Question: does anyone actually know what DDG does with user data? Like they market themselves as a "privacy respecting" search engine, but how much of this is truth?
I'd imagine there's good money in convincing people they have privacy because then they'll provide more interesting data.
Has the company ever been audited? Why should they be trusted to not compromise user privacy? Imo at least Google is honest: you know when you use their products as intended you have no privacy, and they don't try to hide this
Edit: since DDG isn't open source like searx, how do we know there is ANY truth to their marketing claims?
Edit: Just for accuracy, the browser extensions are open source. But as far as I know, the actual search engine isn't
Edit: They made over 100 million in 2020. They clearly can (and should) get an independent audit. It's shocking that they haven't had a single audit. Even startpage has
> Question: does anyone actually know what DDG does with user data? Like they market themselves as a "privacy respecting" search engine, but how much of this is truth?
It doesn't matter.
Why? Because when going through the exercise of identifying risks in the system one can't assume the actors are benevolent and won't ever use the access+data they have for evil.
That's not at all to say all actors are evil and will always do the most harm possible. Many risks are never exploited in practice. But that doesn't mean the risk doesn't exist. It still does! And it might be exploited in the future (with companies, all it takes is a reorg that puts someone less ethical in charge).
Thus, when doing your threat modeling exercise, for the purposes of identifying risk, assume the various actors could do as much damage as they possibly could with the access they have.
So concretely, when I evaluate risk on google vs. DDG: I won't take into consideration any "privacy respecting" marketing, that's not important. What matters is how much damage can each party do, which one is less risky?
Both get my search queries which is inevitable for a search engine. So there's that risk but it's a wash.
But google has its tendrils woven into far more points from which they can and will correlate data. Google analytics, AMP, gmail/gsuite, chrome (for people using that), also most people have an active login session with google most of the time, etc.
DDG has a much smaller footprint on the internet from which to correlate data.
Therefore, even assuming both parties are equally evil, DDG presents a smaller risk.
Question: does anyone actually know what Microsoft do with the data that they get from Duck? Other syndication partners of Bing I have spoken to told me they are expected to pass on first three octets of IP. So with other data, for example useragent, location this could likely be used for fingerprinting.
Another syndication partner of Microsoft is far more transparent in their privacy policy than Duck: "Bing: IP address (obfuscated), user agent string, search term, and some settings like your country and language setting. We never communicate IP addresses along with search queries. We only send IP addresses to Microsoft in obfuscated form, meaning we remove parts of the IP address when we sent it."
> > Question: does anyone actually know what DDG does with user data? Like they market themselves as a "privacy respecting" search engine, but how much of this is truth?
> It doesn't matter.
> Why? Because when going through the exercise of identifying risks in the system one can't assume the actors are benevolent and won't ever use the access+data they have for evil.
Storing any data in database is just asking someone to either steal it or abuse it. So only solution is to not store it, if it's not critical for operation. And if it's critical, store privacy data in encrypted form(and keep decryption keys away from database, so database breach won't jeopardize keys, like in different business unit in corporation). One such example is logs, store some of the data encrypted, and if you need it(with a really good reason) ask it to be decrypted. Also you can encrypt various forms of data with different keys, and make accessing one type easier while more privacy critical data will be harder to get access to.
Even ignoring the indirect data correlate risk; it is also poor risk management to use one company for your entire digital life. It means having to keep actively abreast of what you lose access to in the event of an account ban & do contingency planning because correlated failures in systems are much more painful than random ones.
Better to just have 1 Google service you use and find someone else for the others. Their search index is a little better than DDG's I think, but the difference is pretty small compared to the risks you outline and the risk of Google going rogue and deciding I'm a Russian or committed some other similar crime & need to be booted from their services.
I read about a Github issue [1] where someone reports that all websites a user clicks on to DDG servers. Reading the employee's response was eye opening.
They literally do not care if it has a bad look, they just say "we don't collect your personal information."
What??? They are literally admitting to collecting domains in the feed of the Github issue but then just copy and paste their manifesto and expect us to think it's fine. I seriously do not understand this.
