> This change caused my chromium browser to report that it's being managed by
my "organization". I thought that my machine was somehow compromised. This
is terrifying! I wound up deleting my entire chromium profile before I
discovered that the root cause was this DuckDuckGo config change.
Yeah, that was alarming. Figuring out that it was innocuous took me 15-30 minutes of urgent, drop-everything-else work.
I should've thought to post a Debian bug report after that (especially since the Debian bugs database was one of the first things I checked). I'd reported the cause informally to some colleagues, and then must've gotten distracted with what I was trying to do before I saw the suspicious message.
Putting even more identifying information into User Agent strings seems completely insane, who's interests is that meant to serve? The number of people in any town with Fedora in their UA must be minuscule, that blows a huge number of 'privacy bits', and for what?
I think it's for installation tracking to some degree -- they do this by the browser user agents but _also_ machine-ids sent with DNF (the package manager)
I love the project, I really dislike this 'gather things that might be useful to someone' behavior and having to MITM my system to see what it's actually doing
I'm on a fresh install of Fedora 36 (KDE Spin) and my Firefox UA is currently showing as "Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0".
Uh, no?
This is managed policy, and this is a 100% good way of letting the user know that someone else has control of their settings
Just because Debian thinks that they are doing the right thing, they are in fact, controlling the user's settings through a policy
It's just telling you that, as it should.
The notion that it has anything to do with keeping search the default or not is like, such a silly assumption i don't know where to begin.
The feature overall came from a desire of enterprises to manage browser settings. Back then, Google was one of the first to tell you someone was doing that to you so that you knew your organization could see and control your settings.
IE had a deployment kit that let you deploy managed browser settings, but you didn't get told (this changed, eventually, i think, it's been a while)
Letting orgs change the default search engine was an explicit, designed goal, since some wanted to redirect people to their internal searches by default, etc.
There is in fact, another way to do this that is easy and doesn't give the user the same warning, and is meant for software distributors
You can just use master preferences here for this kind of thing and it is meant for this use case.
Google in fact, made this easy and officially supported, despite your claim.
It would likely be pretty silly to make this hard - end users aren't using these interfaces or tools, and distributors always know how to change this stuff .
As HN as grown in popularity, the sheer number of kneejerk reaction comments has unfortunately kept pace (IE the overall percent has not dropped. Even sadder, nobody ever goes back and edits it or replies and was like "you know what, i was probably wrong".
They feel comfortable moving on and doing it again.
It says "Managed by your organization." every time you click the menu button. It's even in a different background color and bigger margins.
If you click it, it says "Your administrator can change your browser setup remotely. Activity on this device may also be managed outside of Chromium. Learn more"
I made the policy myself and copied it myself. The remote part is purely conjecture on part of Google. The second part about further management also feels out of place.
Then on every setting that's been changed by policy there's a building icon that says "This setting has been changed by your administrator." That's probably the only message that needs to be there.
On its own it seems innocent and useful, but compare this to the number of steps you have to take to eg.: delete Google cookies.
> The remote part is purely conjecture on part of Google
Accurate conjecture nonetheless. If a 3rd party has dropped a managed policy file onto your install, it's reasonable to assume they can drop an updated one which does all the scary stuff at any time. It's a waste of effort for Chrome to parse the current profile when the mere presence of one can compromise security.
More along the lines of "printer on fire" due to the perceived urgency. But yes, this message follows in a long tradition of make-the-message-as-scary-as-possible going back literally decades.
Because those are the default browser settings. As explained, there is another more appropriate way to change default settings for distributions. The way Debian did it is more for enterprise management.
"Just because Debian thinks that they are doing the right thing, they are in fact, controlling the user's settings through a policy It's just telling you that, as it should."
But by default isn't Google controlling the user's setting through a policy. The policy includes, among other things, the rule that Google is the default search engine. (Needless to say, that setting is a cash cow.)
And in fact, the user that manually changes the default policy herself, i.e., changes the default search engine to something other than Google, versus delegating the decision to a third party such as Debian or Google, cannot remove Google as a search engine choice! It is greyed out. Permanent. Chrome binary allows users to delete all the other choices, except Google.
Probably was not specific enough here. Chrome binary on ChromeOS. The anticompetitive, manipulative tactics are reminiscientof Microsoft's including Internet Explorer in Windows.
If you read the thread linked in the comment you replied to [1], the Debian folks added a JSON file to `/etc/chromium/policies/managed` when they should have edited `/etc/chromium/master_preferences` (a different JSON file). If they had done that, there would be no message.
Everyone on the thread agrees that's a better solution.
Reporting that there is a policy is no bug, but maybe there should be a way to signify that it's customized by your software vendor (i.e. signed and keys are compiled in) and that it just sets the default search engine.
