Restore DuckDuckGo #84
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#84
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi guys,
Recently I began searching for a search engine (pun intended). Certainly I came across DuckDuckGo and searched for information since a lot of people regard it as a search engine which respects privacy.
I came across a few problems (relevant source, sadly in german: http://www.zeit.de/digital/datenschutz/2014-01/duckduckgo-startpage-ixquick-nsa) :
I suggest removing DuckDuckGo from the list and maybe taking startpage.com as a candidate. I have not found information regarding startpage which shows that it is not trust worthy regarding privacy
EDIT: I would be delighted to create a PR if others agree
I'm not sure how trustworthy they are either. Specifically because they seem more secretive about certain topics instead of open like one would expect (see here under "DuckDuckGo and Yahoo").
+1 value point re: american company subject to american law (national security letters, etc)
+1. IF DDG remains, StartPage should at least be added.
"DDG Privacy Policy", "We may add an affiliate code to some eCommerce sites (e.g. Amazon & eBay) that results in small commissions being paid back to DuckDuckGo when you make purchases at those sites"
@justafatalerr0r Could you elaborate further on that quote? What's the problem with adding their affiliate tag to links in search results?
@bakku Good point. I have no problem with removing DDG. Should it be replaced with StartPage?
Could someone take a look at this discussion? As far as I can see these requests should be blocked by most adblockers but it still made me think if SP is as trustworthy as they'd like you to believe. On the other hand they could probably hide this data collection from the user if it really were problematic. (?)
@IDKwhattoputhere Interesting. I will have a deeper look at this and come back here when I have some results
I've replaced DDG with StartPage for now.
Hi, I'm a bit confused by this assessment. We (at DuckDuckGo) believe we are as private as you can get in terms of search. Responding to some things in the thread:
While we are headquartered in the US, our situation is different than other companies because we do not collect any personal information at all. US laws in this area are generally are about requesting existing business records of some kind (metadata or underlying content), as opposed to creating significant new source code to surveil. That's why the Apple case was such a big deal. As a result, services where you actually store personal information are in very different situations than those where no personal information is stored (like us).
Additionally, if you're worried about US organizations like the NSA in particular, you should note that inside the US they have legal restrictions (they cannot spy on US citizens) that prevent them from taking certain actions, but outside the US they have no such legal restrictions, and are therefore free to operate clandestine operations without any similar threat of legal recourse. In other words, any server or network outside the US that is an interesting target is much easier for the NSA to compromise.
With regards to Amazon, all traffic sent to DuckDuckGo is encrypted (A+ at SSL Labs including PFS - https://www.ssllabs.com/ssltest/analyze.html?d=duckduckgo.com), and that encryption protects your query in transit to our servers, which are solely controlled by us. Additionally, all sites need to be hosted somewhere, and as I mentioned above, those hosted outside the US operate under less legal protection from US surveillance organizations. DuckDuckGo also has servers around the world, and if you are in Europe you will be connected to our European servers.
With regards to Yahoo, I've reached out to the author of that article and he is presently revising it. We have never sent any personal information to Yahoo or any other partner, and we of course do not collect any ourselves. Those pages the mentioned article references were removed because our implementation actually did change on the backend, and they are no longer relevant. Similar to needed to being hosted anywhere, any private search engine needs to work with similar partners to get a full set of results.
I'm happy to answer any questions.
Why do you say that when it doesn't appear to be true?
More:
https://www.eff.org/nsa-spying
http://www.pbs.org/wgbh/frontline/article/with-or-without-the-patriot-act-heres-how-the-nsa-can-still-spy-on-americans/
http://www.huffingtonpost.com/2014/12/26/nsa-spying-report_n_6382572.html
http://www.dailydot.com/via/edward-snowden-nsa-americans-fourth-amendment/
http://www.vice.com/read/the-fbi-wants-to-wiretap-every-us-citizen-online
http://www.newyorker.com/news/amy-davidson/how-many-americans-does-the-n-s-a-spy-on-a-lot-of-them
Also you're talking about citizens when DDG is a company. Am I misunderstanding something here?
The central point around the NSA is that if you're worried about the NSA, you are arguably less protected outside the US where they have absolutely no restrictions on their actions. Additionally, US surveillance laws are generally about turning over existing business records with personal information, and DuckDuckGo has none.
The bigger point though is that the US is just one country, and as privacytools.io notes, many countries share intelligence and have their own surveillance operations. Really all relevant countries' legal situations need to be analyzed to get a full threat assessment on a particular attack vector. That's why to me it is an important distinction if there are services that can operate without collecting any personal information at all, which is the case in search, and what we do at DuckDuckGo.
