DuckDuckGo: Illusion of Privacy 264
An anonymous reader writes "With all of the news stories about users moving to DuckDuckGo because of NSA spying, this article discusses why the privacy provided by DuckDuckGo is more the privacy from third-party tracking (advertisers) but may do little, if anything, to prevent the NSA from tracking your searches."
FTFA (Score:5, Funny)
"The NSA Can't Loose" ... Really?
Re: (Score:3, Insightful)
Really. If they want the information, they get it. Either you turn it over willingly, or they take it forcefully via legal means or just go above you to your host. There is nothing you can do about it.
Re: (Score:3)
Re:FTFA (Score:5, Informative)
In the comments is a reply apparently from DuckDuckGo :
"Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business. We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt. There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example."
Re:FTFA (Score:4)
Well that's convincing - not!
Has this dude been living in a cave for the past month? We've just had a non-stop series of revelations about how governments (not just in the USA) routinely ignore their own laws or secretly redefine them into meaninglessness, in order to engage in dragnet surveillance. And his answer is "such a request would be unconstitutional". Yes, it would. It was unconstitutional for all the other search engines too. So what? That obviously doesn't matter.
DDG is just a scam in so many ways. The entire site is basically a proxy for Bing. If Bing were to cut them off they'd have no search engine anymore. If Bing were to say "you pass through data on people or we cut you off", they'd either have to give up on their privacy guarantees or shut down completely. It's a completely self defeating business model, if they get popular they won't be able to sustain the reasons for it anymore.
The fact that he thinks there's a difference between Amazon and Verizon with regards to NSA cooperation is especially amusing.
Re: (Score:3)
The whole fiasco is enabled by the fact that the NSA does have (secret) court orders from a (secret) court, and the regular courts won't hear cases because of state secrecy. I don't see any reason to believe DDG would have any more luck than Google or Yahoo did.
Re: (Score:3)
This guy's response seems to show a lack of understanding of the entire NSA debacle:
If this were true, wouldn't Microsoft, Google, Apple, Verizon, etc. be in trouble with the FTC? What makes DuckDuckGo different?
Re: FTFA (Score:5, Funny)
I heard it got loose and is living in a capsule hotel in a Moscow airport. Which further proves my theory that we're living in a cyberpunk novel.
I didn't start using DuckDuckGo for privacy (Score:5, Insightful)
I started using DuckDuckGo because, out of all the other search engines out there, it's the only one I've found whose entire mission statement centers around _not_ collecting information on every goddamn thing you do. Yes it's probably still being tapped at the fibre optic cable level so it doesn't really matter, that's not the point. The point is to vote with your dollar, or in this case your page view, far more influential these days than one thinks.
I don't use DuckDuckGo because it preserves my privacy. I use DuckDuckGo because they don't try to take it away from me.
Re: (Score:2)
Well, that's fine, but I keep pointing out I'm less concerned with whether Google knows I might want to buy Depends than that the NSA might be able to spy on political opponents to whoever holds their ear. "Make sure you fill out the warrant form, agent #4821 out of 17436." isn't much protection for a G. Gordon Liddy type.
Re: (Score:2)
Obviously. The scary form is 27B/6 [youtube.com].
Re: (Score:2)
The article misses the point. It's about getting rid of the Google sphere and search filtering.
I'm using Startpage [startpage.com]at the moment.
Re: (Score:2)
Yeah, the fibre level is pretty hard to avoid. Here's something I spotted this afternoon, related to the reveal that the US was recording Telstra's Reach traffic:
http://www.computerworld.com.au/article/520706/ludlam_demands_telstra_explain_role_us_spying/ [computerworld.com.au]
To hide the referrer (Score:5, Interesting)
To strip off the referrer. Otherwise the end site would see the URL of the DuckDuckGo search revealing the details of the search, page, etc.
Re: (Score:2)
Re: (Score:2)
I've found a pointing the link to a datauri encoded html page with a meta tag to redirect works pretty well.
