DuckDuckGo: illusion of privacy?

<i>If you are specifically targeted in an investigation [...]</i><p>The purpose of services like DDG is to reduce the amount of casually collected, personally-identifiable private data you might be strewing about - data that might potentially be recovered and might potentially be used against you or used in ways that you don&#x27;t like.<p>If you are specifically targeted by an investigation, a law-enforcement agency like the FBI, armed with probable cause and warrants can tap your phone, search your house, track your location, log your keystrokes, etc, etc. DDG can&#x27;t help you there, you&#x27;d also be vulnerable even when using a service provider which really doesn&#x27;t have access to your data, like tarsnap. DDG is not going to magically protect you from targeted (and perfectly legal, civilian, non-NSA-related) surveillance if you happen to have the bad luck of being a subject of such an investigation. It&#x27;s a silly standard to hold any service provider to.

1. Since the U.S. government has given itself both the power to compel U.S. corporations to spy for them and the power to prevent them from revealing this, we can&#x27;t take the claims of any U.S. corporation at face-value.<p>2. DuckDuckGo is a U.S. based company.

I like the blog post, but I think that it is somewhat unfair against DDG since the argument works against any internet company. The argument rests essentially on two points:<p>1. Client&#x2F;Server architecture has a single point of failure, namely the server. ( Or the network equipment directly upstream of the server.) So that whatever nasty surprise is embedded directly at the server, or in the jurisdiction the server is in, affects whoever is using the server.<p>2. We do not have a treat model for the NSA, they are somewhere between a usual state level attacker and Cthulhu. We do not really know, what the NSA can or can not do, can they crack the discrete log or factor large numbers? Or do they &#x27;just&#x27; have a assorted 0day collection? Is it realistic that they can coerce anyone into revealing public keys? And if they can actually break TLS, can they also break all TLS or does this require some not insubstantial effort on their part?<p>So both of these are real problems and the combination is potentially undermining the trust into the entire internet. But it is not really about DDG.

<i>&quot;Option 2 Many smaller internet companies, including DuckDuckGo, do not operate their own data-center, but instead are “hosted” in another provider’s datacenter. In DuckDuckGo’s case, they are hosted by Verizon Internet Services. We’ve all learned about the cozy relationship between the NSA and Verizon, it is quite imaginable that Verizon would simply give them access to a DuckDuckGo server, or the load-balancer which is likely owned and operated by Verizon and upon which the SSL decryption key is installed. They don’t need continuous access, 30 seconds is all that would be necessary to copy the cert.&quot;</i><p>And Gabriel&#x27;s response to that: <i>&quot;There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example.&quot;</i><p>Might as well %s&#x2F;Verizon&#x2F;Amazon&#x2F;g…<p>I also found what Gabriel said here to be interesting:<p><i>&quot;We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt.&quot;</i><p>So apparently speaking to a couple of lawyers who are probably not upon the FISA court (who apparently pretty much just stamp what has been decided) now have a say in whether such actions can be taken by the NSA and whether they are unconstitutional are not?<p>Don&#x27;t get me wrong, I&#x27;ve been using DuckDuckGo for a couple of years now, but that&#x27;s laughable.

Response from DuckDuckGo CEO from the article comments:<p>&quot;Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business.<p>We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt.<p>There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example.&quot;

The beauty of the NSL system and the NSA acting outside the constitution is that no matter what anyone says there is no way to prove any statement made about receiving or not an NSL. In fact it wouldn&#x27;t surprise me that if the NSA wanted the data they could compel someone lower in the company and the CEO might never know. How do you prove you are NSA-free if you are the CEO of an American based company? Really the only thing statement that people would believe today is actually showing your NSL publicly and telling the NSA to stuff it. If you haven&#x27;t been targeted (or someone in your organization was) there is no way to prove it.

The key thing about Google et al is that they maintain user accounts and try to get you to stay logged in which means (a) they maintain huge data stores that are (b) tracked by user. While DDG can be required to turn over its records, could theoretically hand its unencrypted traffic over to the NSA, and in any event the NSA could simply pluck the packets off the air en route, it would then have to figure out which packet was from whom and join the dots itself. This is essentially no different from what I assume the NSA can do with any damn website, foreign or domestic, it likes.<p>As a further wrinkle, if you are logged into Google then it can watch your web surfing activity onto any website with embedded google code (analytics, adwords) which is pretty much most websites.<p>All of this comes down to Google is an advertising company. If DDG becomes an advertising company, watch out.

