Slashdot Mirror

← Back to Stories (view on slashdot.org)

DuckDuckGo: Illusion of Privacy

Posted by timothy on from the if-it-barks-like-a-duck dept.

An anonymous reader writes "With all of the news stories about users moving to DuckDuckGo because of NSA spying, this article discusses why the privacy provided by DuckDuckGo is more the privacy from third-party tracking (advertisers) but may do little, if anything, to prevent the NSA from tracking your searches."

26 of 264 comments (clear)

  1. FTFA by Anonymous Coward · · Score: 5, Funny

    "The NSA Can't Loose" ... Really?

    1. Re:FTFA by Anonymous Coward · · Score: 3, Insightful

      Really. If they want the information, they get it. Either you turn it over willingly, or they take it forcefully via legal means or just go above you to your host. There is nothing you can do about it.

    2. Re: FTFA by lxs · · Score: 4, Funny

      I heard it got loose and is living in a capsule hotel in a Moscow airport. Which further proves my theory that we're living in a cyberpunk novel.

    3. Re:FTFA by rainmouse · · Score: 5, Informative
      For those that don't want to actually read the loose blog post (its just an opinion from some unknown guy and backed up with no actual facts by the way. It's not actually news at all).
      In the comments is a reply apparently from DuckDuckGo :

      "Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business. We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt. There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example."

    4. Re:FTFA by IamTheRealMike · · Score: 3

      Well that's convincing - not!

      Has this dude been living in a cave for the past month? We've just had a non-stop series of revelations about how governments (not just in the USA) routinely ignore their own laws or secretly redefine them into meaninglessness, in order to engage in dragnet surveillance. And his answer is "such a request would be unconstitutional". Yes, it would. It was unconstitutional for all the other search engines too. So what? That obviously doesn't matter.

      DDG is just a scam in so many ways. The entire site is basically a proxy for Bing. If Bing were to cut them off they'd have no search engine anymore. If Bing were to say "you pass through data on people or we cut you off", they'd either have to give up on their privacy guarantees or shut down completely. It's a completely self defeating business model, if they get popular they won't be able to sustain the reasons for it anymore.

      The fact that he thinks there's a difference between Amazon and Verizon with regards to NSA cooperation is especially amusing.

  2. I didn't start using DuckDuckGo for privacy by Anonymous Coward · · Score: 5, Insightful

    I started using DuckDuckGo because, out of all the other search engines out there, it's the only one I've found whose entire mission statement centers around _not_ collecting information on every goddamn thing you do. Yes it's probably still being tapped at the fibre optic cable level so it doesn't really matter, that's not the point. The point is to vote with your dollar, or in this case your page view, far more influential these days than one thinks.

    I don't use DuckDuckGo because it preserves my privacy. I use DuckDuckGo because they don't try to take it away from me.

  3. Its not about 100% privacy by SuperCharlie · · Score: 5, Insightful

    At least for me its not, its about not feeding the beast directly. I jumped to Linux, Opera, and DDG as a way to add a few more cycles and maybe a few more man hours to the mess rather than hand it over directly with Windows, IE or Chrome, and Google. If anyone thinks they can really be anonymous in this ecosystem they are sorely mistaken. I do believe however there are less trodden paths and a little more pains in the rear that can be had, and as a silent protest, I chose to use them.

  4. Credibility? by karolgajewski · · Score: 5, Interesting

    I may be breaking the fundamental rules of Slashdot, but ...
    - the "article" is a single post on a recently created blog
    - they misspell "lose"
    - a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)

    This is the very definition of "nothing to see here, move along".

    --
    - .k. -
  5. VPN by xtal · · Score: 4, Informative

    Run your traffic encrypted through another country with actual privacy protections.

    It's not perfect, but it is another complication and barrier to direct monitoring.

    Ultimately, the NSA reveal is a good thing - it's going to drive demand for virtual private cloud services where you hold the keys, and perhaps, a move back to corporate controlled cloud services on-site. Great news if you're in IT.

    --
    ..don't panic
  6. Ixquick? by rycamor · · Score: 4, Informative

    At least Ixquick is not a U.S. company: https://ixquick.com/eng/prism-program-revealed.html

    While their searches aren't as fast as Google's, I have found them to be pretty good quality-wise.

  7. Re:DuckDuckGo sucks by Anonymous Coward · · Score: 3, Interesting

    It's about as good as a google search and it gives the wikipedia article for any topic at the top. My opinion is better than your opinion.

  8. Re:DuckDuckGo sucks by SeaFox · · Score: 4, Insightful

    It's about as good as a google search [b]and it gives the wikipedia article for any topic at the top[/b]. My opinion is better than your opinion.

    Don't know about you, but when I want to look up something on Wikipedia, I look for it on Wikipedia. Having Wikipedia info displayed automatically for a search isn't really a "feature" as far as I'm concerned.