Hello @yegg,
it's really great that the CEO of DuckDuckGo joins this discussion, thanks!
First of all we could now argue about which citizens of a country are more under surveillance and which are less but I think we can presume that we are all under surveillance, no matter where but this is not really the topic here.
I read your privacy policy and your philosophy is really great. You furthermore stated that it does not generally happen that the national agencies request to implement new code for surveillance. But history has shown that it can happen and it also can happen in a way in which you are not allowed to tell your users.
Now we could argue like you did that we should analyse every countries legal situation since maybe this might happen somewhere else as well and you are right. That's why any person who has found out legal information about a country can post an issue to privacytools.io to further improve the site. It's just that we already have experienced this with the US.
For me I can't see a problem where Amazon could collect data from DuckDuckGo and their servers since you don't collect it but also I can't imagine the power they have actually. The problem is generally that Amazon can not be trusted at all since they sold themselves to the CIA. I know that AWS is handy but why does a company which has such a great privacy philosophy then use the services of a company whose opinion on this is totally the opposite.
Some stuff on DDG: https://8ch.net/tech/ddg.html
Thank you for your recommendation of our privacy policy. We try to set an example because we believe in services putting forth straightforward privacy explanations that spell out clearly the benefits you get as a consumer for giving up particular pieces of personal information. In our case of course, we collect no personal information, but in the general case we believe services should collect the minimum possible.
Our vision is to raise the standard of trust online and we do that through our donations to privacy organizations (https://duck.co/blog/post/303/2016-foss-donations-announcement) and our mission to be the world's most trusted search engine. If we believe we could do something to better protect our users' privacy, we would do it, and are more than willing to entertain suggestions.
The argument put forth here seems to be that anything touching the US or Amazon is less trustworthy than anything that doesn't touch them. I know this is not the case, and that it is a much more nuanced reality. And in our particular case, it is actually more clear cut since we do not collect any personal information.
I thought that you perceived these nuances since you already recommend many organizations with these properties, but if you're going on this essentially ontological bogeyman argument, there isn't really any more I can say here.
The bottom line is if you'd like to recommend a private search engine, I whole heartedly believe you can do no better than DuckDuckGo. I believe everybody should adopt a private search engine, and so I do not engage in debates maligning other private search engines, but I know that if you analyze completely the full threat assessments in reality, you will find DuckDuckGo to be just as private, if not more, than any other provider.
After having read all this, I am a little more sceptical on using DDG, however i'm still going to use it. It's not perfect, but comparing features, security, and how dodgy it looks, it's my favourite!
Yes it's based in the US, but being outside the US, provided I connect to EU servers, i really dont care. Yes, amazon are known to share data with government bodies, but depending on how their network is setup on AWS (information that obviously isnt public), it's possible it's not all bad.
My largest complaint is with the afffiliate links from search pages. subtly injecting this into URLs worries me, especially seeing as there's no way to disable this. I'd much prefer being served an ad based on my search query (provided it was done securely / anonymously), than having affiliate links links. I'd happily take this as a choice in the settings between ads and affiliate links.
@RealOrangeOne thank you. With regards to affiliate links, there are no privacy issues with them whatsoever. The only programs we use are Amazon and eBay because those are the only two programs I know of that can used completely anonymously. From https://duck.co/help/company/advertising-and-affiliates:
With regards to EU servers, as said above, we do operate EU servers and so you should be interacting with them directly by default if you are in the EU. For people in the US, using EU servers doesn't really get you anything since your traffic has to physically flow through the US, and we do not store personal information in any case.
Long time DDG user. I am also using Qwant (mostly for french stuff):
source
What do you think of it?
I am for keeping DDG but with a caveat and a link to their privacy policy. We cant trust promises, but they are better than nothing.
I vote keep DDG
I think DDG should be put back. It's fine to put StartPage and Qwant alongside too. All of the three are private enough and I think we should ultimately let the user decide.
SIte says about another services/products:
Should apply on all services/products.
Also, consider that StartPage is really a meta search engine ultimately. That means that it ultimately has a dependency on Google's search results. It doesn't affect our privacy directly but it does mean that the problem remains fundamentally unresolved. DuckDuckGo on the other hand is relatively independent and therefore represents a somewhat cleaner alternative.
The important questions for me now are:
-I'm more interested in how DDG is implemented (being a software developer) over politics. Privacy policies, countries' laws & stances on digital privacy, etc cannot protect you. A well designed and implemented software will be able to protect you, not fear mongering of not using Five Eyes country services, or depending on certain countries. What if a country changes it's stance? Are we chopping off more services?