Seems understandable to me. The explanation isn’t just “copy pasting” their privacy policy, either. You are misrepresenting that thread and discussion.
They’re not a perfectly secure E2E encrypted zero-trust system. They do require some measure of trust to use. This has always been true. Don’t use them if you don’t trust that they won’t misuse your data.
The explanation seems superficially plausible, until you realize many (all?) other browser seem to work fine without a remote server to fetch favicons.
They're probably not collecting IP addresses or user cookies, but they will undoubtedly have a log of what their users search for, what results were turned, and possibly what clickthroughs happened from their search page. You can do all of that without retaining identifying information for the person who clicked through.
Worst case, if you go back and forth between google search and DDG, a comparative analysis might be able to identify you or people like you from those logs, but it would require some work.
I think most DDG fans would be thoroughly surprised DDG ever popped the hood or tried to verify their privacy claims, which is why I don't think DDG ever will.
Better to elude to a nebulous definition of privacy rather than give specifics. Even as a privately traded, for-profit company based in the U.S. with zero accountability for its claims, DDG doesn't even have that much IP to lose (as a Bing reskin) should it ever fold under a class action lawsuit.
Did you keep reading? This issue was subsequently fixed.
> Hi all, CTO of DuckDuckGo here.
[... mucho explanation...]
> So, we went ahead today and implemented the change for both Android (#878) and iOS (duckduckgo/iOS#667) that will move this logic onto the client, and we will no longer be using the favicon service in our apps. These changes are currently in the release phase and are rolling out live now.
>since DDG isn't open source like searx, how do we know there is ANY truth to their marketing claims?
You wouldn't know this even if it was open source. Open source does nothing here. Looking at the source code will not tell you their data retention policies or what is actually stored in their databases. It will also not guarantee the source that you see matches what is on their servers.
I used them nearly exclusively and recommended them to all my friends. Once they started censoring content for political reasons (Ukraine), that ended instantly.
I switched to Brave Search and generally am pleased. I did notice current events is somewhat lacking. I was searching one of the wildfires in NM yesterday and no dice. Otherwise for general information or more "static" type info I've been pleased.
Code / stackoverflow is also somewhat lacking on Brave Search, but I'm a big fan of the ability to do !g to redirect the request to Google (I don't care if they see that I'm trying to figure out why my build is failing c: )
I've tried Firefox a few times over the years and always switched back for the same reason - it didn't feel "snappy" and some things didn't render properly. Something has changed recently though. Both these issues appear to be completely gone. And now that I've got the Containers extension installed, it's superior to chromium in all material ways, except maybe the dev tools.
I guess I have thousands of bookmarks. I always search my bookmarks first, known sites second, DDG next and Google last. In both Firefox and chrome there is exclusive bookmark search within the addressbar. In FF it is * and then space.
Compose an index by randomly spidering IP addresses. Return search results by randomly selecting an exact string match from the index. Rats, probably not a billion dollar idea after all!
One could reproduce a similar effect by surrounding your query with double-quotes on Google.
> Return search results by randomly selecting an exact string match from the index.
It could potentially surface results that you could not have found otherwise. A random dump of links, each one's relevance you must determine on your own. Or another way to put it: you do the ranking. Not a very fun idea to most.
Not sure what is going on with those URL params, but I see results just fine at https://duckduckgo.com/?q=site%3Atass.com and in any case an easier way to do things is to not use a site search but just put the domain or name in the query like 'ukraine tass' and something from that site will usually come up on top.
People complain about search engines like Google being full of garbage and fake info. DDG takes actions against that and people cry that it’s not fair.
Are they supposed to just let governments astroturf their way to the top with propaganda?
I think some people are under the impression that it’s possible to build a useful search engine that is completely algorithmic and unbiased. It’s just not possible, though.
Any algorithm for which there is incentive to game, people will game. And legitimate sources often have no incentive to game the algorithms. There’s no one algorithm that will do everything perfectly. Eventually you’ll have some phishing scam, life-threatening suggestions, or illegal content popping up as a top result, and you’ll have to add manual exceptions.
