Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DuckDuckGo: Illusion of Privacy

timothy posted about a year ago | from the if-it-barks-like-a-duck dept.

Government 264

An anonymous reader writes "With all of the news stories about users moving to DuckDuckGo because of NSA spying, this article discusses why the privacy provided by DuckDuckGo is more the privacy from third-party tracking (advertisers) but may do little, if anything, to prevent the NSA from tracking your searches."

cancel ×

264 comments

Sorry! There are no comments related to the filter you selected.

IF JOHN C.DVORAK SAYS IT IS GOOD - IT IS GOOD !! (-1, Troll)

Anonymous Coward | about a year ago | (#44272679)

Because he says so !!

Go, J.D.

We love you back home

Inmate 66601812

FTFA (5, Funny)

Anonymous Coward | about a year ago | (#44272693)

"The NSA Can't Loose" ... Really?

Re:FTFA (3, Insightful)

Anonymous Coward | about a year ago | (#44272829)

Really. If they want the information, they get it. Either you turn it over willingly, or they take it forcefully via legal means or just go above you to your host. There is nothing you can do about it.

Re: FTFA (0)

Anonymous Coward | about a year ago | (#44272881)

Whoosh...

Re:FTFA (2)

ATMAvatar (648864) | about a year ago | (#44273653)

Well, you do have to be somewhat of a tight-ass to be a NSA spook...

Re: FTFA (0)

Anonymous Coward | about a year ago | (#44274347)

If it's loose, put some glue on it.

DuckDuckGo sucks (-1, Troll)

NobleSavage (582615) | about a year ago | (#44272697)

Have you tried a search in DuckDuckGo? It should be called DuckDuckSuck.

Re:DuckDuckGo sucks (3, Interesting)

Anonymous Coward | about a year ago | (#44272807)

It's about as good as a google search and it gives the wikipedia article for any topic at the top. My opinion is better than your opinion.

Re:DuckDuckGo sucks (4, Insightful)

SeaFox (739806) | about a year ago | (#44272827)

It's about as good as a google search [b]and it gives the wikipedia article for any topic at the top[/b]. My opinion is better than your opinion.

Don't know about you, but when I want to look up something on Wikipedia, I look for it on Wikipedia. Having Wikipedia info displayed automatically for a search isn't really a "feature" as far as I'm concerned.

Re:DuckDuckGo sucks (2)

Trepidity (597) | about a year ago | (#44273099)

I like to think that would be true, but honestly about 50% of the things I click on in a Google search are Wikipedia articles, even when I didn't initially search Wikipedia directly.

Re: DuckDuckGo sucks (0)

Anonymous Coward | about a year ago | (#44273153)

Still wasting time navigating to websites, eh?

Re: DuckDuckGo sucks (0)

Anonymous Coward | about a year ago | (#44273407)

navigating...
and are you still using netscape?

Re: DuckDuckGo sucks (1)

Torodung (31985) | about a year ago | (#44274361)

If clicking a bookmark or using a Firefox search assist is navigating, then yes. You make it sound like he's typing in the URL.

Re:DuckDuckGo sucks (1)

Aighearach (97333) | about a year ago | (#44273345)

I just add "wiki" to the end of my search and wikipedia will be in the top 3

Re:DuckDuckGo sucks (1)

Clsid (564627) | about a year ago | (#44273993)

haha same here. Although on Safari I have the keywords extension installed so I can type w and then whatever I want, and the search goes directly to wikipedia.

Re:DuckDuckGo sucks (1)

Anonymous Coward | about a year ago | (#44273853)

It's about as good as a google search [b]and it gives the wikipedia article for any topic at the top[/b]. My opinion is better than your opinion.

Don't know about you, but when I want to look up something on Wikipedia, I look for it on Wikipedia. Having Wikipedia info displayed automatically for a search isn't really a "feature" as far as I'm concerned.

Oh, I agree, but it's worse than that.

Not only does DDG put that "helpful" wikipedia excerpt/link at the top of their search results, but if you install the "DuckDuckGo Plus" Firefox extension, they will intercept your Google search, and cram that box in your Google search results as well. I get that some people may want that functionality (I don't -- if I use Google, it's because I want to see exactly what Google returns), but it's questionable to have this sort of content injection enabled at all in an extension whose primary purpose is to add a search engine to the search-bar, search completions, etc. lists, not to perform content injection. And it's downright evil to have it enabled by default, but I guess they think I should consider myself lucky they permit me to turn it off at all...