Chromium does change the message to "This device is managed by <google workspaces domain>" if attached to Chrome Enterprise.
The policy config is designed for enterprises, not software distributors. It's Debian that's taking an unnecessary shortcut here. They could've patched the source code to change the default search engine.
No, preconfigured profiles are not the right way to solve this, as the message clearly indicates, pre-configured profiles are designed to be managed by the owner of the computer, not the software distributor. The right way to solve this would be to change the built-in default that applies before any profile is processed. This also would allow any other profile to override it if they wanted.
They are referring to the fact that Firefox does the exact same thing as Chromium if certain settings are changed via enterprise policy. Here's a screenshot from my browser: https://i.imgur.com/pNMMKUC.png
I really don't understand why Debian wouldn't just patch the source code to change the default search engine rather than shipping an enterprise policy like this.
People sometimes absentmindedly misspeak. Either that happened and you can politely s/Firefox/browser/ so that the comment reads as a reasonable, even insightful contribution to the discussion, or the comment is utter nonsense and you can feel smug that you’re not as stupid as they must be. Granting the former interpretation is the more charitable option.
You should also understand that “Surely…” doesn’t mean the same thing as “I am sure”. “Surely…” is a plea for sanity.
This is only useful for people who know what a search engine is. (Seriously, many people equate "googling" = "search engine", and don't know there is a general category of this thing). Unless there are two big bold buttons on start-up--one that says "Use Google for Search" and the other that says "Use Duck Duck Go for Search"--it would appear broken to them. Even then, almost everyone would pick "Google" just for name brand recognition.
i would argue most people that install chromium, not chrome, no what a search engine is. unfortunately, since chromium lost google account login capabilities, i do not install chromium anymore. now i just think "search engine" means "google".
I would argue that even though most people can e.g. walk up stairs or fill in a form or change their browser settings, you should often provide e.g. wheelchair ramps or helpers or sensible defaults for the ones who can't.
Exactly. We're on the third age of the internet so to speak. At the first only the computer nerds were on it (up to ~2000); then only computer nerds + mostly young adults were on it (up to ~2010); and now all the literal toddlers and literal elderly and everyolne else is on it.
You prefer the alternative, whomever owns the platform wins?
There is a spectrum between everyone votes on everything and yielding everything to our corporate overlords. For example there could be an "I don't care" button which picks one at random.
Cookie banners despite their annoyance are educating people and motivating corps to minimize their PII usage.
In terms of human hours used, it's possibly one of the more expensive education programs ever mandated by a government. And I haven't seen any evidence that it's actually moving corps to minimize their PII usage, since they don't pay the cost in time of having to read the banners.
Seems like it's either covert surveillance (before the EU cookie thing), or manipulated consent surveillance.
I personally improved my browsing experience with the Consent-o-matic addon, which knows some of these cookie modals, and fills them for me according to my preset (which is to deny all cookies).
Also, people not caring should not be a baseline. People are ignorant about the vast majority of things going on, and yet they are much better off if those are taken care of by people who actually give a damn - as evidenced by a good deal of regulations that keep lead out of paint, antibiotics out of chicken, and so on.
> People are ignorant about the vast majority of things going on, and yet they are much better off if those are taken care of by people who actually give a damn
No disagreement there, I just think the GDPR rules that led to ubiquitous cookie consent dialogs were indicative of policymaking by people who didn't fit that category. It should have been easy to predict this outcome from that policy.
Can someone please explain why we are supposed to trust DDG? Isnt it just a random website that popped up out of nowhere claiming to be private yet no audit has ever been conducted which substantiated those claims?
And finally, I’m not sure that random or just popped up is an accurate characterization for us. We’re pretty well established at this point, having been around for nearly 15 years! I was an early user of this site and a frequent contributor during the early days of DuckDuckGo.
Those aren't proper audits. And again, bringing up the fact that it's open source is a meaningless piece of information since there is no way to verify it's the same software code on production. It only serves to trick the average user who doesn't understand how web servers work into trusting your service more.
The best thing you could do, if you actually care about privacy and not just $$$, is to open-source the entire search index db and accompanying webserver software, making it easy for users to setup their own local instance of DDG which is actually auditable. Additionally, posting a notice on-site which notifies your users that their searches may be recorded and tracked in spite of what the privacy policy says(due to the USA jurisdiction of the company making it susceptible to National Security Letters and secret gag orders) would be the right thing to do.
