DuckDuckGo: Illusion of Privacy

An anonymous reader writes "With all of the news stories about users moving to DuckDuckGo because of NSA spying, this article discusses why the privacy provided by DuckDuckGo is more the privacy from third-party tracking (advertisers) but may do little, if anything, to prevent the NSA from tracking your searches."

FTFA

"The NSA Can't Loose" ... Really?

Re:FTFA

Really. If they want the information, they get it. Either you turn it over willingly, or they take it forcefully via legal means or just go above you to your host. There is nothing you can do about it.

Re:FTFA

[ATMAvatar]

Well, you do have to be somewhat of a tight-ass to be a NSA spook...

Re: FTFA

[lxs]

I heard it got loose and is living in a capsule hotel in a Moscow airport. Which further proves my theory that we're living in a cyberpunk novel.

Re:FTFA

[rainmouse]

For those that don't want to actually read the loose blog post (its just an opinion from some unknown guy and backed up with no actual facts by the way. It's not actually news at all).
In the comments is a reply apparently from DuckDuckGo :

"Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business. We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt. There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example."

Re:FTFA

[IamTheRealMike]

Well that's convincing - not!

Has this dude been living in a cave for the past month? We've just had a non-stop series of revelations about how governments (not just in the USA) routinely ignore their own laws or secretly redefine them into meaninglessness, in order to engage in dragnet surveillance. And his answer is "such a request would be unconstitutional". Yes, it would. It was unconstitutional for all the other search engines too. So what? That obviously doesn't matter.

DDG is just a scam in so many ways. The entire site is basically a proxy for Bing. If Bing were to cut them off they'd have no search engine anymore. If Bing were to say "you pass through data on people or we cut you off", they'd either have to give up on their privacy guarantees or shut down completely. It's a completely self defeating business model, if they get popular they won't be able to sustain the reasons for it anymore.

The fact that he thinks there's a difference between Amazon and Verizon with regards to NSA cooperation is especially amusing.

Re:FTFA

[MrEricSir]

This guy's response seems to show a lack of understanding of the entire NSA debacle:

"All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business."

If this were true, wouldn't Microsoft, Google, Apple, Verizon, etc. be in trouble with the FTC? What makes DuckDuckGo different?

"We have not received any request like this, and do not expect to."

Funny, that's exactly the same thing Google and Facebook said. What makes DuckDuckGo different? Why should I believe you?

"If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt."

Clearly that hasn't stopped the NSA in other cases. Again, what makes DuckDuckGo different?

"There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example."

Okay... and what is Amazon connected to? Saying there's technical inaccuracies but not debunking them doesn't make want to trust you.

Anyway, let's hope for everyone's sake that the comment wasn't really left by the CEO of DuckDuckGo.

Re:FTFA

[alci63]

Notice the site is from japan... the ability to avoid any typo in an english article does not tell that much about the credibility of the stuff !

Re:FTFA

[IamTheRealMike]

The whole fiasco is enabled by the fact that the NSA does have (secret) court orders from a (secret) court, and the regular courts won't hear cases because of state secrecy. I don't see any reason to believe DDG would have any more luck than Google or Yahoo did.

I didn't start using DuckDuckGo for privacy

I started using DuckDuckGo because, out of all the other search engines out there, it's the only one I've found whose entire mission statement centers around _not_ collecting information on every goddamn thing you do. Yes it's probably still being tapped at the fibre optic cable level so it doesn't really matter, that's not the point. The point is to vote with your dollar, or in this case your page view, far more influential these days than one thinks.

I don't use DuckDuckGo because it preserves my privacy. I use DuckDuckGo because they don't try to take it away from me.

Re:I didn't start using DuckDuckGo for privacy

[Impy+the+Impiuos+Imp]

Well, that's fine, but I keep pointing out I'm less concerned with whether Google knows I might want to buy Depends than that the NSA might be able to spy on political opponents to whoever holds their ear. "Make sure you fill out the warrant form, agent #4821 out of 17436." isn't much protection for a G. Gordon Liddy type.

