
that no one cares.

~~~
joh6nn
Gabriel, there seems to be some confusion here in the thread about "breaking
HTTP_REFERRER" or in some way changing the current referrer behavior, which
was not how i understood your post.

can you confirm quickly that you are proposing that search engines
sanitize/anonymize referrer data, and not that they somehow change the
referrer behavior?

~~~
epi0Bauqu
I guess it depends what you mean by "break." I meant what you just said, i.e.
just drop the search terms.

------
bobds
If you don't want to wait for other people to fix this, there is a handy
Firefox addon called No Referrer. It can block referers selectively, either
when you click a link on a certain URL, or when you click a link that points
to a certain URL. It uses regular expressions so it should be flexible enough.

It also blocks referers being sent from localhost/local URLs. I would be
interested in trying out an option that only allows referers to be send to the
same domain or its subdomains. The interesting part is seeing how many things
that option would break.

EDIT: Forgot the link.

[https://addons.mozilla.org/en-US/firefox/addon/no-
referrer-m...](https://addons.mozilla.org/en-US/firefox/addon/no-referrer-
misspelled-referer/)

------
jemfinch
If you care about search leakage, turn the Referer header off in your browser.
Problem solved. Why is it any website's job to change the way HTTP is designed
to work?

~~~
blub
Ok. Now how do I turn off the data mining?

~~~
jonknee
Don't send requests to domains you believe are mining your data.

~~~
gloob
Or to domains that might log your requests and later be bought out by a
company that mines your data.

Or to domains that might log your requests and turn around and sell the info
to others.

Or to domains that might log your requests and then be cracked.

Oh wait. That describes half the fucking sites on the web.

------
JonnieCache
<https://encrypted.google.com>

SSL pages prevent referer headers from being sent.

Easy.

The country specific pages dont have equivalents, so no
encrypted.google.co.uk, but you can get the same effect using the gl parameter
in the URL, so the url for a UK search would be:

[https://encrypted.google.com/search?gl=uk&q=foo](https://encrypted.google.com/search?gl=uk&q=foo)

Get your list of valid country codes here:
<http://www.google.com/cse/docs/resultsxml.html#countryCodes>

~~~
JonnieCache
Too late to edit but I should point out that this also handily prevents
governments or ISPs from viewing your queries, or anyone else for that matter.
Except in cases of MITM attacks obviously.

------
ohyes
Perhaps I'm not thinking malevolently enough, but in what situation would the
search terms that I used be enough to invade my privacy? Presumably, the
content of the site is related to whatever you searched for (otherwise you
wouldn't click on the link).

If you are willing to click the link and go to the site, the site will most
likely have some idea of why you are there, and what you are interested in,
regardless of the referrer headers (because, you know, the site is hosting the
content that you are reading).

It seems that if I am willing to visit the site at all, I should also be
willing to disclose trivial information like this. So I'm not sure why I
should care.

Saying that this is not disclosed also seems a little disingenuous. Referrer
headers are pretty standard. If you have a problem with Google doing this, you
also have a problem with pretty much every other site that uses hyper-links.
It seems that there is a lot of useful semantic information that could be
gathered by being able to identify which documents reference your document.
Eliminating referrer headers seems like it would be a net loss (pun not
intended).

~~~
joh6nn
yep, you're not being malicious enough :)

the issue is not whether the destination site receives the search terms (and
indeed, Gabriel suggests that they should continue to do so, either through
the GWT, or some other method).

the issues is that currently, any advertising networks in use by the
destination site also receive the search terms, via the same mechanism: the
referrer. that's the crux of the issue.

while the destination site can't follow your traffic once you leave it, the ad
networks, because of their large user base, frequently can. they can begin to
build a much more thorough profile of who you are and what you are searching
for than anyone single destination site could. whether that's an invasion of
privacy is your call, but to many people it is. currently, they're simply
unaware that it's happening.

~~~
ohyes
Thanks for explaining, I can now see how this might be a problem.

Through this same mechanism wouldn't the advertising networks be privy to the
content of the sites that I am visiting? It seems that even if we eliminate
this, we still have issues with advertisers being able to track and create a
profile based on the content of the websites you are visiting.

The headers do seem to create a direct link between a given search and a set
of visited sites, but can't things like cookies and tracking pixels be used to
the same effect? Possibly then using NLP to figure out the most important
words on the page? Or the SEO terms that the website uses to get picked up by
the search engine?

If you are going to let an advertiser post content on your site, it seems to
me that it would be very difficult to keep said advertiser from tracking your
users.

If the user uses Adblocking software or otherwise blocks the advertisers' sub-
domains, does the advertiser still receive the referral headers?

~~~
joh6nn
yes, that's right: this is just one arrow out of the quiver. sanitizing the
search terms out of the referrer does not fix the full problem.

whether the advertisers are receiving the headers are not depends on how the
ads are served. to my knowledge, most of the time, they're not receiving the
header directly, they're using JS to access the referrer indirectly (it is
exposed via the document object). some adblockers merely hide the ads, which
would still allow the advertiser to access the referrer. others prevent the
ads from loading which i _believe_ would prevent any access.

------
tmsh
In Gabriel's defense, I'd say there's something very antithetical between FUD
and a detailed description on how to fix the (alleged) problem. I don't know
of any other FUD campaign in which a simple solution was provided -- one which
won't directly benefit the entity raising the objection. It's Google, et al.'s
decision which way they want to go -- whether they take his advice or ignore
it.

But one could excuse the billboard potentially to a person trying to highlight
that this is a big issue. But again, this seems quite different from an
incumbent that is trying to cast doubt via obfuscation, which has usually been
the case in FUD...