Yeah, no thanks, DuckFace. I'll stick with ixquick.

My other complaint with DuckDuckGo is that they use redirects to search results, just like Google. (Ostensibly, a purpose of these is to prevent information about your search leaking through the referer header -- in practice, https accomplishes that automatically, but the redirects do let the search engine monitor what you click on.) No, I don't think DDG is logging the redirects in a user-identifiable way, but why should I have to trust them (with anything beyond the query itself) when I can use ixquick which links directly to the results?

In Russia, Yandex searches YOU (4, Informative)

tepples (727027) | about a year ago | (#44272843)

DDG is a reskinned Yandex with shortcuts to search particular sites [duckduckgo.com] . If you don't commonly use site: searches on Google, and you can't stand Yandex, you won't like DDG.

Re:In Russia, Yandex searches YOU (1)

arth1 (260657) | about a year ago | (#44272891)

Yeah, it's a search aggregator, and not a search engine.
I used it before, but stopped, because it uses Bing, which is maed forr pepple whoo cann nott speel. When I make exact and correctly spelled search queries, I get a lot of rubbish back because Bing returns results for "similar" queries.

Example query: iwlyfmbp deflate

Now run this through Google and DDG and see where you get the best results.

Re:In Russia, Yandex searches YOU (5, Informative)

Caetel (1057316) | about a year ago | (#44273317)

DDG shows no results. Bing's only result is this post. Google has this post and and OpenQNX forum post... so, Google, I guess?

Re:DuckDuckGo sucks (2)

poetmatt (793785) | about a year ago | (#44272935)

what do you expect? it's bing. Since when did people believe a microsoft-based search is privacy friendly? "anonymous" is just a hilarious misnomer.

Re:DuckDuckGo sucks (1)

Aighearach (97333) | about a year ago | (#44273327)

aka "go fish"

DuckDuckGo Rocks, Google must be hurting (2, Insightful)

Anonymous Coward | about a year ago | (#44273525)

DuckDuckGo should move out of USA (and UK) at this point. They could have a huge business, but not in NSA occupied territory.

1) The reason I switched was because it doesn't use tracking cookies.
2) It doesn't own Android, Gmail, Youtube Adsense Doublclick Maps or a myriad of other sides that can be used to 'un-proxy' me and 'un-NAT' me and get around my cookie blocks.
3) It is https so the NSA *need* a warrant, unencrypted search automatically goes into the NSA database.
4) Gmail failed a link test, a disguised link (not a straight http://...) sent from my old gmail account to a pop3 was visited by a server in Arizona.
5) They don't have a feed to NSA currently, its not listed on PRISM

But best of all

6) It's actually quite good at finding stuff and better than Google at finding job CVs from NSA spooks to see what else they might want to confess to. Google is keeps substituting more popular works.

I assume from this piece that Google are suffering. Well, point 2) is entirely their fault, they linked all that data together so I have little sympathy for them.

I don't like being tracked for daring to question the legality of an illegal mass surveillance program, and Google's can always move their business out of mainland USA and to Hong Kong where they are on the other side of the great spywall of NSAland.

Re:DuckDuckGo sucks (4, Informative)

Clsid (564627) | about a year ago | (#44273981)

I don't know but if you do not want to use Google, DuckDuckGo is by far one of the best alternatives. Try doing temperature, currency conversions with DuckDuckGo, the integrated results from WolframAlpha are pretty good. The only thing is missing is image search imho.

Re:DuckDuckGo sucks (3, Informative)

Anonymous Coward | about a year ago | (#44274417)

The only thing is missing is image search imho.

Use ixquick.

Actually, use ixquick (or its sister site startpage) for all the other stuff, too.

I didn't start using DuckDuckGo for privacy (5, Insightful)

Anonymous Coward | about a year ago | (#44272705)

I started using DuckDuckGo because, out of all the other search engines out there, it's the only one I've found whose entire mission statement centers around _not_ collecting information on every goddamn thing you do. Yes it's probably still being tapped at the fibre optic cable level so it doesn't really matter, that's not the point. The point is to vote with your dollar, or in this case your page view, far more influential these days than one thinks.

I don't use DuckDuckGo because it preserves my privacy. I use DuckDuckGo because they don't try to take it away from me.