Its not about 100% privacy

[SuperCharlie]

At least for me its not, its about not feeding the beast directly. I jumped to Linux, Opera, and DDG as a way to add a few more cycles and maybe a few more man hours to the mess rather than hand it over directly with Windows, IE or Chrome, and Google. If anyone thinks they can really be anonymous in this ecosystem they are sorely mistaken. I do believe however there are less trodden paths and a little more pains in the rear that can be had, and as a silent protest, I chose to use them.

Re:Its not about 100% privacy

[PopeRatzo]

as a silent protest, I chose to use them.

That's all good. I've tried https://startpage.com/ but I'm not smart enough to know how effective it is at keeping my anonymous.

It seems to keep Google from upskirting my private info, and maybe that's enough.

DuckDuckNo

While the NSA brand of privacy invasion will probably never be avoidable, unless you renounce all forms of data transfer, it's pleasing to have SOME control over your internet presence in so far as keeping advertising trackers off your back. I don't think it says anywhere at DuckDuckGo that it avoids NSA tracking. and anyone using the service who believes it does so is unaware of how the NSA programs work.

Credibility?

[karolgajewski]

I may be breaking the fundamental rules of Slashdot, but ...
- the "article" is a single post on a recently created blog
- they misspell "lose"
- a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)

This is the very definition of "nothing to see here, move along".

Re:Credibility?

[Nimey]

Since when does Slashdot have credibility? At all?

Re:Credibility?

[viperidaenz]

Perhaps because you spelt Brett Wooldridge wrong.

Oh come on now...

This is one, gigantic, "no shit, sherlock".

What about Startpage?

Is it any safer? They bill themselves as "the world's most private search engine" but that doesn't really mean anything.

Re:What about Startpage?

[UltraZelda64]

I don't know, but when I want to search using queries that may bring in potentially "illegal" search results, I just use Ixquick. To be honest though, I don't know what the difference (other than name) is between the two. Both Ixquick and Startpage are run by the same people, they both look practically identical, and you probably couldn't go wrong with either one. I just happened to find out about Ixquick first and saw a few more mentions of it on different websites so I just use it. Ixquick does not log any user IP addresses. According to Wikipedia article on Ixquick, Startpage is just an "easier-to-remember" alias of the same exact search engine. Ironically, I find Ixquick's fewer letters to be faster and easier to type.

VPN

[xtal]

Run your traffic encrypted through another country with actual privacy protections.

It's not perfect, but it is another complication and barrier to direct monitoring.

Ultimately, the NSA reveal is a good thing - it's going to drive demand for virtual private cloud services where you hold the keys, and perhaps, a move back to corporate controlled cloud services on-site. Great news if you're in IT.

Re:VPN

[houghi]

It's not perfect, but it is another complication and barrier to direct monitoring.

If it isn't perfect, it means it isn't useful.

Moving to better privacy laws or to another country means nothing. Other countries have just not yet been caught doing this. What this should mean is better encryption.

Unfortunately what we see is that nobody really cares. How many emails have you received that were digitally signed and send by a non-geek? Ask anybody if they would trust sending their private information on a postcard. Ask the CxO of the company if they would send company information via a postcard.
Would they accept any information that was not signed?
Hopefully people will say no, yet that is what people do with email.

Email is basically a postcard. Implementing digital signatures is what the IT should concentrate on. They are able to add the legal bullshit that is useless (From MY point of view, somebody send or gave me the email, so it was intended for me. Perhaps YOU did not intend it for me, but that is YOUR problem.) and instead use some CPU cycles and add digital signatures.

That would be a great first step. It does not break the readability of the message. In the beginning you will need to explain what this means and how people could verify this. There is nothing that would stop e.g. banks and credit card companies and others in using this.

