The Google +1 Chrome extension sends an RPC event to Google for every page you visit, https or not.

UPDATE: See +Jonathan McPhie's response in the comments below about fix coming tomorrow.

I hate to be a downer on cool stuff like this, but I really don't think this is acceptable. It's even sending the querystring, which could potentially contain a secure session token. All of the communication to the Google servers happens over https, but I don't think that fact excuses this. https:// traffic needs to be off-limits for automatic tracking of URLs.

I'd be OK if the button allowed you to disable auto-reporting of the current +1 count (this can default to 'on'), and added a default-off option to show +1 counts for https sites.

Thanks to +Louis Gray for quickly responding! "I filed a bug internally and sent an email to the right folks." I'll update this when I have more info.
Photo
Shared publiclyView activity