DDG have a tor hidden service for search [1] and so you can search annonamusly through that, even if someone has access to the ssl privet key.<p>[1] <a href="http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-now-operates-a-tor-exit-enclave.html" rel="nofollow">http:&#x2F;&#x2F;www.gabrielweinberg.com&#x2F;blog&#x2F;2010&#x2F;08&#x2F;duckduckgo-now-o...</a>

&gt; &quot;DuckDuckGo can easily be compelled either under the Communications Assistance for Law Enforcement Act (CALEA), standard court orders, or by secret orders from the Foreign Intelligence Surveillance Court (FISA) to provide tap-on-demand&quot;<p>Can they actually do that? I mean it&#x27;s one thing to just &quot;hand over the data&quot; you already have about the user, and maybe even compel the company to decrypt it (although I still think that&#x27;s BS [1] and companies should fight against it), but can they actually <i>force</i> a company to <i>spy for them</i>, and change their service in such a way that makes it possible? Does FISA and the Patriot Acts actually imply that? Or does he mean it might be yet another one of their &quot;interpretations&quot; of the laws?<p>Either way, if that&#x27;s possible, just start using StartPage.com. They&#x27;re based in Norway.<p>[1] <a href="http://paranoia.dubfire.net/2010/09/calea-and-encryption.html" rel="nofollow">http:&#x2F;&#x2F;paranoia.dubfire.net&#x2F;2010&#x2F;09&#x2F;calea-and-encryption.htm...</a>

If what&#x27;s written in this article is true, that basically means that even hosting a server in the US is basically a breach in privacy.<p>Do you think this is reliable information?

Before drawing any conclusions from this, I recommend reading Gabriel Weinberg&#x27;s response in the comment section. I felt considerably better after reading it.

MegaUpload, LastPass and others are provably not able to access your information. Storing the encryption key yourself is the way to go.<p>But then the govt can capture you and make you give up the key. A whistleblower can threaten to have more incriminating evidence disseminated encrypted somewhere, and if he doesnt check in every 30 days it gets released ... but then the government can just torture him until it makes him give up the key he uses to check in every 30 days. It wouls take a really stubborn guy to persist and let the information be released. Since you dont have any information like that anyway, just assume that if you can access your own data the govt can compel you to do it for them.

Hmm, CALEA is really not the right law to be referencing. CALEA generally applies to wiretaps and specifically derives from telephony surveillance and is more relevant—and worrying—to a Twilio or SendHub, rather then DDG.<p>It&#x27;s more likely to be a portion of the PATRIOT Act (Sec. 215 and possibly 217, h&#x2F;t to Marcy Wheeler for the education here: <a href="http://www.aclu.org/free-speech-national-security-technology-and-liberty/reform-patriot-act-section-215" rel="nofollow">http:&#x2F;&#x2F;www.aclu.org&#x2F;free-speech-national-security-technology...</a> and <a href="http://cyber.law.harvard.edu/privacy/Introduction%20to%20Module%20V.htm" rel="nofollow">http:&#x2F;&#x2F;cyber.law.harvard.edu&#x2F;privacy&#x2F;Introduction%20to%20Mod...</a>) or the specific update to it (Protect America Act of 2007, FISA Amendments Acts of 2008 and most recently 2012) to bring the warrantless wiretapping scandal back into &quot;compliance,&quot; and seemingly updating PATRIOT for the current round of surveillance, which was likely reauthorized Dec &#x27;12.<p>Now, the FBI recently floated a trial balloon of what we&#x27;re calling CALEA II, but that&#x27;s focused more on compelling the providers of in-browser chat products to create backdoors for surveillance: <a href="https://www.cdt.org/files/pdfs/CALEAII-techreport.pdf" rel="nofollow">https:&#x2F;&#x2F;www.cdt.org&#x2F;files&#x2F;pdfs&#x2F;CALEAII-techreport.pdf</a> It&#x27;s not current law yet, and we&#x27;re fighting to prevent the proposal from becoming law.<p>It&#x27;s a point of precision that doesn&#x27;t detract from the author&#x27;s main point.<p>Just as an update, the legal debate is continuing over both the NSLs themselves and their related gag orders: <a href="http://www.networkworld.com/community/blog/fbis-national-security-letter-gag-orders-violate-1st-amendment-ruled-unconstitutional" rel="nofollow">http:&#x2F;&#x2F;www.networkworld.com&#x2F;community&#x2F;blog&#x2F;fbis-national-sec...</a> I&#x27;m not sure how or where this case escalated to, but the last time a court declared the gag order to be unconstitutional, it took an act of Congress to reauthorize it, which will be a difficult sell right now.<p>For a final note, here&#x27;s a counter by the DoJ about how I&#x27;m wrong, for whatever that&#x27;s worth: <a href="http://www.justice.gov/archive/ll/subs/add_myths.htm" rel="nofollow">http:&#x2F;&#x2F;www.justice.gov&#x2F;archive&#x2F;ll&#x2F;subs&#x2F;add_myths.htm</a><p>And for full disclosure: I consult with Center for Democracy and Technology (CDT) on reforming Electronic Communications Privacy Act (ECPA) of 1986, which is a similar but not directly related issue.