Very soon people will suddenly notice that you can also encrypt it and send messages encrypted. When enough people use it, it will become a standard and gmail and outlook (both program and website) will start using the signatures.

However I hear nothing about this, so I assume that nobody is seriously interested in privacy. Apathy is the great danger here. Not the NSA (or your local version). We (the people) allow them to get away with it. We are the problem and only we can be the solution.

Re:VPN

[Seumas]

Unfortunately, if the VPN provider is located in the US, they are compelled to comply with the government in providing access to your logs and data and anything else. They can also simply put in a shunt and siphon off a copy of your data (even without the provider even being aware it is happening, just as is likely to have happened with Google/Facebook/etc). If they are outside of the US, you'll have a hard time getting the service, since credit card companies are banning payments made to VPN providers.

Anyway, there are things you can do to make everything just a tiny bit more of a nuisance -- that is about it. There is nothing you can really do to safeguard yourself if you somehow become a specific target, of course.

You need to be able to trust the sites and services and systems you connect to. Good luck, there. You need to be able to trust that the government isn't tapping all data transfer with a shunt at your ISP, or as near the service as possible, or at the backbone. You need to have an encryption tunnel for your data. You need to make sure that the provider of that service is reliable and not logging data. Or isn't being tapped. And can't be compelled to hand over whatever data they *do* have. Then, you have to trust that all of the advertisers tracking you on all these sites and services aren't able to correlate your identity. That's almost impossible, since they need very few data points (mostly seemingly anonymous ones) to pinpoint who you actually are.

  You need to trust that all of this is the same about any online/cloud services you may happen to use. After all of that -- if it is all somehow accounted for -- you still have to be able to trust your operating system and your hardware. That there isn't something built into your OS or some software you are running or into the hardware itself that grants access to the government.

And once you are sure of all of that *too* . . . you just have to be able to trust that someone hasn't infected your system directly with something and that nobody has planted something on your system. Say, while you were out of the house for awhile, one day.

In other words, no matter what we do, we are doing the modern equivalent of setting a Windows desktop/screensaver password. It will protect you against the opportunistic coworker or nosey family member -- but provide no protection against someone who truly wants to get information on you and monitor you.

Ixquick?

[rycamor]

At least Ixquick is not a U.S. company: https://ixquick.com/eng/prism-program-revealed.html

While their searches aren't as fast as Google's, I have found them to be pretty good quality-wise.

No PFS at DDG

[Lawrence_Bird]

DuckDuckGo, a search engine, has been prominent in the media since the start of the Snowden revelations due to its privacy policy which promotes anonymity. If the private key used by DuckDuckGo were ever compromised — for example if one of their servers were seized — all previous searches would be revealed where logged traffic is available. DuckDuckGo may be a particularly interesting target for the NSA due to its audience and the small volume of traffic (as compared to Google).

This is because DDG does not use crypto algorithms which support perfect forward secrecy.

When PFS is used, the compromise of an SSL site's private key does not necessarily reveal the secrets of past private communication; connections to SSL sites which use PFS have a per-session key which is not revealed if the long-term private key is compromised. The security of PFS depends on both parties discarding the shared secret after the transaction is complete (or after a reasonable period to allow for session resumption).

So it would require significantly more work for NSA to deal with a site using PFS. Source: netcraft

Re:blog colors

[Jeremy+Erwin]

Be gentle. It's his first Blog Post.

Re:DuckDuckGo sucks

It's about as good as a google search and it gives the wikipedia article for any topic at the top. My opinion is better than your opinion.

Re:DuckDuckGo sucks

[SeaFox]

It's about as good as a google search [b]and it gives the wikipedia article for any topic at the top[/b]. My opinion is better than your opinion.

Don't know about you, but when I want to look up something on Wikipedia, I look for it on Wikipedia. Having Wikipedia info displayed automatically for a search isn't really a "feature" as far as I'm concerned.