Its not about 100% privacy (Score:5, Insightful)
Re: (Score:3)
That's all good. I've tried https://startpage.com/ [startpage.com] but I'm not smart enough to know how effective it is at keeping my anonymous.
It seems to keep Google from upskirting my private info, and maybe that's enough.
Re: (Score:2)
it queries google for you
Re: (Score:2)
Also, finally, they might work out that this is foolishness: http://qz.com/92207/simple-math-shows-why-the-nsas-facebook-spying-is-a-fools-errand/ [qz.com] and
Re: (Score:2)
Yes, but again, it's all about the the less trodden paths. Fewer people use it, so it has less attention directed towards it from those who would see to subvert the user. I agree that it being proprietary has some concern, but it's all about weighing the pros and cons.
DuckDuckNo (Score:2, Insightful)
While the NSA brand of privacy invasion will probably never be avoidable, unless you renounce all forms of data transfer, it's pleasing to have SOME control over your internet presence in so far as keeping advertising trackers off your back. I don't think it says anywhere at DuckDuckGo that it avoids NSA tracking. and anyone using the service who believes it does so is unaware of how the NSA programs work.
Credibility? (Score:5, Interesting)
I may be breaking the fundamental rules of Slashdot, but ...
- the "article" is a single post on a recently created blog
- they misspell "lose"
- a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)
This is the very definition of "nothing to see here, move along".
Re: (Score:2)
You forgot
- the "article" is very poorly written, using a whole lot of words to say very little.
Re: (Score:3)
Since when does Slashdot have credibility? At all?
Re: (Score:3)
Perhaps because you spelt Brett Wooldridge wrong.
Re: (Score:2)
The future hasn't happened yet, so by your definition, nothing is useful yet.
Oh come on now... (Score:2, Insightful)
This is one, gigantic, "no shit, sherlock".
What about Startpage? (Score:2, Interesting)
Is it any safer? They bill themselves as "the world's most private search engine" but that doesn't really mean anything.
Re: (Score:3)
I don't know, but when I want to search using queries that may bring in potentially "illegal" search results, I just use Ixquick. To be honest though, I don't know what the difference (other than name) is between the two. Both Ixquick and Startpage are run by the same people, they both look practically identical, and you probably couldn't go wrong with either one. I just happened to find out about Ixquick first and saw a few more mentions of it on different websites so I just use it. Ixquick does not lo
The world's most virtuous whore (Score:2)
They bill themselves as "the world's most private search engine" but that doesn't really mean anything.
It means about as much as "the world's most virtuous whore".
VPN (Score:5, Informative)
Run your traffic encrypted through another country with actual privacy protections.
It's not perfect, but it is another complication and barrier to direct monitoring.
Ultimately, the NSA reveal is a good thing - it's going to drive demand for virtual private cloud services where you hold the keys, and perhaps, a move back to corporate controlled cloud services on-site. Great news if you're in IT.
Re: (Score:2)
Was that not part of the NSA spying reveal.
The huge amount of cooperation between countries with laws that protect spying on their own citizens but not other nation's citizens?
You route your data through a country with strict privacy laws, and that country intercepts it because their laws do not protect you, a non-citizen.
They then allow access of that data to the NSA, and no one broke any laws.
Re: (Score:3)
Re: (Score:2)
Lol, keep spreading the FUD. There are things that can be done. They are not God you know.
Re: (Score:2)
They can track you for been too smart and using a VPN and making easy ongoing payment interesting.
Re: (Score:2)
No country or government will protect your rights. But there is something you can do about it, like having your own small server back home and use alternative services like Yandex, etc. Yandex is a Russian company that have to comply with government requests in the same way American companies have to do back home. So as far as search engines go, you truly have to go with whatever lesser evil you are willing to tolerate. In that regard, DuckDuckGo is a good option.