  9. Decrypting SSL by BringYourOwnBacon · · Score: 4, Interesting

    I think the article brings up and interesting point about who's SSL certs the NSA has access to. It's reasonable to assume that they are capturing most if not all Internet traffic in the states (at the very least all packets entering or leaving the county.) What is unknown is how much of that encrypted traffic can be easily decrypted. If I were a three letter gov't agency intent on decrypting massive amounts of traffic, I would go straight for the keys. It's particularly of note that DuckDuckGo does NOT use session keys in its SSL implementation, meaning if their private key got compromised, all previous searches would also be compromised. I don't think it's too much of a stretch to assume that the NSA has found a way to that key, either through secret court orders, or good old fashioned nefarious means. Especially for a site like DDG, who makes promises of "privacy". Makes you wonder who else's keys they have access to.

  10. In Russia, Yandex searches YOU by tepples · · Score: 4, Informative

    DDG is a reskinned Yandex with shortcuts to search particular sites. If you don't commonly use site: searches on Google, and you can't stand Yandex, you won't like DDG.

    1. Re:In Russia, Yandex searches YOU by Caetel · · Score: 5, Informative

      DDG shows no results. Bing's only result is this post. Google has this post and and OpenQNX forum post... so, Google, I guess?

    2. Re:In Russia, Yandex searches YOU by lxs · · Score: 3, Interesting

      Not living in either country, both the US and Russia are foreign competitors with a shady track record on business ethics and human rights and politics, so it really doesn't make a difference to me. Both nations have wasted a decade bombing Afghanistan, you're both prosecuting dissidents. I have serious trouble telling you guys apart.

  11. DuckDuckGo Response by yegg · · Score: 5, Informative

    Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business. We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt. There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example. A couple other responses to things I've noticed in the comments already: --Our servers are already located around the world. European users are generally not hitting US-based servers, for example. --We do have PFS on our cert: https://www.ssllabs.com/ssltest/analyze.html?d=duckduckgo.com&s=50.18.192.251

    1. Re:DuckDuckGo Response by Khopesh · · Score: 4, Interesting

      Thanks, that was a nice official response to a crackpot article that should never have made it to slashdot.

      My read of that article was that nothing is really safe (which is true, but you have to be reasonable about these things) and that larger companies at least have accountability. It kindly forgets that this accountability isn't to users, it's to shareholders. DuckDuckGo protects against these larger companies, and DDG might just fly low enough under the radar to avoid the attention of the NSA.

      Keep up the good work, Gabe. If you're in the SF area, I'd love to buy you a beer.

      --
      Use my userscript to add story images to Slashdot. There's no going back.
  12. Larger picture... by Shoten · · Score: 3, Insightful

    So, the majority of the population now realizes that their activity is in some way monitored, and they wish to evade that monitoring. They need to consider this: they are amateurs playing for nickel stakes in this game. The NSA doesn't care about them, and the people aren't used to playing this game either, for their part. This game exists, at the moment, primarily between the most sophisticated intelligence apparatus in human history and a very small population that is doing everything they can possibly do to hide. We think that using airgapping a network and using USB drives simply to move data across the room is a powerful security measure...these guys used USB drives to move data between countries, and even that wasn't good enough to protect them. The average citizen merely worries about some amorphous knowledge of their habits...the real target population faces death, or perhaps even worse internment in a black site somewhere for years first. And that population has been working on hiding for quite some time now; this is not a new game just because the rest of us know it's being played now.

    So...with that context, why would anyone think that simply using a different search engine fucking matters?

    --

    For your security, this post has been encrypted with ROT-13, twice.
  13. To hide the referrer by Anonymous Coward · · Score: 5, Interesting

    To strip off the referrer. Otherwise the end site would see the URL of the DuckDuckGo search revealing the details of the search, page, etc.

  14. Re:DuckDuckGo sucks by Clsid · · Score: 4, Informative

    I don't know but if you do not want to use Google, DuckDuckGo is by far one of the best alternatives. Try doing temperature, currency conversions with DuckDuckGo, the integrated results from WolframAlpha are pretty good. The only thing is missing is image search imho.

  15. Tor onion router end point by Norny · · Score: 3, Interesting

    Name me another major web search engine with an official Tor onion endpoint. DDG is the only one I know.

    https://3g2upl4pq6kufc4m.onion/
    https://3g2upl4pq6kufc4m.tor2web.org/

  16. Re:DuckDuckGo sucks by Anonymous Coward · · Score: 3, Informative

    The only thing is missing is image search imho.

    Use ixquick.

    Actually, use ixquick (or its sister site startpage) for all the other stuff, too.

  17. Re:My Major Concern with DuckDuckGo by heypete · · Score: 4, Informative

    It's so their system will strip out referrals, thus increasing your privacy: the site you end up on won't know what search terms you used to get there.

  18. The NSA Canâ(TM)t Lose by Taco+Cowboy · · Score: 3, Insightful

    I read TFA, and the paragraph title "The NSA Canâ(TM)t Lose" really irked me.

    But, as an American who knows that my own government has turned into a cabal, I know that it is the reality.

    I used to be proud as an American. Used to be.

    Now, I hang my head low, feeling so powerless, so ashamed.

    --
    Muchas Gracias, Señor Edward Snowden !
  19. Re:DuckDuckGo sucks by allo · · Score: 4, Insightful

    if you search for something, you may want to have web-results and wikipedia. When DDG displays you an excerpt from Wikipedia (like a Definition of your term), it may be enough, so you do not need to open wikipedia, but read it just before reading the rest of the search results.