Decrypting SSL

[BringYourOwnBacon]

I think the article brings up and interesting point about who's SSL certs the NSA has access to. It's reasonable to assume that they are capturing most if not all Internet traffic in the states (at the very least all packets entering or leaving the county.) What is unknown is how much of that encrypted traffic can be easily decrypted. If I were a three letter gov't agency intent on decrypting massive amounts of traffic, I would go straight for the keys. It's particularly of note that DuckDuckGo does NOT use session keys in its SSL implementation, meaning if their private key got compromised, all previous searches would also be compromised. I don't think it's too much of a stretch to assume that the NSA has found a way to that key, either through secret court orders, or good old fashioned nefarious means. Especially for a site like DDG, who makes promises of "privacy". Makes you wonder who else's keys they have access to.

In Russia, Yandex searches YOU

[tepples]

DDG is a reskinned Yandex with shortcuts to search particular sites. If you don't commonly use site: searches on Google, and you can't stand Yandex, you won't like DDG.

Re:In Russia, Yandex searches YOU

[Caetel]

DDG shows no results. Bing's only result is this post. Google has this post and and OpenQNX forum post... so, Google, I guess?

Re:In Russia, Yandex searches YOU

[lxs]

Yes! I believe in free and fair competition so the obvious step is to let the Russians snoop on me as much as the Americans do.

Re:In Russia, Yandex searches YOU

[lxs]

Not living in either country, both the US and Russia are foreign competitors with a shady track record on business ethics and human rights and politics, so it really doesn't make a difference to me. Both nations have wasted a decade bombing Afghanistan, you're both prosecuting dissidents. I have serious trouble telling you guys apart.

DuckDuckGo Response

[yegg]

Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business. We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt. There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example. A couple other responses to things I've noticed in the comments already: --Our servers are already located around the world. European users are generally not hitting US-based servers, for example. --We do have PFS on our cert: https://www.ssllabs.com/ssltest/analyze.html?d=duckduckgo.com&s=50.18.192.251

Re:DuckDuckGo Response

[Khopesh]

Thanks, that was a nice official response to a crackpot article that should never have made it to slashdot.

My read of that article was that nothing is really safe (which is true, but you have to be reasonable about these things) and that larger companies at least have accountability. It kindly forgets that this accountability isn't to users, it's to shareholders. DuckDuckGo protects against these larger companies, and DDG might just fly low enough under the radar to avoid the attention of the NSA.

Keep up the good work, Gabe. If you're in the SF area, I'd love to buy you a beer.

Re:DuckDuckGo Response

[Antique+Geekmeister]

I'm afraid I went over the top here. You may mean well for your customers, and may in fact resist unconstitutional data requests. But there is a compelling amount of legislation that is aimed _precisely_ at controlling corporate data gathering, ranging from the tax code to the SEC's regulations about business finance to the HIPAA regulations about medical information, the TeleCommunications Privacy Act and its poorly writt4en regulations bout consumer protection, and the export encryption regulations of the department of commerce. Those are not merely about what you must turn over from current records, they are about what you must keep or what you must not publish.

CALEA is aimed at voice communications, and is not particularly relevant to this except that it was aimed squarely at controlling and preventing changes to business practices. Exemption or not for search engines, it prevented the use of new telecomm technologies that would prohibit easy wiretapping.

Re:blog colors

[93+Escort+Wagon]

I found it funny that, right there at the top, there's a big proud "Ads by Google" link. There's nothing wrong with that per se, but it does color one's perception when the blogger is basically saying "sure Google is cooperating with the NSA, but they're a lot bigger than DuckDuckGo" (for whatever reason we should care about that).

I switched to DDG a few weeks ago, but it had more to do with my changing perception of companies like Facebook and Google than it did with any idea the move would somehow deter the NSA from snooping on me.

Re:DuckDuckGo sucks

[poetmatt]

what do you expect? it's bing. Since when did people believe a microsoft-based search is privacy friendly? "anonymous" is just a hilarious misnomer.

