Google is watching me (even more than I thought they were).

Huh. I can’t believe I never noticed this before.

Scenario:
[ol]
[li]Search Google with your favourite keyword(s).[/li][li]Hover over one of the search result links.[/li][li]Note the target URL in the status bar at the bottom of the browser.[/li][li]While looking at the URL, click and hold on the search result (click, but do not release), or right click on it.[/li][li]Does the URL change?[/li][/ol]
I can reproduce this in UNIX versions of Firefox (Solaris and Linux), but not on Windows in either IE or Firefox.

Google is using JavaScript wrappers to track click-throughs, even if you are not logged in or accepting cookies.

Not surprising, I suppose, and maybe not even very interesting unless you’re a privacy- or tech-type person, but at the very least, mundane and pointless.

Well, whaddaya know…I never noticed that. It repros for me on XP using FF.

OTOH, Bing (the Microsoft search engine) doesn’t seem to do this.

I’m not sure I understand you…the status bar shows the exact url of the site that the link I’m hovering over leads to. Nothing changes when I hold click on it.

I’m using Safari and Chrome on Mac.

I just tried it using Safari on a Mac and could not reproduce it either, but was able to do so using Firefox.

The address tags in the search results include a mousedown event handler that looks something like this*:

onmousedown=“return rwt(this,‘’,‘’,‘res’,‘1’,‘AIFHJdiwoUyhgt9SKSKObD8DJNZA5oDId’,‘’)”

The derived URL ends up looking like this*:

The long string argument (encoded as the “usg” parameter in the tracking URL) differs for each search result. The search query (“flapjacks”) and various other bits are added, as is a “global” string (“ei”) which remains consistent across all results (but changes for each search).

A cursory review of the JavaScript is interesting; function a(), for example, is invoked from the click callbacks, and calls various timer-related methods (I suspect that Google not only knows which link you clicked on, but how long you dithered before doing so).

I may dig deeper if a bundle of spare time falls from space and lands on me. I presume others have already reverse-engineered the JS, but I have not found anything after a quick search.

The bothersome thing is that, as Red Barchetta mentions, hovering over the links shows the target URL, leading one to believe that clicking on it loads the destination site directly (instead of redirecting you to Google via JavaScript gymnastics). A little too wily for me.

  • I changed the strings in case any identifying information is encoded in them and someone understands the secret soup. Am I paranoid? Why, yes. Yes I am.

“Grammer.” Nice. :smack:

Well, I just tried it on my work computer with Chrome and IE 6, and neither exhibited the behavior you saw…is there anything else on your computer perhaps causing it? Google Toolbar? Spyware, maybe?

Definitely not spyware on Solaris. I do not have Google toolbar installed.

I was unable to reproduce on IE as well (I don’t have Chrome). Do you have access to Firefox by any chance? I was able to reproduce on FF in Windows after all (like Hunter Hawk) by searching from Google’s front page (vs. the search box on my browser toolbar).

The JavaScript more or less confirms why I am seeing it. Probably a browser artifact on whether the status bar is updated on onmousedown events.

Just tried Firefox too–nothing.

I’m not getting it here on my XP/Firefox 3 system either.

Hmm. Weird. Only thing I can think of is that (for me at least) it does not work if the initial search is performed from the browser search box, only from the Google home page. Did you search directly from http://www.google.com/ ?

All of my FF versions are 3.10, FWIW.

All of my searches were from their homepage.

Well, I’m getting it, anyway. Firefox on Windows XP.

Well, they could make it where the JavaScript only kicks in if you don’t accept cookies. It wouldn’t be hard. Just send a cookie, check for that self-same cookie, and if it isn’t there, offer search results with JavaScript.

But they don’t. Tracking you isn’t the primary purpose. I’m pretty sure collecting the information you are pointing out has something to do with how the search algorithm works. If more people searching for a particular subject click on a particular link, it gets moved up.

Oh, and it is there on every browser. It’s just that some don’t note the URL change. On every computer I’ve had, trying to copy-and-paste the URL by right-clicking produces a link-through, instead of the URL I want.

SquiggleSR, an add-on for Firefox, helps diffuse the privacy concerns, if you are interested. There might be other add-ons that might help, too.

I’m getting this behaviour from the browser search field. I’m using Firefox on Unix (Mac OS X 10.5 on Intel hardware).

Have you enabled Javascript from Google? Mine was enabled (from google.ca), and I just disabled it and tried it again and it didn’t do it this time.

I can’t reproduce this on my computer. Firefox on XP. The source for google results contains onmousedown=“return clk(this.href,’’,’’,‘res’,‘1’,’’)” (empty string instead of long random looking string)

Google made this change because they are moving toward being an Ajax-based site. When they’re done, they will be able to update just the portion of the page showing the search results while leaving everything else the same. This change to the way links in the results work was necessary to keep the referrer information available to the site you visit through the link.

You can read about it here. The stuff about why is found in the comments, specifically this one:

Thanks, Gus. I think you nailed it. I have referrers turned off. I tried turning them on and did not see the behaviour. Anyone else? Explains why I have not noticed it before.

BigT, I am sure you are right. Search result optimisation is a key component of their voodoo. I concur that it is every browser – the JS is there. Thanks for the link.

I am not overly-concerned from a privacy perspective. The fact that they are obscuring this behaviour is kind of odd, though. They can just make the href parameter the frankenlink and be done with it. The loss of right-click-copy-and-paste is a pain, though.