> open-source the entire search index db and accompanying webserver software, making it easy for users to setup their own local instance of DDG which is actually auditable
Easy to self-host? How large do you suppose the Bing index is, for example? Simply storing the index would be an immense undertaking beyond the reach of probably everyone who has ever self-hosted anything, ever. This ignores the compute required to actually search it, as well as how it would get updated.
I was curious, so as a point of comparison, the latest Common Crawl [0] is 3.1 billion pages and 370 TB uncompressed. I would presume that Bing would be significantly larger given commercial interests.
If somehow Google and AskJeeves worked perfectly fine 20 years ago for millions of monthly users, I find it hard to believe a modern powerful computer lacks the resources to support a search engine for a single person.
What is the largest hard disk one can buy nowadays? I found a WD Gold 20TB. You'd need 19 of them plugged into your computer just to hold the uncompressed archive from Common Crawl.
Your assumption is correct if you look at supercomputers, where the fastest in the world in 1999 could produce ~2.3 TFLOPS and in 2018 it could produce 122 PFLOPS which is around 5000 times the increase in FLOPS.
But i doubt most of the people you would want to go through this index has access to a super computer.
I wouldn't be surprised if the indexed subset of Facebook alone were more than 1000x larger than all of the indexed web 20 years ago. The web in general has probably expanded many millions or hundreds of millions of times.
Personally I wouldn’t mind if trash/spam sites like Facebook/Twitter were omitted from the database. As well as non-English content, being as though I only speak English. Remove trash/spam/non-english from the db and the size of that 300TB will be cut down substantially to the point it is feasible for a single person to store. After all, even if somebody wanted to store the whole 300TB db would cost about $4000 in hard drives which is not as totally out-of-reach as some people here are making it seem.
That was a very different internet. Search engines aren't something you build once and then you just have them. Constant, extensive work is necessary. It's quite literally a global-scale task to do this effectively.
> Those aren't proper audits. And again, bringing up the face that it's open source is a meaningless piece of information since there is no way to verify it's the same software code on production.
> The best thing you could do, if you actually care about privacy and not just $$$, is to open-source the entire search index db and accompanying webserver software, making it easy for users to setup their own local instance of DDG which is truly auditable.
self hosting isn't feasible for 99% of the population. DDG is aiming to be the mainstream privacy protecting search engine, I used them for a while and can appreciate their efforts. if you want something nerdy and and self hosted use a searX instance or host it yourself.
>self hosting isn't feasible for 99% of the population
Its only this way because companies have a vested interest in keeping it like that. It's how they make their money. It is absolutely within the realm of possibility that people host their own search engine. 99% of people know how to install Google Chrome right? this should be no different. The entire search engine & webserver stack it depends on could be bundled into a .exe/.app installer with simple instructions people can understand. Consider XAMPP- which already provides a webserver stack that is extremely easy to install on Windows/Mac just by a simple .exe/.app that 'just works'. This hypothetical search engine could use similar methods as the XAMPP installer. There is no technical reason why this can't happen. It just isn't happening because it'd increase competition, cutting into DDG's profits.
Sure, the problem with installing a local search engine is the installer technology. It can't be the petabyte of index information that the search engine actually needs, and the petaflops of CPU it would need to search through it.
Everyone has a PB of SSD disk space, some few TB of RAM and a few thousand CPUs to throw at the search problem, or is happy to type in a search query and give a 16 core CPU a few days to execute it, right?
> or is happy to type in a search query and give a 16 core CPU a few days to execute it, right?
That is just a naive implementation. For the first 10 results you grab ads, the database of those is significantly smaller, for the next 20 results you look at Wikipedia and stackexchange clone sites. Everything after that is indexed using math.random(). If you want to get fancy run the query through a fact creating AI and present the results inline, people are always happy to know that the color of the sky is purple or that the ideal amount of chess players is 5. Disclaimer: I have never seen googles source code nor any patents related to it, any similarity with existing search engines is pure coincidence.
I don’t know why you are framing this as an impossible task. It doesn’t need to be on the scale of Bing/Google to function. There are already some self-hosted search engine solutions that work okay. Just filter out all the trash sites with low quality content like Facebook/Twitter from the database and that 300TB common crawl could probably be cut down to a more reasonable 200TB. Filter out non-English results and it probably halves it further. I’m seeing 8TB drives on Newegg for $129. It absolutely does not take anywhere on the order of “days” to query a properly optimized db of this size.
I stopped trusting ddg when they said they were going to sensor Russian news. I assume google and other major search engines sensor political issues but I didn’t think ddg would.
You're not supposed to totally trust DDG, but they are a better default search engine than Google if you care about privacy.