Speculative and inaccurate opinion piece

[PureRain]

I feel compelled to let anyone here who has not RTFA to not bother. It is a poorly written blog entry that's nothing but hyperbole and speculation. It's also badly researched and contains a lot of inaccuracies. One of the commenters is the CEO of DDG and he corrects some of the misinformation.

I've been using DDG for 2 years and it is great. Not always as good as Google but a good alternative for most searches. Make sure you set it to your region (settings).

Larger picture...

[Shoten]

So, the majority of the population now realizes that their activity is in some way monitored, and they wish to evade that monitoring. They need to consider this: they are amateurs playing for nickel stakes in this game. The NSA doesn't care about them, and the people aren't used to playing this game either, for their part. This game exists, at the moment, primarily between the most sophisticated intelligence apparatus in human history and a very small population that is doing everything they can possibly do to hide. We think that using airgapping a network and using USB drives simply to move data across the room is a powerful security measure...these guys used USB drives to move data between countries, and even that wasn't good enough to protect them. The average citizen merely worries about some amorphous knowledge of their habits...the real target population faces death, or perhaps even worse internment in a black site somewhere for years first. And that population has been working on hiding for quite some time now; this is not a new game just because the rest of us know it's being played now.

So...with that context, why would anyone think that simply using a different search engine fucking matters?

Re:Larger picture...

why would anyone think that simply using a different search engine fucking matters?

It may not. But anything that makes more work for the secret police is a good thing.

(If you object to the NSA being called "secret police", remember that they turn over any evidence of crimes that they find to other police agencies. They don't have "active" agents, they don't torture like the Gestapo, the US has other organizations to do that, they're more like a department of the Stasi.)

A Dubious Article

[Kplx138]

Apparently all you need to get front page on slashdot is an article with one link to a blog, that has only one post, created by a random user. Hell the 3rd paragraph of the article beings with 'TL;DR' a phrase I associate with image boards such as 4chan than I do actual journalism and news. While the article is somewhat interesting it's nothing more than an op-ed piece or a letter-to-the-editor at best or some anti-DDG fud created by some PR firm at worst.

Re:DuckDuckGo sucks

[Trepidity]

I like to think that would be true, but honestly about 50% of the things I click on in a Google search are Wikipedia articles, even when I didn't initially search Wikipedia directly.

the NSA doesn't care about them??

[transporter_ii]

> .these guys used USB drives to move data between countries

Look, if anyone with any sense can bypass the snooping, they must know that. That only leaves *us* that they are snooping on.

Tor and Hidden Service

[UnsignedInt32]

They have an exit enclave for DDG search engine traffic and also hidden service at 3g2upl4pq6kufc4m.onion...
So there at least they provide some additional layer of protection for those who are needed.

DuckDuckGo Rocks, Google must be hurting

DuckDuckGo should move out of USA (and UK) at this point. They could have a huge business, but not in NSA occupied territory.

1) The reason I switched was because it doesn't use tracking cookies.
2) It doesn't own Android, Gmail, Youtube Adsense Doublclick Maps or a myriad of other sides that can be used to 'un-proxy' me and 'un-NAT' me and get around my cookie blocks.
3) It is https so the NSA *need* a warrant, unencrypted search automatically goes into the NSA database.
4) Gmail failed a link test, a disguised link (not a straight http://...) sent from my old gmail account to a pop3 was visited by a server in Arizona.
5) They don't have a feed to NSA currently, its not listed on PRISM

But best of all

6) It's actually quite good at finding stuff and better than Google at finding job CVs from NSA spooks to see what else they might want to confess to. Google is keeps substituting more popular works.

I assume from this piece that Google are suffering. Well, point 2) is entirely their fault, they linked all that data together so I have little sympathy for them.

I don't like being tracked for daring to question the legality of an illegal mass surveillance program, and Google's can always move their business out of mainland USA and to Hong Kong where they are on the other side of the great spywall of NSAland.