But if you get a cheap VPS server, even if i
Ixquick? (Score:5, Informative)
At least Ixquick is not a U.S. company: https://ixquick.com/eng/prism-program-revealed.html [ixquick.com]
While their searches aren't as fast as Google's, I have found them to be pretty good quality-wise.
No PFS at DDG (Score:3)
This is because DDG does not use crypto algorithms which support perfect forward secrecy.
So it would require significantly more work for NSA to deal with a site using PFS. Source: netcraft [netcraft.com]
Re: (Score:2)
I'm trying to understand PFS having not heard of it before -- If I understand correctly, it is a system wherein a unique public/private key pair is generated on demand using a long term key. Or to put it more simply -- a system that gives every session a new and unique set of encryption keys, thus making compromise of the private key hugely less of a bonanza. If that's the case, that sounds like a great system.
Reading your linked article demonstrates that some sites already do this ... how do I make sure
Re: (Score:2)
Use this [ssllabs.com] it details towards the bottom the ordering of ciphers.
Re: (Score:2)
actually, I found it in a forum post and have verified, they do now use ECDHE, clearly as a result of the netcraft article.
Decrypting SSL (Score:4, Interesting)
DuckDuckGo Response (Score:5, Informative)
Re:DuckDuckGo Response (Score:5, Interesting)
Thanks, that was a nice official response to a crackpot article that should never have made it to slashdot.
My read of that article was that nothing is really safe (which is true, but you have to be reasonable about these things) and that larger companies at least have accountability. It kindly forgets that this accountability isn't to users, it's to shareholders. DuckDuckGo protects against these larger companies, and DDG might just fly low enough under the radar to avoid the attention of the NSA.
Keep up the good work, Gabe. If you're in the SF area, I'd love to buy you a beer.
Re: (Score:2)
Wonderful response!
I'd also like to throw-in the fact that DDG is a big proponent of SSL as well. Their website redirects you to their SSL site, and all their search results will send you to the HTTPS version of a site, if it exists (eg. Wikipedia). Things which other search providers do not do.
So, in the context of the NSA tapping all internet communications (which we know for a fact they have been doing since 9/11/2001: https://www.eff.org/nsa/hepting [eff.org]), DDG also provides much more privacy and security t
Re: (Score:2)
Calm the fuck down already. You don't go bashing a small-time company unless you have an ulterior motive to ensure they disappear. Which it disturbingly sounds like you're trying to do.
Even if he said something untruthful, that's very different to being a willful lie and your rant is out of proportion.
Re: (Score:3, Informative)
I'm afraid I went over the top here. You may mean well for your customers, and may in fact resist unconstitutional data requests. But there is a compelling amount of legislation that is aimed _precisely_ at controlling corporate data gathering, ranging from the tax code to the SEC's regulations about business finance to the HIPAA regulations about medical information, the TeleCommunications Privacy Act and its poorly writt4en regulations bout consumer protection, and the export encryption regulations of the
Speculative and inaccurate opinion piece (Score:2, Informative)
I feel compelled to let anyone here who has not RTFA to not bother. It is a poorly written blog entry that's nothing but hyperbole and speculation. It's also badly researched and contains a lot of inaccuracies. One of the commenters is the CEO of DDG and he corrects some of the misinformation.
I've been using DDG for 2 years and it is great. Not always as good as Google but a good alternative for most searches. Make sure you set it to your region (settings).
Larger picture... (Score:4, Insightful)
So, the majority of the population now realizes that their activity is in some way monitored, and they wish to evade that monitoring. They need to consider this: they are amateurs playing for nickel stakes in this game. The NSA doesn't care about them, and the people aren't used to playing this game either, for their part. This game exists, at the moment, primarily between the most sophisticated intelligence apparatus in human history and a very small population that is doing everything they can possibly do to hide. We think that using airgapping a network and using USB drives simply to move data across the room is a powerful security measure...these guys used USB drives to move data between countries, and even that wasn't good enough to protect them. The average citizen merely worries about some amorphous knowledge of their habits...the real target population faces death, or perhaps even worse internment in a black site somewhere for years first. And that population has been working on hiding for quite some time now; this is not a new game just because the rest of us know it's being played now.