I think it all comes down to the type of curation being done and if the choices are made out of objectivity of subjectivity.
Like prioritizing a legitimate website over a scam website isn't punishing the scam website because of a controversial opinion or the search engine operator didn't like the content, it's because the website is objectively a scam, it's easy to objectively identify it as such, and everyone agrees it's one.
When it comes to Ukraine vs. Russia and propaganda, it is entirely impossible to have objectivity. As angry as this will make some people, opinions on the war in Ukraine are subjective. Russian outlets shouldn't be ranked lower than Ukrainian ones solely because a lot of people are on the side of Ukraine.
I'm sure some Russian outlets are spreading objective falsehoods, and some Ukrainian outlets are spreading objective falsehoods. These individual outlets should be punished in search rankings, but to classify all Russian outlets as spreading misinformation and all Ukrainian outlets as objective truth completely demolishes the objectivity a lot of people want their search engines to have.
It's a difficult topic, I feel like I talked in circles writing this comment.
I think people are running with the idea that DDG is only punishing Russians. Russian media also loves pushing this idea.
I'm not convinced that DDG isn't downranking all junk. Russian disinfo spreaders and consumers just scream the hardest when their garbage is rightfully pushed aside. Same as the Q-worshipping crowd.
> it's easy to objectively identify it as such [scams], and everyone agrees it's one.
Is it actually easy to identify all scam content? Then why is it possible to find scams in search results?
> When it comes to Ukraine vs. Russia and propaganda, it is entirely impossible to have objectivity.
So should they treat every news outlet as equally ranked? Because I'm struggling to think of any news reporting that could be said to be free of bias or could be said to be completely objective.
> ...to classify all Russian outlets as spreading misinformation and all Ukrainian outlets as objective truth
Is that what they did? Because what I read was that they would "down-rank sites associated with Russian disinformation." So you have to dig a few pages deeper to get to 'Russian disinformation', and I don't see any anything indicating that 'Russian disinformation' means everything published by a Russian News outlet (re: the invasion).
I don't think something being a top search results implies that it is an objective truth either, especially with ongoing news reports.
>Is it actually easy to identify all scam content? Then why is it possible to find scams in search results?
I think to a knowledgable observer and moderator, sure. Algorithmically it's probably more difficult, which is why you still see it in some search results. These scams are less prone to subjectivity, which is why you rarely see Twitter uproars about a bitcoin pyramid scheme being booted off a search engine.
>So should they treat every news outlet as equally ranked?
Yes....
>Because I'm struggling to think of any news reporting that could be said to be free of bias or could be said to be completely objective.
....and that is the reason for why they should be equally ranked. You can see on the initial page load the full spectrum of reporting from MSNBC to Fox News. Of course one of them has to be ranked above the other in the UI (it's a list of items) but that should relate to objective things like what words from the search query appear, etc.
>Is that what they did?
I think what people take issue with is that we're trusting these sites to determine what disinformation is. How is DDG deciding what is and isn't misinformation? Without a clearly defined process for misinformation, this becomes subjective.
>> "Weinberg didn’t elaborate on the decision, or how the down-ranking will work."
But other sites are simply doing a blanket ban:
>> "Since then, the internet industry has responded by blocking access to Russian state-sponsored media outlets such as RT and Sputnik News for users in the EU. In addition, Twitter has placed warning labels on tweets linking to Russian state media. (Google News decided to de-rank RT and Sputnik News back in 2017 for allegedly circulating propaganda.)"
>I don't think something being a top search results implies that it is an objective truth either, especially with ongoing news reports.
Not right now, no, and that's the issue. Most people assume it to be though.
>>So should they treat every news outlet as equally ranked?
>Yes....
>>Because I'm struggling to think of any news reporting that could be said to be free of bias or could be said to be completely objective.
>....and that is the reason for why they should be equally ranked.