- they are less likely to throw a captcha in your face if you connect over VPN
- they have less surveillance infrastructure and run less code clientside than Google does
- they are at least not explicitly tracking you
- they have a lower number of secondary data-points from other services that can be connected to your searches
the list kind of goes on. I don't assume that DuckDuckGo is perfectly trustworthy just because they say so, but Debian has a choice of a couple of different default search engines that are mature enough and give good enough results to use as a default search tool: Google, Bing, DuckDuckGo, etc...
Of those choices, DuckDuckGo seems to be a pretty reasonable decision.
At the very least, DuckDuckGo lets me search when I'm behind a VPN and have anti-fingerprinting tools turned on, Google very often doesn't. It's not a super-hard decision for me which one is more private.
privacy isn't the only one criterion to choose search engine. If search quality is very poor for a language, it's not suitable even if it's privacy oriented.
Sure, but that's really a separate conversation than what this thread has been talking about so far -- which is whether or not we can trust that DDG is more private than Google.
You aren't supposed to. Even if you assume they lie in every sentence about their data collection, with their current setup it would be much harder for them to build a valuable shadow profile about you.
They haven't been caught running fingerprinting scripts yet and they dont have an account system to tie to your searches. At best they could use your ip to build a shadow profile and thats wildly inaccurate in our mostly ipv4 world.
How do you know what server-side profiling occurs or does not occur? There is no way to know that. DDG gives people a completely misplaced and false sense of security, when they are just as easily comprimisable/corruptable/subpoenable/susceptible to NSLs, EDRs and secret court orders as any other company.
And I disagree with your premise that it's particularly difficult to link a persons IP to their real world identity. There are organized fraud gangs who have it down to a science. know exactly what dept. of the ISP to call, what to say, etc. Basically if someone knows your IP and your ISP account is registered in your name it's game over.
I am aware that they are susepctible to nation state level data collection, just like every site on the internet. I conduct all my non e2e encrypted communications/interactions with this in mind.
I'm more worried about teenage crooks equipped with Emergency Data Request PDF templates than any nation state. We know Google, Facebook, Snapchat etc were all giving up information on users without a court order to these crooks. All it took(probably still) was a EDR notice alleging an imminent threat to human life is about to occur -sent from a real or fake police dept email- and companies will hand over your data without second thought.
Even if they do server-side profiling, they can only track you on duckduckgo.com. Last I checked, DDG did not also own an analytics service that has infested half the world's websites.
> Last I checked, DDG did not also own an analytics service that has infested half the world's websites.
uMatrix shows a 3rd party request to improving.duckduckgo.com every time I visit a page from DDG search results, ostensibly to measure click-through rate. This is claimed to be anonymous, but in principle it gives DDG the opportunity to log much about their users' browsing habits.
Even in the worst case scenario you propose, where DuckDuckGo is deliberately lying and collecting more information than they claim and where those clickthrough requests are sending as much information as is possible for them to send, this is still exposing you to way less risk than Google Analytics.
It is still, I would claim, objectively more private to use DuckDuckGo than Google even in a world where they are lying about their privacy policies, purely because DuckDuckGo does not have the same surveillance scope and level of infrastructure as Google.
And that's really what we're arguing about here, unless you have a more private alternative to DuckDuckGo that has been subject to more rigorous audits and can scale to support being the default search engine for a bunch of nontechnical users?
Cynically speaking, I am not sure that there is an audit you're going to be able to do that won't cost a ton of money that the people in this thread would trust as definitive "proof" of anything[0].
I think a big part of what I'm personally getting at with the comment above is that I'm not looking for perfect proof of anything; independent audits are great and I love to see them and I absolutely encourage them, but remember that the point of comparison here is Google/Bing. Take it with a grain of salt, and purely opinion me, but I think its fine for private search engines to offer the best proof of their claims that they can and to otherwise ignore people who demand perfection or nothing.
It's great to see more search engines in the space with a focus on privacy, and if you're able to pull off building your own indexes, that's also a pretty big win. I wish there was a more obvious path forward for your company to make money (I get nervous when companies say, "we'll figure out funding later", to me that comes across as a little bit of a time bomb). But in general, always good to see more private options for people available.
If I was in your position and I was looking for audits, I'd honestly be looking at the same sources that DuckDuckGo's founder talks about further up-thread, because that would at least allow me to say, "the same sources that claim DuckDuckGo is private have also said that we are private." But it's not my area of expertise, so maybe that's bad advice.
As a regular user of the Javascript-less page, several months ago it started returning wildly different results than the “fully featured” version for the same queries. My uneducated guess is that it’s using a different index. There also appears to be some sort of rate-limiting wherein the results will frequently just be empty (using the JS version and same query resolves the issue).
I’m guessing they’re intentionally degrading the non-Javascript page as an anti-bot measure, but it’s so bad that I find it disingenuous to suggest that the non-Javascript page even a valid alternative at this point.