You don&#x27;t even need to ask ddg for a private key, go straight to certification authority.

Thus article states that the NSA will get the information anyway. Even if this is true it may be a good thing to choose a search engine that makes a point of at least not tracking you itself. Sadly Google has much better search results...

The article is completely missing the point. Of course the NSA can get information from DDG, the point is that there is not much information to be earned there in the first place, and the searches are not associated with your google account, let&#x27;s say.

Lots of comments here. Not sure if it is already covered or not. So I will be brief.<p>DDG, hushmail, etc. Doesn&#x27;t really matter does it if the NSA gets you at your internet connection and reads what you are doing from your service providers trunk?<p>You can DuckDuck and Go and hush your email. If they are grabbing it at the point of your modem and your internet provider, the illusion is you are secure but really you are not.

&gt;&gt; Can they refuse to collaborate with the NSA if approached? What I would like to know if they can really refuse when big corps such as Google, Microsoft and others can&#x27;t?<p>&gt;&gt; Gabriel Weinberg comment: We have not received any request like this, and do not expect to. But if they receive such request can they just really say NO while other big companies can&#x27;t?

EDITED: Thanks guys, it seems like I managed to paste over most of my post with the clipboard filled with the last one. Thanks for being so nice pointing it out. Sucks, the on topic one i destroyed was leaps above the banal content that replaced it. Let something here to avoid you guys being orphaned. Sorry for reducing the signal to noise ratio!

Also consider the holland based search engine www.startpage.com which has al kinds of certificates.

They also really hate it when people point out their privacy flaws. See <a href="http://www.alexanderhanff.com/duckduckgone" rel="nofollow">http:&#x2F;&#x2F;www.alexanderhanff.com&#x2F;duckduckgone</a>

the main argument of this page is &quot;nsa can hack everything cuz google got hacked by the chinese&quot;<p>yeah thanks for the tip, that&#x27;s so insightful.

This &quot;blog&quot; has one post and was specifically started to bash DDG.<p>I don&#x27;t use the duck (yet?) but to me it looks like an attempt at black PR.<p>Even if the duck doesn&#x27;t give full anonymity, I would still prefer it to Google - the new leaked slides revealed that NSA has direct access to Google, whereas with ddg, they&#x27;d have to snoop upstream.

Shhh, don&#x27;t ruin the ongoing circle jerk.

are we still all just forgetting the fact that DDG is just an aggregator of other search engines. Specifically Bing.

How about the article writer test this before writing? Do DDG-searches about:<p><pre><code> - A violent political&#x2F;religious subgroup. - Politician XXXX&#x27;s opinions about said group - The future travel to your locality of XXXX - How to build bombs with YYYY. </code></pre> Just make certain to wear a bullet proof jacket while reading... :-)<p>But seriously:<p>Sure, the NSA probably index searches on DDG. Of course. It is fully possible DDG isn&#x27;t aware of it, too. It is too obvious to be at the top of HN.<p>I might have followed the subject too shallowly, but it really surprises me that I haven&#x27;t seen the responsible politicians talk about the real problem here.<p>You can make a good argument that pervasive monitoring is a good thing in the short perspective (which the supporters do), but over a longer time?<p>After a long time of military or economic problems you get paranoid tendencies (see McCarthy, Putin, 9&#x2F;11). I have no idea how likely a 1984 scenario (or a present day Russia!) is -- and neither do anyone else.<p>The people responsible should have answers to these questions <i>before</i> making the decisions. And now they should discuss that. (Or doesn&#x27;t a risk exist if it can happen after they are out of office? Or do they really think there will never be any political&#x2F;economic bad times again?)

<i>DuckDuckGo: illusion of privacy?</i><p>His point is that if NSA wants they can do this and that. I suppose they can also take you to a Romanian black ops site and beat you bloody till you cough up your passwords. The idea is for average Joes and Janes to have a little bit more privacy. When you search on Google, they try everything possible to have you search while logged on and save your search history. All this is linked to:<p>your real name, location (Android)<p>maybe credit cards (Google Play, Adwords)<p>emails sent<p>videos watched<p>books read<p>sites visited (Google Analytics, sites visited that serve Adsense, Google hosted jQuery)<p>your private docs (G Drive, Documents)....<p>This is of course to make more money off you, they can charge more money to advertisers, and all this info is ready to be siphoned by Booz Allen and Hamilton employees and to be added to your file.<p>What do they get from DDG? Relatively speaking, nothing. The idea is to split your activities to make it harder for them, which is great for an average user. By using everything Google, it&#x27;s even better than sending them a memo detailing everything you did each night.<p>If you&#x27;re a target, long live TOR, which is not really usable on Google.

I&#x27;m surprised by how many world class super spy&#x2F;hacker types there are on HN...who knew that, besides just generally being snarky about shit that you half understand, that you had so many secrets to protect?