I personally use DDG and would like DDG to be on the list but it's up to the project and what it's intentions are.
You are totally right @xdtnguyenx.
After having a thought my opinion is that the most recommended way as far as possible would be what you called "extreme privacy" but there should be a place for alternatives as well which might not align perfectly with all privacy recommendations since otherwise this projects recommendations will just be useful for people who are willing to take huge sacrifices.
So in this case DuckDuckGo would be a totally valid choice for a search engine and I would take my initial statement back and at least have it shown on the "Worth mentioning" section.
I will copy-paste a comment here from the reddit discussion that is taking place about this.
Link to original comment - https://www.reddit.com/r/privacy/comments/5j5pwy/interesting_discussion_with_the_ceo_of_duckduckgo/dbe67ld/
I think it makes sense to include DDG considering that they don't have any data about the user in the first place + all of the above.
@yegg
That really depends though, doesn't it? Not only on if they don't find a way around restrictions or get green-lit by a secret court but also on how closely they're watching for example. It's not like the NSA spies on the US just a little and on every other country a lot (see, found this interesting too).
Additionally it's easiest for them to send out an NSL which they can only do to US companies. If they had a better way they wouldn't be using NSLs in the first place.
@IDKwhattoputhere there is a good discussion on the reddit thread referenced above on how NSLs do not apply to DuckDuckGo in any straightforward manner because we do not collect any personal information.
I don't think that comment is entirely correct. Specifically the backdoor part:
@IDKwhattoputhere the two videos referenced in that thread (https://www.youtube.com/watch?v=YN_qVqgRlx4&feature=youtu.be&t=20m16s and https://www.youtube.com/watch?v=PX2RjJAfTYg) do a good job of explaining much of the nuance around the US surveillance legal situation, including backdoors. The part in the second video that specifically addresses this point is at https://www.youtube.com/watch?v=PX2RjJAfTYg&t=27m12s, though the whole video is worth watching.
Lavabit was in a fundamentally different situation than DuckDuckGo because they collect personal information, as any centralized email service has to. That's why Silent Circle preemptively shut down their email service but kept their other end-to-end encrypted services up.
In a similar statement to Techcrunch:
That's the difference between services that collect personal information, metadata or otherwise, vs services (like DuckDuckGo) that collect nothing.
I haven't read the entire discussion, but:
So, what's the issue? Being afraid that DDG may be forced to change their policy (log all search queries and IP addresses) is like being afraid of using SSL/TLS, because CA's can track your Google searches.
@Shifterovich: @bakku raised the point that hosting on Amazon is the issue. @RealOrangeOne said that it's possible it's not all bad depending on how they set up their servers which I would like them to expand on. The way I see it is that Amazon has access to the servers and will compromise them if asked to.
DDG will compromise themselves if asked to. NSLs. We can't just consider the cons, there is a ton of pros too. What are the pros of recommending some other search engine?
The Lavabit case showed that the US government can request a service provider to hand over its SSL/TLS keys. These are, after all, something that you would expect a service provider to have access to. Normally, an adversary that can gain access to a web service’s SSL/TLS keys would be able to impersonate the server going forward. If the web service’s user hadn’t used Tor when accessing the web service, and the adversary had logged the ciphertexts of previous user-server connections from a position between the user and the server, then the adversary would also be able to use the SSL/TLS keys to decrypt those ciphertexts and reconstruct what the server would have contained if it had logged all previous user-server interactions (even if the web service’s server hadn’t actually done so).
@yegg: I’m interested in knowing what the consequences would be for non-Tor DDG users if someone gained access to your SSL/TLS keys, assuming that the adversary had already collected the ciphertexts of most if not all previous user-DDG interactions. Do you think that the adversary would be able to reconstruct most if not all of what your servers would have contained if your servers had logged all previous user-DDG interactions? What would DDG do if the US government requested that you hand over your SSL/TLS keys? If you did hand over your SSL/TLS keys, would you revoke your old keys, generate a new set of keys, and then continue operating as before?
Some related questions: Does DDG have separate SSL/TLS keys for each jurisdiction in which you operate? If so, can you guarantee that the keys in one jurisdiction are outside of the reach of another jurisdiction in which you operate? As an example, Microsoft has made Deutsche Telekom the "custodian" for their web-based services in Germany.
Edit: Added idea of revoking old keys to a question.
VPN providers being based in the US is an issue, search engine - not really.
So the attack you're worried about is an adversary somehow MITM/collecting and storing all encrypted requests to a service and then later somehow getting their hands on that service's SSL/TLS keys and using them to unencrypt/decrypt and thereby reconstruct a user's activity?