It is a legit company based in Pennsylvania, not some random website. Their privacy policy explicitly states they do not collect user info. If they are caught doing it anyway they could be open to legal action. While they may be lying, at least it's better than other search engines where collecting data is explicit and built into their business model.
That doesnt mean anything. I can go ahead and register an LLC in Pennsylvania too for a few hundred bucks and then put up a website with a completely fictional privacy policy. I could collect everyones IPs depite claims that we do not, and no one would be able to prove it.
I don’t understand why folk seem to think that admitting they are capable of fraud is some kind of dunk.
I mean - yea. Maybe your dentist never actually graduated dental school. Did you call the dental association to check he’s a member? Anyone can just print out a certificate on their home printer and put it on their wall, y’know. And even if he is, do you think the dental association actually called his college to verify the transcript he gave them when he joined in 1988 or whatever?
You really should do an independent audit of your dentist’s dentistry skills. Perhaps you should demand he does some kind of standardised test. But he can’t just go to a testing centre, you have no way of verifying that. He must do the test in front of you.
And how do you know the answers to the standardised test are correct, anyway? You will need to do a dentistry degree yourself first.
TLDR: A trustless society doesn’t work, and most people aren’t out to pull one over you.
> While they may be lying, at least it's better than other search engines where collecting data is explicit and built into their business model.
Just to be clear, are you saying that given the choice between collecting data and lying about it vs. collecting data and being explicit about it, you’d choose the first option?
Just to be clear, are you saying that given the choice between collecting data and lying about it vs. collecting data and being explicit about it, you’d choose the first option?
Yes. Absolutely. Because that would give me some legal recourse.
Would you hire someone who hides in the fine print they can steal from you and you can't do anything about it, or hire someone else and accept the chance that they might steal.
The choice is between a bad thing definitely happening, or a bad thing possibly happening.
Thanks for bringing this up. I don't understand why people seem to automatically trust things just because they advertise as being more "private" than the alternatives. I guess none of us are immune to advertising tactics, but it's so important to remember that they have no obligation to be truthful and will lie every chance they get.
I am not claiming that DDG is bad or anything, I just don't like putting trust into something just because it says "you can totally trust me!".
Unfortunately my search engine is far away, both in terms of functionality and hardware capacity from being able to deal with that. Maybe some day, who knows, but not yet. Even if I'm destined to make the Linux of search engines, we're metaphorically living in 1992 or so.
Would be funny though because it's both developed on a Debian workstation and hosted on a Debian server.
Hey, totally unrelated, but the way your status page is set up made me think your site was down for months (I had started to assume permanently) - when it last went down for maintenance I got redirected to https://status.marginalia.nu/?query=... which said, and still says, "Site down for maintenance" across the top.
After DDG decided they would censor material they considered misinformation from Russia I went out search engine shopping and I'm using brave search. I value transparency and fairness and can make my own mind about things (I remember when being against the Iraq or Lybia wars made you a terrorist sympsthizer).
Do you have any stance there? (I'm not saying you should have one or agree with mine, just curious. Every search engine might have its time and place).
In general I'm not a big fan of censorship. I think it's ultimately counterproductive. It sends the message that the "truth" needs to be protected from independent scrutiny, effectively undermining the credibility of the institutions, while enabling crackpots to develop a persecution narrative.
That said I do block some sites, mostly nazi stuff if it's designed in such a way that it crops up in regular searches. It's a fairly small number of sites though.
> while enabling crackpots to develop a persecution narrative.
I see this sentiment a lot lately and it seems weird to me that since narratives don’t need to have an inch a truth to be constructed. Narratives can be fabricated from made up atoms if need be . If crackpots wants to believe they’re being prosecuted , they’ll do it anyway. The ammunition you fear you’ll give them is one they already possess if they’re already too far gone.
Yeah, I didn't start annotating them until recently though, and like 39700 out of 40000 the domains are blacklisted because of spam. Probably a few false positives in there though but it's 40k domains :-/
You can check if a site is blacklisted using a site:-search like
risiOS hosts a searx instance for its users and configures it as the default search engine.
I worry about the sustainability of such a service though. Don’t they inevitably get blocked upstream?
It might work better for more local organizations to host such projects. I’ve always liked the idea of community centers and churches and whatnot hosting shared services for their community.
It would also crash marginalia I think. Which would be sad.
What would we have Debian change the default search to? I get that DuckDuckGo might not be ideal, but it is better than Google, Bing, Yahoo or Marginalia. The results need to be good enough, but also not obviously anti-privacy. It basically leave you with DuckDuckGo, Qwants or Ecosia. Personally I might had picked Ecosia, had they not had a cookie banner.
