Slashdot Mirror

← Back to Stories (view on slashdot.org)

DuckDuckGo: Illusion of Privacy

Posted by timothy on from the if-it-barks-like-a-duck dept.

An anonymous reader writes "With all of the news stories about users moving to DuckDuckGo because of NSA spying, this article discusses why the privacy provided by DuckDuckGo is more the privacy from third-party tracking (advertisers) but may do little, if anything, to prevent the NSA from tracking your searches."

8 of 264 comments (clear)

  1. Credibility? by karolgajewski · · Score: 5, Interesting

    I may be breaking the fundamental rules of Slashdot, but ...
    - the "article" is a single post on a recently created blog
    - they misspell "lose"
    - a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)

    This is the very definition of "nothing to see here, move along".

    --
    - .k. -
  2. What about Startpage? by Anonymous Coward · · Score: 2, Interesting

    Is it any safer? They bill themselves as "the world's most private search engine" but that doesn't really mean anything.

  3. Re:DuckDuckGo sucks by Anonymous Coward · · Score: 3, Interesting

    It's about as good as a google search and it gives the wikipedia article for any topic at the top. My opinion is better than your opinion.

  4. Decrypting SSL by BringYourOwnBacon · · Score: 4, Interesting

    I think the article brings up and interesting point about who's SSL certs the NSA has access to. It's reasonable to assume that they are capturing most if not all Internet traffic in the states (at the very least all packets entering or leaving the county.) What is unknown is how much of that encrypted traffic can be easily decrypted. If I were a three letter gov't agency intent on decrypting massive amounts of traffic, I would go straight for the keys. It's particularly of note that DuckDuckGo does NOT use session keys in its SSL implementation, meaning if their private key got compromised, all previous searches would also be compromised. I don't think it's too much of a stretch to assume that the NSA has found a way to that key, either through secret court orders, or good old fashioned nefarious means. Especially for a site like DDG, who makes promises of "privacy". Makes you wonder who else's keys they have access to.

  5. Re:DuckDuckGo Response by Khopesh · · Score: 4, Interesting

    Thanks, that was a nice official response to a crackpot article that should never have made it to slashdot.

    My read of that article was that nothing is really safe (which is true, but you have to be reasonable about these things) and that larger companies at least have accountability. It kindly forgets that this accountability isn't to users, it's to shareholders. DuckDuckGo protects against these larger companies, and DDG might just fly low enough under the radar to avoid the attention of the NSA.

    Keep up the good work, Gabe. If you're in the SF area, I'd love to buy you a beer.

    --
    Use my userscript to add story images to Slashdot. There's no going back.
  6. To hide the referrer by Anonymous Coward · · Score: 5, Interesting

    To strip off the referrer. Otherwise the end site would see the URL of the DuckDuckGo search revealing the details of the search, page, etc.

  7. Tor onion router end point by Norny · · Score: 3, Interesting

    Name me another major web search engine with an official Tor onion endpoint. DDG is the only one I know.

    https://3g2upl4pq6kufc4m.onion/
    https://3g2upl4pq6kufc4m.tor2web.org/

  8. Re:In Russia, Yandex searches YOU by lxs · · Score: 3, Interesting

    Not living in either country, both the US and Russia are foreign competitors with a shady track record on business ethics and human rights and politics, so it really doesn't make a difference to me. Both nations have wasted a decade bombing Afghanistan, you're both prosecuting dissidents. I have serious trouble telling you guys apart.