I mean, sure that's technically plausible, but by this logic DDG being based within the US is advantageous because no government adversary should be collecting such requests within US borders. Right?
But, I think you've already answered the question you're alluding to - if this is the use case you're most concerned about with a service like DDG then Tor or something similar is the answer. Otherwise, I think DDG is miles better than Google/Bing/similar and is a reasonable recommendation.
^ also, how is that related to US?
I suggest adding DDG with a note that it's based in the US.
@Shifterovich
Could you elaborate on that? I think your reasoning behind this could add to the conversation.
@michael-pesce
Wouldn't this only apply to US citizens since the traffic otherwise would be foreign traffic and not be covered by those protections?
@IDKwhattoputhere VPN can capture your entire internet activity, a search engine can capture your searches.
@IDKwhattoputhere
Yes, sorry, was speaking from the perspective of a US citizen.
@xdtnguyenx sums up the situation correctly that we need to decide whether we are going for the extreme or not. In the extreme case, all the countries with five eyes should be on our radar. And the extended 9 countries as well. @bakku agreed to that in this context, DDG seems fair enough to get a position in the recommendations. Considering DDG's no data retention, I fail to see the problem really. If we are really going for the extreme end, then why is the discussion even happening on Github? Why is the project hosted on Github in the first place?
In the extreme case, we shouldn't be using TLS with CA's.
In the extreme case, all countries should be on our radar.
I think it should be noted that this discussion should focus on the whether or not a search engine within the general context is the most private and not enter the field of extremes.
SSL keys can be handed over, that's indeed a weakness but it is one shared among all search engines. I think it a better criteria should be what practices do the search engines apply and to what degree are they transparent about it? As mentioned above, DDG does a very good job at that.
I also believe that the NSA argument is weak and should not play as big of a part in the threat model as some of you want it to be. If they are out to get you, they will get you. Nobody is safe from their claws.
DDG has servers all over the world, which weakens the traffic-logged-when-entering-US argument.
DDG also provides an onion link, which any privacy conscious individual should use. They even https over Tor iirc (a subtle yet nice addition).
I tend to agree that it should be in the top 3, put DDG back on their spot.
I say we should test all these search engines - how they search. A good search engine based in the US is better than a shitty search engine based in a better location. To decide what should be first, second, third, and in the Worth Mentioning section.
In the past months I have used searx.me, Startpage and DuckDuckGo each for a certain amount of time. I would like to present a small (personal) comparison between those three.
Would like to hear about other experiences 🙂
YaCy is a free search engine that allows a local and decentralized Web Search.
The questions about NSA are useless, you can't avoid the monitoring done at international backbone level. What should really be of concern to a privacy aware user?
Tracking, Fingerprinting and behind-the-scene techinques as Cookie Syncing.
This or use
!go example.You're the boss. As my defense, I based my previous statement on searching for a solution in forums, github & co, not on my own 😬
I take back what I said.
DDG should pay you to include them!
I am for removing DDG for two reasons:
Keep DDG only if they pay you a monthly fee.
@GreenLunar I think that respecting user privacy today is a business model because users are willing to pay for that, so I think it can be taken in consideration in a company that wants to make profit. Furthermore, many products other than open source projects would fall in the same category as DDG then as well like VPN providers or mail providers
There is no such thing for end-users, in any case, as they almost always press OK without reading and investigating anything; and maybe tomorrow the model of DDG would not be privacy-driven.
I still think that DDG should pay a fee in order to be listed in privacytools.io.
@GreenLunar I think they already kind of did.
@GreenLunar
Terms of Service; Didn't Read
https://tosdr.org/
@Hillside502 Alas most of them don't know tosdr either. 😢
It is funny to read this:
Because Cloudflare was subject of a major security flaw. Here is what the Google engineer who discovered the flaw had to say about it:
News article: https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/
Official report: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Reference for the comment of the Google engineer: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
List of websites potentially affected: https://github.com/pirate/sites-using-cloudflare
@woctezuma DuckDuckGo did not have any of the Cloudflare services enabled that would cause dataleaks for that specific issue. The cloudflare is mostly protection against DDoS attacks.
DDG was used to find the leaks and was not affected.
Qwant is miles ahead in result quality IMO. Is there still a need to recommend a US based service when as good or better services are out there? Trying to have some privacy and recommending US based services feels like shooting yourself in the foot before you are even started. Sure, they might be safe for now, but ultimately the chance of them not being so or not staying so are higher than with any non-US based service.