We (at DuckDuckGo) actually have no current relationship (or commercial deal) with Debian. They did this on their own. That is, there is no revenue share here.
Also, we no longer use the Amazon affiliate program, or Yahoo for that matter, and we don't (and never have had) any idea what any individual bought.
They know the types of items you buy. You don’t get the exact items from Amazon. They can guess if you click a link to an iPhone and then later bought a $1,200 electronic but if you click on an iPhone and buy a PS5 they don’t know what you bought.
That’s not exactly true - as an Amazon affiliate you do see the exact items purchased under each of your specific tracking IDs, as well as the price it was purchased for, category and device group it was purchased using (desktop, tablet, mobile). This also includes any purchases the user makes in a 24 hour session of browsing after clicking your referral link to Amazon.
I’m unsure how many tracking IDs you can create in your account, and as far as I’m aware and can tell, you cannot pass specific UTM codes or other identifying information along with a click to Amazon that is passed back to you on the reporting side. Meaning, you could track users you send to Amazon, and where you’re sending them, and you can see outcomes, but Amazon only provides the tracking ID back to you as a reference (this ID is meant to be used on a site/channel wide level, but as I mentioned above could possibly be abused depending on how many you can create)
DDG is a more practical default than Google simply because I don't get a "We'd like to abuse your personal data" pop-up that gets in the way every time I open an Incognito window to search for something.
This switch by Debian to DDG is less of an issue for me than it would have been a few years ago. Google has recently been claiming it will only ever show 1000 results (10 pages of 100). But for many users, myself included, google will only ever show less than 400 results. This is apparently an intentional policy (at least according to the support forums).
For me this is terrible. I can scan through 100 search results pretty quick, going 4 pages deep is something I have always done often. Seeing the reported ~82 million results shrink suddenly to 4 pages and maybe 389 results with ommitted included is extremely disheartening. But at least google scholar still works properly.
Sadly I have found the DDG lacking, most times I have to go back to Google to find information that just doesn't show up on DDG. As an example, I don't have Twitter but I follow certain sport journalist with a huge following, all thanks to his Twitter. When I search for his name + twitter, DDG shows me articles about the journalist and even a Facebook page link, but not his twitter even if it is in the query and his handle is literally his name!
Twitter are so hostile to casual anonymous browsing via the web that I'm not surprised DDG aren't indexing them, and actually prefer that. It's like Twitter are actively choosing to not be part of the web.
But yes, I do use !g when needed to jump to Google. It's just the default that works better on DDG for me due to the Incognito window issue - so much so that I've been running DDG by default for quite a long time now, just for that reason.
Did you use the "Send Feedback" in the bottom left corner? I've heard (via a comment on HN) that they do read them. I also readily admit the bottom left corner is a suboptimal place to put a feedback link, but here we are
The way they did it shows lack of experience as well, as this will enforce the change to all users rather than simply change the default profile settings upon creation.
I'm not a Debian user, but Ubuntu 22.04 tried to force snap down my throat with Firefox and it broke the hell out of everything. It turns out that a web-browser needs to run outside of a sandbox, who could have foreseen?!
Anyway, so now I just manage my own updates via the tar.gz because I can't be bothered to rebuild .deb for the releases and hope snap and its flatpak friend go the way of the dodo
I think that they will need to fork the web browsers and maintain the forks instead of the originals, in order to make improvements. This is one of them but is not only one. To actually make the web browsers good, will require further changes (sometimes involving adding stuff back in that was removed in older versions, or removing some of the newly added stuff while keeping some of it).
However, I would prefer the default to be "no search", and to only search if the user explicitly specifies which search engine to use. (This does not necessarily mean that Debian has to do this; it only means that it is what would be my own preference. Some other people will agree with me, although some people will disagree.)
Regardless of the default settings though (sometimes different default settings might be suitable due to the distribution; in this case it doesn't matter, but for some settings of some programs, it will matter), the end user should have the opportunity to change all of the settings.
I wish they would have gone with search.brave.com, but DDG is also acceptable to me. The main reason I would have preferred brave.com has to with their using their own search engine for at least a portion of their results. I also like the discussions result they added.
> "At DuckDuckGo, we've been rolling out search updates that down-rank sites associated with Russian disinformation. In addition to down-ranking sites associated with disinformation, we also often place news modules and information boxes at the top of DuckDuckGo search results (where they are seen and clicked the most) to highlight quality information for rapidly unfolding topics."
In hope to quickly clear up some common misconceptions about them though: we don’t censor, we don’t move things so far down that they are effectively censored, we don’t have any definition of misinformation, and we don’t rank based on any political agenda or opinions (that includes mine!). This is just a summary though so would read the help page for details.
