I think DuckDuckGo is unfairly singled out here. They do more than most companies to protect privacy, and most of their users are specifically trying to deprive Google of more feed for its data silo. Of course they can't protect you from the NSA. Extremely few actors can.<p>If your threat model includes actors within the US Federal Government (especially the intelligence community), run. Yesterday. That's a statement about our times, not about any particular company.<p>The solution ought to be browbeating the US Government for unethical practices, not browbeating a company that does privacy better than most, and not as well as would be necessary to stand toe-to-toe with some of the most powerful and far reaching organizations in the world.
My beef with this article is that it's unreasonably reductionist to conclude that DDG provides an "illusion" of privacy based on the fact that they're as vulnerable to being targeted by the NSA as anyone else. The issue of privacy is so much bigger than that.<p>If you use Google Search and someone obtains access to the data they have on you, legally or illegally, they could end up obtaining many years of your browsing history. If you use DDG they have nothing, and the most they can do (as the article states) is start collecting your search habits from that point onward.<p>I don't want huge companies to amass giant archives of data about me. There are so many ways it can be abused by a multitude of actors. It's a selling point to me when a service retains little or no information, and if it needs to retain something, it requests limited permission in clear and simple terms.
The only conclusion I can make from this article is to avoid services hosted in the USA but even that is not guaranteed to work -- having in mind that US agents have been known to go abroad to request access to foreign company's servers. (They were even supposedly thrown out from Iceland once -- assuming that wasn't a honey pot propaganda operation to lure people to host stuff in Iceland, of course.)<p>What's left for the people who aren't criminals but don't like being spied on? PGP and keys that are exchanged physically, by hand?<p>If somebody can physically spy on the infrastructure cables that your traffic goes through, will SSL protect you? As written in the article -- no it will not, because the certificate can be obtained, even if it takes some time and strong-arm effort to do so. But when a country can order you to give up private keys and keep quiet about it, really, what can you do?<p>At this point, full decentralization, mesh networking and something times better than Tor encoded in 100% of the network code seems to be the only way out. Maybe a combination of IPFS and FreeNet, full packet-level encryption and keys that expire in 1 minute and are auto-generated for every transaction?
Recently I have been using the free and open source Searx more and more (admittedly mostly using the !searx shortcut from DDG). Results seem better than DDG sometimes. Would be interesting to try and host my own instance or write something that picks a random public instance.<p><a href="https://asciimoo.github.io/searx/" rel="nofollow">https://asciimoo.github.io/searx/</a>
To be fair here is ceo response quote<p>Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business.<p>We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt.<p>There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example.
Like Google, by default DDG tracks what results the user clicks on. URLs are prefixed with a DDG URL. Users HTTP requests are forwarded through DDG servers.<p>By default, DDG "lite" does not set cookies or use Javascript. However, if the user wants to change the default "settings" (HTTP has no state so this is a fiction), then AFAICT she has to enable Javascript and accept cookies. Privacy conscious users do not want Javascript or cookies.<p>DDG could achieve the same result by simply providing an alternate URL, something like /lite2 in addition to /lite.<p>Whether DDG saves this data I have no idea. But one has to wonder why, if privacy is a goal, DDG is collecting it to begin with.<p>If DDG believes it is doing this for the benefit of users, it is not convincing because there are alternative ways to achieve the same benefit that do not require prefixing URLs, Javascript or use of cookies.<p>For example, browser settings already allow the user to control HTTP Referer headers, assuming queries were submitted using GET. The user can change the settings in the browser so that no referer is sent, or to send a custom referer of her choosing.<p>Another example is if DDG accepted queries via POST method in addition to GET. No search terms would be leaked in the URL or in any HTTP referer.
Most of the points is arguing that NSA could compel the company Duck Duck Go, Inc to install equipment and then forbidding the company from disclosing that fact.<p>Doing so does carry quite a bit of political risk. There have been quite a few lawsuits from EFF and ACLU in regard to do so, and as the comment from CEO of Duck Duck Go says in the comment thread, all existing cases has been about turning over records. Going the extra step of compelling people to install hardware and keeping the operation going would be a further step.<p>I doubt ddg is currently worth the political risk. There is likely much easier targets to attack first in order to get 100% of the worlds search data.<p>*down votes? Explanation?
Recently I had a series of unfortunate plumbing mishaps at my home that set me back a bunch of money. I did very minimal google searching (just confirming the spelling of the plumber's name), but ads offering emergency home loans have started popping up in my browser.<p>If I can go to a search engine that doesn't sell the fact of possible financial problems to whatever loan shark is willing to pay the most to get to me, I see that as a win.
Duck Duck Go is a company that I want to succeed, as they are clearly making a stand on user privacy.<p>However it never made sense to me why people would use those DDG bangs.<p>I mean privacy is the main selling point, so why in the world would you send the searches you make on other websites to DDG, when the browser is perfectly capable of being configured for "<i>search keywords</i>".<p>In Firefox, go to amazon.com (or any website you want), right click on their search bar and select "<i>Add a Keyword for this search...</i>". Add "<i>!a</i>" or whatever you want. There, you've got your own bangs.
If you're worried that DDG may log your IP you can simply use it with the Tor Browser (it's the default search engine) or use their onion service (<a href="https://3g2upl4pq6kufc4m.onion/" rel="nofollow">https://3g2upl4pq6kufc4m.onion/</a>) for increased security and anonymity.
The issues brought up in this post apply to every single service operating online, and it only applies to DuckDuckGo in any special way because of their increasing size. This includes "client" encrypted webmail and similar applications: they can be forced to deliver malicious JS that gives up your keys, or the JS client delivery can be MitM'ed.<p>Many people seeking enhanced privacy from DuckDuckGo are seeking privacy <i>from Google</i>, not from state actors. For that, you'd need additional measures like Tor, for which DuckDuckGo provides a convenient .onion service. Even if DDG is secretly tracking all our searches, they have less data to correlate it with.<p>My current privacy complaint on DuckDuckGo, combined with browser search UI issues (looking at you, Chrome) is over the !bangs. If you're doing "!w [sensitive topic]" instead of tabbing to Wikipedia search in your browser and searching that way, you're risking DDG or anyone who's compromised DDG seeing your Wikipedia searches, when the search should go straight to Wikipedia, Twitter, Stack Overflow, and so on.
I am participating in a peer-to-peer search engine based on free software, <a href="http://yacy.net" rel="nofollow">http://yacy.net</a>. But I am not sure it can save us from NSA... We have to take political steps against them anyway.
comparison of using DDG vs Google over tor is enlightening (GIF):<p><a href="https://twitter.com/cyphunk/status/849615910545620992" rel="nofollow">https://twitter.com/cyphunk/status/849615910545620992</a>
Collecting meta-data is not benign at all, it's trivial for the usual suspects to de-anonymise, and profile based on browsing habits.<p>Fat protocols should marshal the true web 2.0 along with DAOs.
This is something that's always been fascinating to me. In any thread about privacy, there's always a comment along the lines of "if your threat model is a nation-state, then you're screwed." You hear it about DDG, Tor, client-side but web-delivered encrypted email, etc.<p>What if your threat model is a nation state? What's the proper way to ensure your privacy <i>that does not require abstaining from the internet</i>? Is a high degree of privacy even possible?