~~~
jacquesm
I see the billboard as nothing more than a prank that is now pulled out to
beat down the discussion about the actual subject matter.

------
andrenotgiant
Also posted on site:

I agree that the amount of information a well-tagged website can collect on
users is frightening, but I don't think that stripping search keyword data
from the referrer is the solution. I think Gabriel is going after the wrong
thing.

Here's why: A good Search Engine will never send a user to a page that isn't
textually relevant to the search they entered. In 99.9% of cases, the text
they entered is ON the page they hit. So if a user searches for: [SOMETHING
CREEPY] they will be hitting a page that already has [SOMETHING CREEPY]
published.

To put it another way: "Your Keyword data is never going to give a website
something it didn't already have. It's just going to reveal what pieces of its
content are of interest to you."

~~~
brlewis
It's more complicated than that. See the part of the article about ad
networks.

On the other hand, I think the gout example was google ads, not an ad network
on wikipedia, so hiding referrer info wouldn't have helped.

~~~
andrenotgiant
agreed. I guess I left out my suggestion for what the problem really is:

If you are concerned about Ad Networks having so much data on you, clear your
cookies and block cookies from them. Then they will never be able to string
together more than one piece of data.

~~~
subway
You're only bumping the problem from a per-browser (cookie) aggregation to per
a machine or household (IP address) aggregation.

------
tony_landis
The author is singling out out one company and saying they should be doing
things differently than the rest of the web, because of what 3rd parties can
do as a result. Why not go after the advertisers if they are the real
miscreants? FUD!

There is absolutely no reason that Google should break the web to pacify this
guy.

~~~
gloob
Taking his suggestions would no more "break the web" than Craigslist broke
paper. It would harm a common business model, sure, but I have yet to see a
good reason for me to care about the business models of web companies any more
than I care about the business models of newspapers or record companies.

------
nkurz
While I appreciate that DDG would want to differentiate itself from its
competition, if the actual goal is improving user privacy on the internet I
don't understand why this is being treated as a Google issue rather than a
browser one. Google is an important site, but just one site of many. Wouldn't
it make more sense to try to convince browser makers to have HTTP_REFERER
turned off by default, either in entirety or for cross-site purposes?

It also seems worth noting that if for some reason you wish to continue using
Google instead of DDG, and if you are concerned about the potential privacy
issues, you can already change your browser not to send the referer header:

<http://kb.mozillazine.org/Network.http.sendRefererHeader>

[https://chrome.google.com/extensions/detail/dkpkjedlegmelkog...](https://chrome.google.com/extensions/detail/dkpkjedlegmelkogpgamcaemgbanohip)

~~~
othermaciej
Not sending the Referer header at all can break some sites, probably more than
is acceptable to do by default. But stripping the query part of the Referer
header might be reasonable. Probably the main side effect of that would be to
make Google mad. (P.S. the header is called "Referer", not "HTTP_REFERER").

~~~
nkurz
Which sites would break, and why? (genuine question, not contrariness) I've
always assumed that cross-site Referer is sufficiently brittle that one cannot
depend on it, since it's isn't there if one enters a URL by hand or arrives
via a redirect. And while I like it for use within a site, it seems that
Cookies have taken over for most uses.

Sorry about the sloppiness with HTTP_REFERER vs Referer. You are correct --- I
tend to think of it from the CGI point of view rather than browser. Browser
sends Referer as an HTTP header, which web servers commonly set in the
environment as HTTP_REFERER. Thus the question should be "Why not have
browsers default to not sending the HTTP Referer header?"

------
WillyF
Even if search engines stop sending keywords in referral data, the ad networks
and webmasters will still be able to piece together your browsing history.
Every day there is less and less anonymity on the web, and for the most part
people are ok with it. Ten years ago very few people would willingly use their
real name online. Facebook changed that.

The web as we know it has been built on the assumption that search engines
pass along keywords in referrer data. Changing this would have a significant
negative impact on a lot of businesses. Considering that most users don't
really seem to care about privacy, at least if you judge by actions and not
what they say, I don't see why a company like Google would ever stop sending
along keyword data to webmasters. They'll piss off webmasters who buy ads from
them, and it won't help them increase their share of the search market.

------
random42
I use DDG as my primary search engine and plan to continue, but I am really
getting tired of this aggresive/attacking marketing approach of gaberial.

------
tdfx
There aren't enough people at the FTC to read the complaints that would flood
in if Google changed this and Google Analytics became the only tracking
platform that could do SEO keyword analysis.

~~~
jacquesm
I don't see any reason why analytics should have access to that information
when other tracking platforms would not.

Chinese walls should take care of that.

And if those are not in place then google has bigger problems.

------
armandososa
I don't feel qualified to say whether this is FUD or not, but it certainly
imposed some fear on me. I don't know what a Gout is and now I'm afraid to
search for it.

~~~
tdfx
The gout example in the article strikes me as very odd, since the only site
that should've received the referrer with the search terms was wikipedia.
Therefore we've left to conclude that either Google is targeting ads in their
AdSense network based on search terms (which is outside the scope of Gabriel's
argument) or Wikipedia is passing search terms to ad networks that for some
reason it doesn't display ads from.

Equally likely is that this concerned user clicked on a different health-
related site with an ad network that classified him according to that site's
content or stated category -- there's simply no evidence that the aggregation
of search terms happened.

Note: I'm not saying the story couldn't be true, just pointing out that no
technical evidence has been presented to rule out the other possibilities.

------
sogjis
I'm using Firefox add-on RefControl, which can remove referrer for 3rd party
requests

------
Zakuzaa
Anybody paying attention to <http://www.techmeme.com/110124/p25#a110124p25> ?