@Dustie for you maybe. I use it and like it but I still prefer ddg. I talked about it before
Reviewing this thread, it seems the consensus is to restore DDG. Can I get a vote 👍 / 👎 of the current consensus? Would anyone with reservations please reiterate them? I want to make sure DDG has a chance to respond to any outstanding objections.
upvote to keep or upvote to remove?
👍🏼
John Wunderlich,
Sent frum a mobile device,
Pleez 4give speling erurz
"...a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy..." A. Michael Froomkin
From: Joseph Anthony Pasquale Holsten notifications@github.com
Sent: Sunday, July 30, 2017 4:03:22 PM
To: privacytoolsIO/privacytools.io
Cc: Subscribed
Subject: Re: [privacytoolsIO/privacytools.io] Remove DuckDuckGo (#84)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHubhttps://github.com/privacytoolsIO/privacytools.io/issues/84#issuecomment-318925794, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADTJ9lP-aQGUpSd1LJ4oShX9tHKvmSHTks5sTOGJgaJpZM4KnkPO.
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.
👍🏼
@Shifterovich "I suggest adding DDG with a note that it's based in the US."
I could live with that.
Heya, sorry for necroing, but judging by the votes on the post by @josephholsten, I think that giving DDG a spot in the top search engines (and not just keep it as a "Worth Mentioning") or at least moving it higher in "Worth Mentioning" list is a better move than just keeping it at the end of "Worth Mentioning".
@Shifterovich
I'd move Qwant to Worth Mentioning, StartPage to 2nd and DDG to 3rd.
Sounds good to me.
Alright, I'm preparing a PR. Should I link to this discussion when mentioning that it's based in US?
I'd link to #ukusa.
Request to reopen
This ticket was closed but there are several unaddressed issues. Please reopen this to remove (or make changes to) DuckDuckGo's inclusion.
Trust has no merit
@aloisdg
In this particular case those promises are useless. When it comes to trustworthiness of DuckDuckGo it has been pointed out in this thread that @yegg's previous project entailed privacy abuse. So the community needs to be convinced that he has reformed and redeemed himself. However, DDG is currently partnered with privacy abusers. What is the merit in trustworthiness here?
deception as well:
DDG has actually scrubbed their Yahoo relationship from public view, showing further that they cannot be trusted. Some may recall that DDG previously had “In partnership with Yahoo!” on their search page and quietly removed it. When pressed on the issue they used some ridiculous weasel wording in their attempt to create a false distance from Yahoo. DDG has also removed details about that yahoo relationship, breaking URLs like
https://duck.co/help/company/yahoo-partnership.This is not good for trust. DDG is untrustworthy.
Follow the money
Privacy advocates don't solely care about the privacy of their immediate search. They also need reassurance that they are not doing something that indirectly causes privacy abuse. When we follow the DDG money trail we see that it leads to privacy abuse. Ethical privacy activists boycott privacy abusers. When DDG is presented on a trusted website like privacytools.io it misleads privacy activists and this is harmful.
@uncertainquark
StartPage and DuckDuckGo are both proxy search engines and both get paid results from privacy abusers (Google and Yahoo respectively). If I had to choose I'd favor supporting Google before the Verizon, Yahoo, and AOL corporate conglomerate (whose privacy abuses are criminal) along with Amazon. Google is also more transparent about it's privacy abuses than Verizon et al. Luckily this is hypothetical and we need not choose between them in the face of Searx.
Direct privacy compromise
DDG search results are rich in CloudFlare sites. CloudFlare is one of the top privacy abusers on the web. What good is it to have an allegedly untracked search when the results of the search contain malicious referrals leading users unwittingly straight to CloudFlare, who logs the user's IP address and sees their traffic among other abuses like DoS against Tor users?
DDG vs. Qwant
@aloisdg
The CAPTCHA hell that Qwant puts Tor users through is noteworthy. However, Qwant is still better for privacy than DDG. My comparison:
.onionsite but results heavily polluted with CloudFlare linksQwant is more favorable than DDG in terms of overall privacy. OTOH, Qwant's CAPTCHA does more direct damage to privacy-embracing users as the inconvenience is sufficient to drive users off Tor or off Qwant.
Proposal
Remove DDG as a recommendation. If DDG is mentioned at all then it's only responsible to also document the shortcomings (https://github.com/privacytoolsIO/privacytools.io/issues/729) and let users decide in an informed manner. Presenting DDG as a blind recommendation without the anti-features does a disservice.
Don't forget, DDG is reported to use US dollars, and the US is well known for invading peoples privacy, to say nothing of engaging in warfare, so we can't support them! Of course, @libBletchley did made his proposal on a site operated by Microsoft, so let's entirely ignore whether he would cut off his nose to spite his face.