Just because you can find a fault with a source does not mean that all faults are equal. For instance, the AP should probably be ranked above the National Enquirer.
> I think what people take issue with is that we're trusting these sites to determine what disinformation is. How is DDG deciding what is and isn't misinformation? Without a clearly defined process for misinformation, this becomes subjective.
It is an inherently subjective process and always will be. There are organizations that have attempted to make the process objective (i.e. fact checking organizations) but they can all be criticized as subjective as well. Pure objectivity simply isn’t possible.
This kind of thinking is exactly why the Russian misinformation campaigns have been extremely successful (especially in Russia). Russia doesn't care about the individual outlets as long as they help spread lies, no matter how absurd or obvious. This doesn't have to be done as carefully or subtly as the western world seems to think.
Russia is discrediting truth as a concept entirely, the narrative being "we are obviously lying, but so is anyone else". That others might not be lying as much seems to be harder and harder to understand by the targets of these campaigns (based on firsthand witnessing). With objective facts / reporting discredited what's left is opinions. Opinions generated by a carefully managed army of influencers promoting whatever cause is deemed useful (from bloggers to friendly/financed foreign government officials). And this _is_ done with the secrecy and subtlety you'd expect.
It might not be possible to have complete objectivity regarding the invasion of Ukraine, but imho a blanket ban of any media with Russian ties would be a heck of a lot better than to let Russia continue to destroy objective reporting, one of the foundations of our modern society.
I think we should try to enforce transparency and make sure that false information can be disputed.
If Russia sends armies of trolls to clandestinely influence social media consumers as part of their information warfare operation then we should try to stop that.
But if Russia officially publishes its own position under the name of its own news agency or in their government media then we should not censor it and we should not keep it off western platforms where it can be clearly marked and disputed.
I want to know how Russia justifies its brutal war of aggression against a neighbour. I fully expect that their justification is full of lies and distortions. But it's truth in the sense that it is in fact how Russia justifies the war. I want to know that truth.
"Manufacturing consent" was written in 1988. Did Russia's campaign against the truth was already happening?
When I was growing up, certainly before even RT existed, it was common knowledge that journalist will cover the events according to their own (or bosses) interests. IME (not russian, but also not american), the idea of objective reporting is the anomaly.
Google. It provides better results than DDG in many cases. The one case where DDG provided better results than Google was unfiltered news and opinion. That is no longer the case, so I'll use the shitty search engine which works a bit better for things like technical searches.
The whole point of a search engine is curation, and excluding garbage or in the case of Russia/Ukraine, making willful misinformation less prominent is an act of curation.
A search engine is largely two things:
(1) crawling and discovering all available resources
(2) parsing a user’s request for a resource of some kind and providing the user with a means of accessing “best matches”
This process is inherently, unequivocally and fundamentally biased. It HAS TO be. There is no abject, absolute, canonical result for a search engine query. Ddg/google “censor” () all kinds of results constantly. Malware sites, sites that just mirror content from stackoverflow, sites that may cause public harm, etc. That’s the whole point.
Another note: they may be downranking those results because users are unsatisfied with their quality. DDGs job is to help the user find what they are looking for, and if the user finds a bunch of Russian propaganda that is blatantly not what they wanted when they search for something (perhaps because Russia is exploiting SEO or using other techniques to inflate their position), why wouldn’t they tweak their product?
> The whole point of a search engine is curation, and excluding garbage or in the case of Russia/Ukraine, making willful misinformation less prominent is an act of curation.
Unfortunately it seems that in 90%+ of cases "willful misinformation" is just anything that contradicts the political views of the democrat-leaning Google management.
The hunter biden laptop story was true and yet it was forcefully removed from many media outlets, more than any story I've ever seen. Glenn Greenwald was working the story and got pushed out of the organization he founded, The Intercept, because of it. There were very powerful forces aligned to blacklist the story to protect Biden's candidacy.
I've always been a bit suspicious that despite having seemingly no way of making revenue they manage to plaster every corner of the internet with their paid ads. Like, aren't they supposed to be a damn nonprofit or something? Makes absolutely no sense.