So...with that context, why would anyone think that simply using a different search engine fucking matters?
the NSA doesn't care about them?? (Score:3)
> .these guys used USB drives to move data between countries
Look, if anyone with any sense can bypass the snooping, they must know that. That only leaves *us* that they are snooping on.
Re: (Score:2, Insightful)
why would anyone think that simply using a different search engine fucking matters?
It may not. But anything that makes more work for the secret police is a good thing.
(If you object to the NSA being called "secret police", remember that they turn over any evidence of crimes that they find to other police agencies. They don't have "active" agents, they don't torture like the Gestapo, the US has other organizations to do that, they're more like a department of the Stasi.)
Re: (Score:2)
Yeah, carry on and pay no attention to the man behind the curtain.
A Dubious Article (Score:2)
Apparently all you need to get front page on slashdot is an article with one link to a blog, that has only one post, created by a random user. Hell the 3rd paragraph of the article beings with 'TL;DR' a phrase I associate with image boards such as 4chan than I do actual journalism and news. While the article is somewhat interesting it's nothing more than an op-ed piece or a letter-to-the-editor at best or some anti-DDG fud created by some PR firm at worst.
Tor and Hidden Service (Score:2)
So there at least they provide some additional layer of protection for those who are needed.
Wait one second (Score:2)
Use it via Tor hodden service (Score:2)
Sure, the NSA still gets what you search for and the results, but unless they have control over the Tor network (which is doubtful), they cannot associate that info with you.
My next network protocol... (Score:2)
The headers in my next protocol will use identifiers, like any ther protocol. except my identifiers will be: JIHAD, NUKE, SARIN, INFIDEL, ...
It's about time to apply techniques similar to Culture jamming [wikipedia.org] to these spying tactics. It probably won't stop them, but we can at least try to piss them off.
Tor onion router end point (Score:3, Interesting)
Name me another major web search engine with an official Tor onion endpoint. DDG is the only one I know.
https://3g2upl4pq6kufc4m.onion/ [3g2upl4pq6kufc4m.onion]
https://3g2upl4pq6kufc4m.tor2web.org/ [tor2web.org]
My Major Concern with DuckDuckGo (Score:2, Insightful)
I have been using DuckDuckGo for some time now but stopped lately because I notice something fishy. When you hover over a link the bar at the bottom of the screen displays the link address to make you believe clicking on that link will go to that address, but if you look closely at it when you click it flashes "Sending Request..." then "Waiting for https://duckduckgo.com/" and finally "Waiting for https://what-you-clicked.com/". So they are redirecting all the search results so they know who clicked what. G
Re: (Score:2)
Re:My Major Concern with DuckDuckGo (Score:5, Informative)
It's so their system will strip out referrals, thus increasing your privacy: the site you end up on won't know what search terms you used to get there.
Startpage (Score:2)
SSL protects the search queries? (Score:2)
Probably going to get modded down for asking such a simple(stupid?) question.. I've never been able to find this answer though.
From the article:
However, DuckDuckGo is using SSL encryption. Without DuckDuckGo's private SSL certificate, your search queries (but not your location) are invisible.
Can someone clarify this for me? I want to make sure I understand this. If I search for "Star Trek" in Google then I get redirected to
https://www.google.com/search?q=star%20trek&ie=utf-8&oe=utf-8&aq=t [google.com]
Re: (Score:2)
Re: (Score:2)
"for example if one of their servers were seized — all previous searches would be revealed where logged traffic is available." is the real worry long term.
When I'm being nefarious (Score:2)
When I'm being nefarious and Googling things, I use a dedicated local machine which knows nothing about me, and which has all of its Internet traffic routed through a country (over a VPN) that I do not expect trouble from.