Re:I didn't start using DuckDuckGo for privacy (2)

Impy the Impiuos Imp (442658) | about a year ago | (#44272767)

Well, that's fine, but I keep pointing out I'm less concerned with whether Google knows I might want to buy Depends than that the NSA might be able to spy on political opponents to whoever holds their ear. "Make sure you fill out the warrant form, agent #4821 out of 17436." isn't much protection for a G. Gordon Liddy type.

Re:I didn't start using DuckDuckGo for privacy (-1)

Anonymous Coward | about a year ago | (#44273087)

Hello, I'm DuckDuckGo.

Sure, I suck. Some people think I should be renamed DuckDuckSuck (ha ha). But seriously, my entire mission statement centers around _not_collecting information on every goddamn thing you do, and that's just the way I roll. Some people like it that way. So just what is my mission statement you're wondering? Well my entire mission statement centers around _not_ providing useful information on every goddamn thing you want to search. Don't believe me? Just google it.

Re:I didn't start using DuckDuckGo for privacy (0)

viperidaenz (2515578) | about a year ago | (#44273649)

If DuckDuckGo was about _not_ tracking me, why does every search result link go back via duckduckgo.com before being redirected to the actual link, and the link they use javascript to show in the status bar? Just like Google. It's so they know which link you clicked, no other reason.

To hide the referrer (5, Interesting)

Anonymous Coward | about a year ago | (#44273845)

To strip off the referrer. Otherwise the end site would see the URL of the DuckDuckGo search revealing the details of the search, page, etc.

Its not about 100% privacy (5, Insightful)

SuperCharlie (1068072) | about a year ago | (#44272709)

At least for me its not, its about not feeding the beast directly. I jumped to Linux, Opera, and DDG as a way to add a few more cycles and maybe a few more man hours to the mess rather than hand it over directly with Windows, IE or Chrome, and Google. If anyone thinks they can really be anonymous in this ecosystem they are sorely mistaken. I do believe however there are less trodden paths and a little more pains in the rear that can be had, and as a silent protest, I chose to use them.

Re:Its not about 100% privacy (2)

PopeRatzo (965947) | about a year ago | (#44273125)

as a silent protest, I chose to use them.

That's all good. I've tried https://startpage.com/ [startpage.com] but I'm not smart enough to know how effective it is at keeping my anonymous.

It seems to keep Google from upskirting my private info, and maybe that's enough.

Re:Its not about 100% privacy (1)

itsthebin (725864) | about a year ago | (#44273773)

I am trying startpage also and so far I have been happy.
it queries google for you

DuckDuckNo (2, Insightful)

Anonymous Coward | about a year ago | (#44272711)

While the NSA brand of privacy invasion will probably never be avoidable, unless you renounce all forms of data transfer, it's pleasing to have SOME control over your internet presence in so far as keeping advertising trackers off your back. I don't think it says anywhere at DuckDuckGo that it avoids NSA tracking. and anyone using the service who believes it does so is unaware of how the NSA programs work.

Re:DuckDuckNo (0)

Anonymous Coward | about a year ago | (#44273625)

Indeed. The NSA is a very powerful adversary, and PRISM was just recently discovered. It's far too much to ask of DuckDuckGo to be safe against that right now.

One thing seems very clear:
Servers that contains Private Keys CANNOT be located where the NSA can reach them.

Credibility? (5, Interesting)

karolgajewski (515082) | about a year ago | (#44272715)

I may be breaking the fundamental rules of Slashdot, but ...
- the "article" is a single post on a recently created blog
- they misspell "lose"
- a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)

This is the very definition of "nothing to see here, move along".

Re:Credibility? (1)

93 Escort Wagon (326346) | about a year ago | (#44272871)

You forgot

- the "article" is very poorly written, using a whole lot of words to say very little.

Re:Credibility? (0)

Anonymous Coward | about a year ago | (#44272943)

So far it seems that any comments to that fact aren't being allowed through by the blog's author.

Most likely a paid shill spewing nonsense, but that's pretty much par for the course on Slashdot.

Re:Credibility? (-1)

Anonymous Coward | about a year ago | (#44273071)

Not a single thing of those are relevant to the correctness or incorrectness of an argument.

Is it in itself logically consistent?
Is it consistent with your observations of the world?
Then it's acceptable. That's it.