If Duck really collects user data, the moment this is found out, they’re dead, so for that reason alone, they probably don’t do it. The alternative is that they’re betting everything on nobody ever finding out which sounds crazy.
When I read about the founder and their privacy policy, I get the impression that this is something they care about.
At the same time, as far as I know there has been no independent audit. Considering they made over 100 million in 2020, they clearly have the finances to fund an independent audit. It would also improve their reputation and clear up some of the uncertainty about their collection of user data in practice
Even better (but more unlikely): they could open source the search engine so we all can audit them.
Back when DDG first started, Gabe was asking for ideas/opinions on features they had and might add, and I talked to him on the phone for a few minutes. He seemed a pleasant, sincere and honest person, and I've seen nothing since to contradict that. Unlikely he's got that kind of time any more ... here's a (2018?) interview (with Vivaldi, they'd just made DDB their default search), listen for yourself. [https://www.youtube.com/watch?v=OU9U26IWSYE]
Suspicious of most of the rotten-meat smells on the net as I am, I use DDG for everything.
Compare the person(s) who said "Don't be evil" (then...) to picking the name DuckDuckGo.
How is kagi more private? It requires an account to use, and it’s going to be a paid service. So it always has a strong user ID associated with every query. Whether it is not stored and not processed cannot be verified. It’s the same story about trust.
Being a paid service means Kagi's incentives are different. Instead of selling your data or profiting from feeding into ad-tech food chain, we are interested in selling you a subscription.
We do not associate queries with an account, as a matter of fact we do not save queries at all. You are right that this can not be verified, the question you need to ask yourself is what kind of incentive we have for misusing user data in any way.
Unless users want us to do start using their search history to improve quality of searches (something we may introduce as an option in the future as we've been asked to), we have no reason to do so.
> Being a paid service means Kagi's incentives are different. Instead of selling your data or profiting from feeding into ad-tech food chain, we are interested in selling you a subscription.
Until your growth slows down and you realize you can get away with doing both.
There are so multiple industries (TVs, Games, Streaming) where paid users are still being monetized to the maximum extend possible by showing them ads, selling their data, etc. that this argument is just dishonest now.
Personally I find that you did a great job with Kagi. I agree that the incentives are important, and I hope that Kagi will be successful and may prove that a different business model is possible. I'm also inclined to trust Kagi, but that's just that, trust and not much to lose.
Can you provide a TL;DR of the article? I'm a DDG user but open to considering alternatives, never heard of kagi and tried searX a long time ago.
Currently, whenever DDG doesn't cut it, I add the !sp bang and get Google results through StartPage. I know that SP is owned by an advertising company but I still prefer them to straight up Google. I tried using searX to get proxied Google results but it required a few extra steps so I don't usually go for it.
I use kagi as it still uses all of the ddg !bangs, and at some point they will ask me to pay for them (they are in free beta ATM) rather than show me ads which I'm excited for.
Lately, almost every conspiracy theory has been proven true. Or a more outrageous conspiracy theory is based on somewhat less aggravating true facts, that are then misconstrued as a more far fetched conspiracy:-)
Example A - Outrageous But False Claim's: Pizzagate
-> "Debunked conspiracy theory that after Hillary Clinton's campaign email hack
falsely claimed emails contained coded messages that connected several
high-ranking Democratic Party officials and alleged human trafficking
child sex ring"
Minor But Still Serious and True Facts:
Anthony Weiner was elected for New York congressional terms as Democrat politician 7 times. In September 2016, claims were published that Weiner had engaged in sexting with a 15-year-old girl from North Carolina, and devices owned by Weiner were seized as part of an investigation into this incident.
The report prompted a criminal investigation and Weiner's laptop was seized.
Emails that were pertinent to the Hillary Clinton email controversy
were discovered on the laptop; The Wall Street Journal reported
that federal prosecutors were weighing whether or not to
bring child pornography charges against Weiner over the incident
On May 19, 2017, Weiner pleaded guilty to another, unrelated sexting
charge of transferring obscene material to a minor,
and was sentenced to 21 months in prison, ordered to pay a $10,000 fine,
and was required to permanently register as a sex offender.