My VPN provider does not keep logs. I fire up a browser (on that VPN-connected machine) with Private Browsing turned on, and do my nefarious things with plain-old Google.
I disconnect and reconnect to the provider periodically, which flushes the state and the connection relationship I have
There is a real difference (Score:2)
If DDG doesn't store data persistently or share cookies with other sites, NSA would have to dedicate a data center bigger than DDGs own one to store all searches and subsequent clicks if they are needed later. They would then only have IP addresses which would be hard to resolve to identities of foreign users they are most interested in. They would never be able to scale this to EVERY popular site in existence.
Re: (Score:3)
Be gentle. It's his first Blog Post.
Re: (Score:3)
I found it funny that, right there at the top, there's a big proud "Ads by Google" link. There's nothing wrong with that per se, but it does color one's perception when the blogger is basically saying "sure Google is cooperating with the NSA, but they're a lot bigger than DuckDuckGo" (for whatever reason we should care about that).
I switched to DDG a few weeks ago, but it had more to do with my changing perception of companies like Facebook and Google than it did with any idea the move would somehow deter t
Re: (Score:2)
I have been using DDG for quite a bit, but its lack of image search is a little bit inconvenient. I'm testing Yandex to see if I can use it for everyday stuff.
Re: (Score:3, Interesting)
It's about as good as a google search and it gives the wikipedia article for any topic at the top. My opinion is better than your opinion.
Re:DuckDuckGo sucks (Score:5, Insightful)
It's about as good as a google search [b]and it gives the wikipedia article for any topic at the top[/b]. My opinion is better than your opinion.
Don't know about you, but when I want to look up something on Wikipedia, I look for it on Wikipedia. Having Wikipedia info displayed automatically for a search isn't really a "feature" as far as I'm concerned.
Re: (Score:3)
I like to think that would be true, but honestly about 50% of the things I click on in a Google search are Wikipedia articles, even when I didn't initially search Wikipedia directly.
Re: (Score:2)
I just add "wiki" to the end of my search and wikipedia will be in the top 3
Re: (Score:2)
haha same here. Although on Safari I have the keywords extension installed so I can type w and then whatever I want, and the search goes directly to wikipedia.
Re: (Score:2)
That's a feature Firefox has had built-in since version 2.something.
Re: (Score:2)
Try bookmarking this:
http://en.wikipedia.org/wiki/Special:Search/%25s [wikipedia.org] ...and then make "wiki" the bookmark's keyword.
Now start typing your search in the address bar and make "wiki" the first word.
Re:DuckDuckGo sucks (Score:5, Insightful)
if you search for something, you may want to have web-results and wikipedia. When DDG displays you an excerpt from Wikipedia (like a Definition of your term), it may be enough, so you do not need to open wikipedia, but read it just before reading the rest of the search results.
Re: (Score:2)
If clicking a bookmark or using a Firefox search assist is navigating, then yes. You make it sound like he's typing in the URL.
Re: (Score:2)
Actually, I have a Quick Search set up on Firefox for it.
Re: (Score:2)
If be "navigating" you mean typing "wiki (search term)" in my address bar, causing the Quick Search I have set up in Firefox to automatically run it through Wikipedia and take me straight to the results, then yes.
In Russia, Yandex searches YOU (Score:5, Informative)
Re: (Score:2)
Yeah, it's a search aggregator, and not a search engine.
I used it before, but stopped, because it uses Bing, which is maed forr pepple whoo cann nott speel. When I make exact and correctly spelled search queries, I get a lot of rubbish back because Bing returns results for "similar" queries.
Example query: iwlyfmbp deflate
Now run this through Google and DDG and see where you get the best results.
Re:In Russia, Yandex searches YOU (Score:5, Informative)
Re: (Score:3)
Yes! I believe in free and fair competition so the obvious step is to let the Russians snoop on me as much as the Americans do.