You still haven't convinced me, or many others who used your service to the contrary, and your explanation like in this thread here doesn't match what you are preaching.
I’m honestly not sure what you are referring to as the contrary or contradiction here. The referenced help page is the most complete explanation of how our news rankings work. Put another way, what would it take to convince you?
You were given a screenshot with quoted text from an article that returned completely buried results in your search engine from the same rt.com article. You first replied by giving a person a URL to the RT.com article to search in the engine which brought up a result. Then when someone called you out on it you then said you'd get back to them.
Now today since I've linked this thread, you have now changed who could reply.
It's pretty clear that you will say or do anything to try to save your tanking company.
I did not change any of my Twitter settings today.
Also, all I'm doing in that old thread (and this one) is doing my best to explain how our news rankings actually work. Again, currently the best and most thorough explanation is in this help page (more than can easily be put on Twitter): https://help.duckduckgo.com/duckduckgo-help-pages/results/ne...
it was announced in a very political way at a time when everyone was trying to earn social points by supporting the other side. there was no mention of downranking disinformation released by the other side. i had been using ddg since probably 2017 and i switched that day.
This leaves me with conflicting emotions. I don't know where the easiest place to find the actual explanation of the change is (not very familiar with Debian development practices) but I wonder if it clears things up.
The year of the Linux desktop gets further away as people try to use their browser and go “why can’t I search” and drop it all together. A lot of people really don’t have the patience to configure their computers, they want it to ‘just work’.
Yea I guess. Though I'm having a hard time with the idea that someone who went through the trouble of running on Debian in the first place would have this reaction to the browser not automatically opening a search engine.
Not everyone who uses Debian also was the same person who installed it.
There are a few people (like me) who are crazy enough to give Linux desktop systems to real end users. Although I suppose I could just set their search engines for them, but that's just a pain.
For a solution to be required there first has to be a problem. Then it has to be shown the new solution is better than the current implementation.
You’re not happy with the default which you can trivially change but no one has to change, so you propose having no default so you still have to change it but now everyone has to change it.
As reported in an earlier comment, DDG did not make a deal with Debian for this.
Prior art is that Linux Mint at one point had Yahoo as the default search engine in their Firefox builds. I am not sure whether that is currently the case.
Lots of folks misremember how the Unity Home Lens feature actually worked, and that the Ubuntu installer explicitly asked you whether you wanted it enabled.
If enabled, there was no presumption of local-only search. It was front and center in your search results, and the affiliate revenue was only collected when you clicked on that Amazon result.
Canonical claimed that the search was forwarded to them, and then anonymized to Amazon. That's more than what Microsoft seems to do with Bing results in Windows search, which you can't seem to disable without installing third-party scripts.
Was it a perfect solution? No - But it was a way to make revenue in an otherwise open-source project and free of cost. Its interesting how on some days, people argue for more money towards FOSS devs, and then others argue that revenue-building systems shouldn't be implemented. Yeah, Canonical makes enterprise investments, but they're obviously weren't in the realm of Red Hat in terms of enterprise support.
I agree that some talk at the time was overblown, most of it even.
That said, it was a braindead idea to begin with. Not one person in existence wants or expects shopping links when searching their computer via a dock like interface. This is meant for applications or files.
When shopping, most are going to research on Google...or perhaps search a category on Amazon itself before choosing a product.
I'd be curious it Ubuntu even made a single sale from that venture.
Agree that is was not a great idea, or one that anyone asked for.
I saw it as a way for Canonical to start bringing end-user-oriented features to the Linux desktop, something that Linux sorely needed circa 00s and early 10s. They also had the forethought to bring web apps to the desktop before most major players did.
It was all part of their 'continutity' push at the time: desktop and phone in one cohesive interface. Too early for its time, but its clearly working for Apple.
They have a few though. Certainly they don't have captive users who only install what they are allowed to and use the default settings. Linux users are probably the worst target market for advertisers.
>Linux users are probably the worst target market for advertisers.
Yes but not for the reason you are imagining. I can think of a few things in common between everyone I've ever known to use Linux for personal use and general consumerism to improve quality of life is not one of them.
That is exactly what I was thinking. I suspect the algorithms in the real time bidding engines put anybody with Linux in their browser signature in a very cheap ad category. The market researches probably concluded that these people continue using $200 computers for years and try to repair things instead of buying new wherever possible.
I'm confident that debian users are tend to be a programmer compared to average PC user. Programmers are richer compared to average so won't they buy things more? (though ads are a bit less effective for programmers)
I don't mind the idea of changing the default search engine to DDG, but not in a stable release, do that in testing.