Example B - Crazy Conspiracy Theory: Government Was Stealing Dead Bodies to do Radioactive Testing.
...According to declassified intelligence documents, The Dalai Lama
earned $180,000 in connection with the CIA’s funding
of the Tibetan Resistance to the tune of $1.7 million per year...
I am not the NSA. And the comment was not meant to be understood as talking about every crazy nutter conspiracy theory aggregated into a Wikipedia page.
So what are you stating with the comment? All conspiracy theories are false or did not originate on some less outrageous event?
I'm simply pointing out your comment, "Lately, almost every conspiracy theory has been proven true." is incorrect. Almost every conspiracy theory is a very encompassing term. If you had said something more along the lines of some conspiracy theories have had some truth to them I would be in agreement.
Because there is a tiny bit of truth in something doesn’t proof the whole sentiment to be true. It’s a fallacy for everyone like you who wants to cry gotcha and run away with their hands on their ears.
> If Duck really collects user data, the moment this is found out, they’re dead
It'd take a whistleblower for anyone to ever find out. What are the odds of that happening? I don't think we can count on someone who is being paid by a company to tell us about their actions when their livelihood/gravy train depends on it and they may be opening themselves up to legal problems for coming forward.
Not may people have the sort of integrity that folks like Snowden, Klein, or Tice demonstrated and even those that do can be pressured into keeping silent.
>It'd take a whistleblower for anyone to ever find out.
No it won't. If you have a hypothesis you can just test it out. Go submit some fake personal data and then see if it shows up anywhere else. This trick is as old as using a honeypot name or email address to test if a service signs you up for junk mail.
> Go submit some fake personal data and then see if it shows up anywhere else.
this is not a valid test, for a whole lot of reasons. especially not in terms of internet search engines.
One reason for this, is that the specific things you search aren't what's actually valuable. Companies use that data to make guesses about you. It's those guesses, not your specific search terms, that are used to profile you.
So why not just try to get yourself profiled a certain way? Search a bunch of stuff about a specific disease and click a bunch of the links and see if you start getting targeted ads about those diseases? Well, who is to say who sold that data? Was it the search engine, or the websites you clicked on?
Not all the data collected on you is used for targeted ads, and of course even when it is used for ads not all of those targeted ads demonstrate a proven link back to your search teams. If you see an ad for cheap airline tickets maybe it's because you've been searching for stuff about another country, or maybe some algorithm thinks your bipolar and entering a manic phase since they are more likely to buy tickets. Maybe it's just an ad for cheap airline tickets because the airline wants more people to fly right while weather warms. You can't know.
Better ways to test what DDG is doing behind the scenes might be things like get hired there in a central role. Have the government or an independent auditor review their data collection practices.
>this is not a valid test, for a whole lot of reasons. especially not in terms of internet search engines.
Then come up with a better test. I'm sure you can think of something that answers those questions to a reasonable level of confidence and can be targeted at any data broker. This is literally what a lot of independent auditing actually is. The reality is, you can't go and work on the inside at every data broker and that defeats the purpose of an independent audit anyways. So you have to come up with something else.
As I said:
"Better ways to test what DDG is doing behind the scenes might be things like get hired there in a central role. Have the government or an independent auditor review their data collection practices."
> The reality is, you can't go and work on the inside at every data broker and that defeats the purpose of an independent audit anyways. So you have to come up with something else.
It's true that it's unreasonable for people get a job at every company they have to work with. The real solution is regulation and oversight to protect our data from being collected, sold, and used against us. Experts all agree we need it and they've been saying so for a very very long time, but so far there's not been much effort from congress.
A certain philosopher named Occam would suggest that the simplest explanation for nobody finding out so far is that it is three-letter agencies who might be the ultimate funders and data buyers.