Re:In Russia, Yandex searches YOU (Score:4, Interesting)
Not living in either country, both the US and Russia are foreign competitors with a shady track record on business ethics and human rights and politics, so it really doesn't make a difference to me. Both nations have wasted a decade bombing Afghanistan, you're both prosecuting dissidents. I have serious trouble telling you guys apart.
Re: (Score:3)
what do you expect? it's bing. Since when did people believe a microsoft-based search is privacy friendly? "anonymous" is just a hilarious misnomer.
Re: (Score:2)
aka "go fish"
DuckDuckGo Rocks, Google must be hurting (Score:2, Insightful)
DuckDuckGo should move out of USA (and UK) at this point. They could have a huge business, but not in NSA occupied territory.
1) The reason I switched was because it doesn't use tracking cookies.
2) It doesn't own Android, Gmail, Youtube Adsense Doublclick Maps or a myriad of other sides that can be used to 'un-proxy' me and 'un-NAT' me and get around my cookie blocks.
3) It is https so the NSA *need* a warrant, unencrypted search automatically goes into the NSA database.
4) Gmail failed a link test, a disguise
Re:DuckDuckGo sucks (Score:5, Informative)
I don't know but if you do not want to use Google, DuckDuckGo is by far one of the best alternatives. Try doing temperature, currency conversions with DuckDuckGo, the integrated results from WolframAlpha are pretty good. The only thing is missing is image search imho.
Re: (Score:3, Informative)
The only thing is missing is image search imho.
Use ixquick.
Actually, use ixquick (or its sister site startpage) for all the other stuff, too.
Re: (Score:3)
I've never tried DuckDuckGo, but did today because of this article. I chose a type of search that I do often and tried it on Duck, Google, and Bing. (Searching for a specific string on a large forum website.) Google, my usual favourite, came in last. Middle was Bing, and for some reason, DuckDuckGo was the best, and found things for me I had never before known about. I was mildly impressed. I know this is totally anecdotal, but it made me happy. That, along with the slightly better privacy, made me s
Re: (Score:2)
When was the last time you searched for something and found it using a commercial search engine? I've never, ever found anything on search engines. I have my bookmark library (entirely non-cloud) and ask HUMAN BEINGS for recommendations when I need a new kind of software. Then I might use the search engine to find their site the first time, but that's hardly blindly searching for stuff. I always just find 100% spam, irrelevant crap and generally low-grade junk when I search for *anything*. The entire concept of searching for things in general (not counting service-specific engines) is foreign to me. It just doesn't work in my world. I don't understand what people search for that they get proper results. Or maybe they just have extremely low demands.
Maybe I just have extremely low demands. But when I want to know what a particular error message means, or if some unknown program that seems to be running is malware, or if the latest "OMG This Unlikely Thing Happened" post is true, or how to knock the password off of a protected pdf file, or how to spell "indefatigable", or where the hell "Bozy's Bar" (where the meetup is) is, or where I can get a cheap replacement bumper for my car, I use a commercial search engine. Maybe your problem is searching for
Re: (Score:3)
When was the last time you searched for something and found it using a commercial search engine?
Three minutes ago.
Re: (Score:3)
I have to give you points for a rather interesting troll post, but I'm gonna have to deduct a few for the lack of inherent humor as well as the lack of a specific target.
Re: (Score:2)
I don't know what you searched but DDG works fine for me. I have to use Bing for image search and that's it. I'm testing Yandex to see if I can replace both with that.
Re: (Score:2)
The weekend sure does bring out the crazy. You know these days your paranoid delusions are bland and boring compared to the shit going on in consensus reality. Seek help.
The NSA Canâ(TM)t Lose (Score:3, Insightful)
I read TFA, and the paragraph title "The NSA Canâ(TM)t Lose" really irked me.
But, as an American who knows that my own government has turned into a cabal, I know that it is the reality.
I used to be proud as an American. Used to be.
Now, I hang my head low, feeling so powerless, so ashamed.
Re: (Score:3)