It is opinionated choice, not a bug fix, and definitely not a security update (severity: wishlist). I don't have a problem with maintainers having opinions, but on a stable distribution like Debian, I would have preferred they expressed them before the freeze.
Changing the search engine of existing installs is quite questionable and it is worrying that this was released without a much bigger discussion involving not just the maintainers of the browser package going by their personal feelings. If I was a debian user I would be mad.
Debian being free of cost, I dont think you have a right to be mad about anything if you don't help with maintenance. Open source maintainers are not your employees.
Users can always switch back to Google if they so desire.
It is literally against anything Debian has done the past decades
Why would they choose a proprietary software and proprietary service?
Chromium at least has a BSD like license and is open source [1], the search provider alternative should be similar
Literally nobody can confirm DDG's privacy claims, they refused every independent audits and your search is leaking to their servers [2], it happened again [3]
And let's not forget the Microsoft Bing trackers ;)
I can't recall a single 502 response that I've ever gotten from DDG, but plenty of them for presearch, to say nothing of their closed-source node software. I enjoy advocating new tech as much as the next person, but not "route searches through who knows what, and only respond to queries some of the time" worth
The big reasons people seem to be looking for alternatives are privacy concerns and increasingly aggressive optimization for NLP. DDG and Bing both have ~1% market share and both return decent results - why support the one that will ostensibly become Google II if given the opportunity?
There was a posting on HN not long ago warning that DDG was run by spammers, and that the "privacy" focus is purely a marketing ploy.
This should be predictable on the basis that it is a free service, making you the product, and somebody else, therefore, the customer.
It is hard to know what else one can do to get useful search functionality. It has been a long time since Google dropped any emphasis on usefulness. Any useful results seem purely luck nowadays. You cannot even buy a subscription to "useful" from them or from, AFAIHF, anybody else.
DDG has ads based on your search query, that's how they make money. The difference is that they don't profile you, at least that's what they say. You can spam and respect people privacy, just by not looking who you are spamming.
And yes, "privacy" is a marketing ploy for anyone who is not Google. As for general purpose search engines, there are only two: Google and Bing, most others (including DDG) are just a front for Bing. There are other, more specialized crawlers including Marginalia whose author often posts on HN, and there is Yandex for Russia and Baidu for China, but the general idea is that if it is not Google, it is Bing.
Googler, opinions are my own. I don't work on chrome or anything related.
Many companies put out free software to drive people towards their products, and Chrome with Google Search seems to be one of those. As many know, improving and maintaining Chrome is not free, and having Google Search being a default is one part of what helps pay for this work.
Yes, this is Google, yes, this is likely a tiny drop in the bucket for them, but at the same time, it's taking away potential revenue from Google.
If this was some smaller company that produced a product that had some default that pointed to one of their SaaS offerings or the like, there would be potential issues raised over the Debian maintainers changing this default.
Chromium isn't just gratis software ("free" has a different meaning), it's open source software. There is no implicit expectation that downstream users can't change it any way want[1] and redistribute the result, that's the whole point of the open source license that Chromium is released under.
Chromium is distributed under the 3-clause BSD license, so I totally agree with you that distros can do whatever they want with it (more details here: https://www.chromium.org/chromium-os/licensing/ ). I'd imagine many people that work on Chromium would agree with this and are happy for distros to do what they'd like. If Google wanted to be pushy with the software, it could do some other kind of licensing saying people couldn't modify it and still use the Chromium branding, but they obviously chose not to do this.
My take from a business perspective is that Google produces Chrome and Chromium for a number of reasons. Good will to the community (with how permissive they are with the license), and having a stable platform to be able to build things like GMail and Search on-top of. But there is also the Ads side that benefits from Google Search being the default.
So I guess there are really many benefits for Chrome's existence, and Google Searching being a default is only part of that. But I still stand by my original post and reasoning.
Wow. Yes, that's how competition works. Are people at the tech monopolists really that entitled that they consider the entire world's purse strings theirs to control?
What a bizarre way to justify surveillance. Who said the web browser can't be sold instead? The browser and the search engine should not be developed by the same company, there are clear conflicts of interest there, but we all know why Google provides all of these products and services "for free".
> If this was some smaller company that produced a product that had some default that pointed to one of their SaaS offerings or the like, there would be potential issues raised over the Debian maintainers changing this default.
Well, thankfully this is Google, and not a small company then.
> This change caused my chromium browser to report that it's being managed by my "organization". I thought that my machine was somehow compromised. This is terrifying! I wound up deleting my entire chromium profile before I discovered that the root cause was this DuckDuckGo config change.
https://bugs.debian.org/956012