To hide the referrer

To strip off the referrer. Otherwise the end site would see the URL of the DuckDuckGo search revealing the details of the search, page, etc.

Re:DuckDuckGo sucks

[Clsid]

I don't know but if you do not want to use Google, DuckDuckGo is by far one of the best alternatives. Try doing temperature, currency conversions with DuckDuckGo, the integrated results from WolframAlpha are pretty good. The only thing is missing is image search imho.

Tor onion router end point

[Norny]

Name me another major web search engine with an official Tor onion endpoint. DDG is the only one I know.

https://3g2upl4pq6kufc4m.onion/
https://3g2upl4pq6kufc4m.tor2web.org/

Re:DuckDuckGo sucks

The only thing is missing is image search imho.

Use ixquick.

Actually, use ixquick (or its sister site startpage) for all the other stuff, too.

My Major Concern with DuckDuckGo

I have been using DuckDuckGo for some time now but stopped lately because I notice something fishy. When you hover over a link the bar at the bottom of the screen displays the link address to make you believe clicking on that link will go to that address, but if you look closely at it when you click it flashes "Sending Request..." then "Waiting for https://duckduckgo.com/" and finally "Waiting for https://what-you-clicked.com/". So they are redirecting all the search results so they know who clicked what. Great. There is no reason a company dedicated to privacy would be using any type of redirect, they should take you directly to the page you clicked simple as that.

Re:My Major Concern with DuckDuckGo

[heypete]

It's so their system will strip out referrals, thus increasing your privacy: the site you end up on won't know what search terms you used to get there.

Re:100% serious question

[lxs]

When was the last time you searched for something and found it using a commercial search engine?

Three minutes ago.

Re:DuckDuckGo sucks

[Stoutlimb]

I've never tried DuckDuckGo, but did today because of this article. I chose a type of search that I do often and tried it on Duck, Google, and Bing. (Searching for a specific string on a large forum website.) Google, my usual favourite, came in last. Middle was Bing, and for some reason, DuckDuckGo was the best, and found things for me I had never before known about. I was mildly impressed. I know this is totally anecdotal, but it made me happy. That, along with the slightly better privacy, made me switch today. Also, I think it's important to punish Google for rolling over for the US government. They were somewhat good at standing up to the Chinese government for privacy issues, yet did nothing when the USA decided to do far worse. In my opinion, they've lost every bit of good will they've gained with their "don't be evil" slogan and policies. They're no better morally than Goldman Sachs, Monsanto, or Microsoft, the slow slide into corruption is now complete. On to the next underdog...

Re:SSL protects the search queries?

[mat8913]

Yes, your ISP will be able to tell that you are using Google from the IP address but all of the communication (that includes the web address) should be encrypted.

The NSA Canâ(TM)t Lose

[Taco+Cowboy]

I read TFA, and the paragraph title "The NSA Canâ(TM)t Lose" really irked me.

But, as an American who knows that my own government has turned into a cabal, I know that it is the reality.

I used to be proud as an American. Used to be.

Now, I hang my head low, feeling so powerless, so ashamed.

Re:The NSA Canâ(TM)t Lose

[craigminah]

Ironic you chose those wordsthe First Lady was, "for the first time in her life", "proud to be an American." I think we the people need to speak our minds and let The Man know we don't want to give up our rights as Americans. Doesn't this mean the terrorists are winning if their actions cause our government to infringe on our rights?

Re:DuckDuckGo sucks

[allo]

if you search for something, you may want to have web-results and wikipedia. When DDG displays you an excerpt from Wikipedia (like a Definition of your term), it may be enough, so you do not need to open wikipedia, but read it just before reading the rest of the search results.

Re:100% serious question

[gmhowell]

I have to give you points for a rather interesting troll post, but I'm gonna have to deduct a few for the lack of inherent humor as well as the lack of a specific target.