A certain philosopher named Occam would suggest that appeals to conspiracy are much harder to substantiate than appeals to incompetence or irresponsibility.
That's Hanlon. He has a "razor" that says that anyone who maintains plausible deniability should be assumed to be innocently blundering, no matter how much that blunder benefited them.
"For nothing ought to be posited without a reason given, unless it is self-evident (literally, known through itself) or known by experience or proved by the authority of Sacred Scripture."
So I guess you're going with interpreting the scripture as "render unto Caesar that [data] which belongs to Caesar"?
I mean Okta’s core business is authentication so we’d expect them to do the bare minimum in disclosing security breaches and yet we saw how that went recently.
Perhaps they just keep the data in a vault just in case it might become useful someday. Not many people need to know about that. It can be just some box sitting at the point where data enters the datacenter. That's the darkest theory I can come up with.
Anyway, I'm a happy DDG user (on devices where typing "!g" isn't a pain).
You're right to be skeptical. They are essentially a client state of Microsoft. Their results come from Bing and they are hosted at Azure. Their privacy policy is just vague enough to not rule out the possibility that Microsoft collects all the stuff that DDG says they don't collect.
They sure sound like a Microsoft shell company. Because nobody that's fully conscious will ever deliberately use Bing they had to get creative and rebrand it with the usual privacy and safety buzzword slogans that VPNs have perfected in the last years.
DDG used Yahoo to start with; Yahoo had their own index at that time. DDG switched to Bing later, and since then Yahoo abandoned their index and started using Bing.
Unfortunately, Google takeout doesn't seem to give all the data. Last time viber stored "secret data" in google drive. I tried to download everything via takeout. It doesn't seem to include those data.
Something feels off about DDG, especially once I found out that they funnel you into downloading their iOS app in order to sign up for their new browser’s waitlist.
It’s like a dark pattern that an advertiser would use, not a privacy-focused search engine.
Duckduckgo could easily be fully owned and operated by some three letter agency. The NSA is already able to go onsite and tap into the data that passes through corporations and they've been doing exactly that for decades (see Room 641A) and they can force corporations to keep silent about it using national security letters. You should already assume that every US based company is sending every scrap of data you give them to the state.
With no way to avoid your data from going to the state, what are you left with? Worries over companies collecting, selling, and using your data against you. That's a very real and perfectly valid concern.
We know that other search engines are doing those things, so it's best not to use them if we can avoid it. Duckduckgo might be doing those things, which at least gives us a chance, and even if they are it'd be better to hand your data over to several different companies than to give them all to one source (like Google for example) because the more data points any one company has on you the more control they have over you.
The worst case scenario would be that Duckduckgo is actually secretly run by Google and the data being collecting from the service is being used to help fill your dossier at Google but if that's the case we're never going to know about it until a whistleblower comes forward.
As defeatist as this all sounds, I do believe in taking steps to try to protect your privacy where you can, and I take many steps that go far beyond what most people are willing to, but we also have to accept the reality of the situation we have where our laws and regulations do not protect us, and there is very little we can do to protect ourselves but depend on others to do what they say.
That's why I use duckduckgo right now. not because it's trustworthy (we can't know that), but because they might be and that's (sadly) the best option we have at the moment.
DuckDuckGo was never meant to defeat spying by three-letter-agencies.
It's meant to protect us from tracking by advertisers.
I don't think it makes any sense for a three-letter-agency to run it. They can just NSL duckduckgo. They obey the law, as this news item shows clearly.
I agree. Can't dismiss the possibility since anything advertising itself as a service to protect your privacy could make a very nice honeypot for the state, but there's a market for pro-privacy services that private companies are happy to serve and nothing stopping the state from just taking whatever that want from them anyway.
> The worst case scenario would be that Duckduckgo is actually secretly run by Google and the data being collecting from the service is being used to help fill your dossier at Google but if that's the case we're never going to know about it until a whistleblower comes forward.
The problem with this (and most other conspiratorial thinking) is that of course a whistleblower is going to come forward.
Are you thinking that every employee of DuckDuckGo that knows this (and many would have to), is paid so highly as to just be quiet? That not one of them thinks, "hey, it would be fun to be famous? It would be fun to expose this thing that is suddenly going to make me a hero to millions? I could write a book about it afterwards and make a ton of money..."
And of course, Google would consider this in the first place. Like "maybe this isn't a great idea, because secrets like that are hard to keep? And maybe this could destroy our company and that kind of risk isn't a great idea?"
This depends on the strange theory that every intelligence agency front or partnership has been discovered by the general public while it was operating, and that the agencies are themselves irrational for ever even trying it.
edit: sometimes the arguments against "conspiracy theories" become arguments against the current existence and operation of intelligence agencies. As if all of those employees did nothing all day, and all of those billions are flushed down the toilet.
> Are you thinking that every employee of DuckDuckGo that knows this (and many would have to), is paid so highly as to just be quiet?
I'm not thinking that DDG is secretly being run by Google at all, but I'm forced to admit that there's nothing stopping Google from doing it, that they have the money and resources to do it, and that it would benefit them to do it, so however remote, it is a possibility that should be considered right along side the possibility that duckduckgo is exactly what they say they are and nothing more. We have no evidence of either being true after all and can only speculate.
If we're asking ourselves that the risks of using DDG are, we have to at least consider what the worst case scenarios might be.
So while I consider the possibility that DDG is being run by google to be possible, but highly unlikely, just as a thought experiment, why would anyone but a very small number of Google employees working at DDG need to know it was run by google and sending data back home? Any other DDG employees don't need to be told. If google employees ran the servers, DDG employees would be free to work on the front end and day to day stuff entirely unaware.
> The problem with this (and most other conspiratorial thinking) is that of course a whistleblower is going to come forward.
This is not a guarantee at all. Edward Snowden came forward, but only after many many years and not one of his co-workers in the same role did. DuPont knowingly poisoned people for decades and not a single whistleblower ever came forward. Johnson & Johnson knew that their product (which we were covering infants with) caused cancer but there was no whistleblower to break the story to the public.
Over and over and over again we only learn about horrific acts committed against the public by corporations after decades of gathering scientific data and court actions specifically because people were "paid so highly as to just be quiet". It's a fact that whistleblowers are the rare exception and not the rule.
The idea that companies are so afraid of whistleblowers or their reputation that they wouldn't do evil things is demonstrably false as we've seen example after example of companies who knowingly put profit over human life time and time again and even when there were whistleblowers the companies often faced zero meaningful consequences beyond paying back a small percentage of the profits they made while building a body count.
Whistleblowers are awesome, and they remain a very import check against bad actors, but do not count on them always being there to save you and don't expect that fear of them will prevent a company from committing acts far far worse than logging your internet searches.
Love it or hate it, the Panopticon is here and we're stuck under it's watchful eye until laws and regulations catch up. In the meantime, just do your best to protect your privacy. DDG has been my search engine for many many years. I recommend it. I still can't fault anyone who questions how much we can trust them. Simply put, right now we can't. I still need to search the internet though.
They can be fun, but I wish we had actual oversight and regulations to protect us so that we didn't have to think about what kinds of shadowy things companies might be doing with our data.
If someone is worried about DDG, I can't blame them. They have every reason to worry, because we have no protections. Personally, while I sadly can't discount the possibility, I'm pretty sure DDG isn't run by google or the NSA, and they've been my search engine of choice for a very long time.
I'd imagine there's good money in convincing people they have privacy because then they'll provide more interesting data.
Has the company ever been audited? Why should they be trusted to not compromise user privacy? Imo at least Google is honest: you know when you use their products as intended you have no privacy, and they don't try to hide this
Edit: since DDG isn't open source like searx, how do we know there is ANY truth to their marketing claims?
Edit: Just for accuracy, the browser extensions are open source. But as far as I know, the actual search engine isn't
Edit: They made over 100 million in 2020. They clearly can (and should) get an independent audit. It's shocking that they haven't had a single audit. Even startpage has