And
Does it make new predictions?
Do those predictions reliably match future observations?
Then it's *useful*. That's it.

Nothing more is needed.

I remember this scale of human intelligence that went around the net a couple of months ago. It said that most people never go past the stage where they fall for appeal to authority fallacies.
I bet you're one of those Wikipedia morons, with that same low intelligence, who demand "credible sources". By which they mean nothing else than "being able to read the text on another site [as if its location would make a difference] which has a design, name and color scheme that makes me blindly and irrationally trust it, and matches my personal wishful beliefs, so I can save actually checking its consistency and usefulness".
The most ridiculous thing that really kills it, is that they *forbid* original research! ... The only thing that would actually make them "credible".

Re:Credibility? (1)

viperidaenz (2515578) | about a year ago | (#44273729)

The future hasn't happened yet, so by your definition, nothing is useful yet.

Re:Credibility? (2)

Nimey (114278) | about a year ago | (#44273113)

Since when does Slashdot have credibility? At all?

Re:Credibility? (0)

Anonymous Coward | about a year ago | (#44273119)

- a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)

Try DuckGoGo. :)

Re:Credibility? (2)

viperidaenz (2515578) | about a year ago | (#44273757)

Perhaps because you spelt Brett Wooldridge wrong.

Re:Credibility? (0)

Anonymous Coward | about a year ago | (#44274071)

I may be breaking the fundamental rules of Slashdot, but ...
- the "article" is a single post on a recently created blog
- they misspell "lose"
- a quick google of Brett Wooldrige doesn't bring up anything exciting (a Forbes blog account with no content?)

This is the very definition of "nothing to see here, move along".

Really? Those things tells me far more. The likelihood of this being a paid NSA commercial / part of the ongoing psy-ops damage limitation (weak sauce as it is) is very close to 100%. I'm not going to point out either the extrfemely obvious reasons nor the subtle but very convincing ones (especially those) no matter how gratifying it would be to do so because the whole thing is likely automated and I feel no need to help the US power that be destroy everything that made the US great.

I pity anyone/everyone actually named Brett Wooldrige though, must suck to see ones name on shit like this.

Oh come on now... (2, Insightful)

Anonymous Coward | about a year ago | (#44272721)

This is one, gigantic, "no shit, sherlock".

so what? (0)

Anonymous Coward | about a year ago | (#44272731)

Most probably google knows more about me than the NSA, making money with this information and not paying taxes, well only a bit

What about Startpage? (2, Interesting)

Anonymous Coward | about a year ago | (#44272737)

Is it any safer? They bill themselves as "the world's most private search engine" but that doesn't really mean anything.

Re:What about Startpage? (2)

UltraZelda64 (2309504) | about a year ago | (#44272989)

I don't know, but when I want to search using queries that may bring in potentially "illegal" search results, I just use Ixquick. To be honest though, I don't know what the difference (other than name) is between the two. Both Ixquick and Startpage are run by the same people, they both look practically identical, and you probably couldn't go wrong with either one. I just happened to find out about Ixquick first and saw a few more mentions of it on different websites so I just use it. Ixquick does not log any user IP addresses. According to Wikipedia article on Ixquick, Startpage is just an "easier-to-remember" alias of the same exact search engine. Ironically, I find Ixquick's fewer letters to be faster and easier to type.

Re:What about Startpage? (0)

Anonymous Coward | about a year ago | (#44273701)

Startpage.com seems to be some type of proxy that serves results from Google.

Ixquick.com seems to use other, non-Google, sources to gather results.

Re:What about Startpage? (0)

Anonymous Coward | about a year ago | (#44273899)

I don't know, but when I want to search using queries that may bring in potentially "illegal" search results, I just use Ixquick. To be honest though, I don't know what the difference (other than name) is between the two.

Startpage just scrapes google results.

Ixquick aggregates results from several search engines (and gives preference by how many hit the same result, as well as the result's ranking in each).

According to Wikipedia article on Ixquick, Startpage is just an "easier-to-remember" alias of the same exact search engine.

If so, somebody who gives a fuck should correct it -- they're manifestly not the same.

The world's most virtuous whore (1)

ulatekh (775985) | about a year ago | (#44272997)

They bill themselves as "the world's most private search engine" but that doesn't really mean anything.

It means about as much as "the world's most virtuous whore".

USE Ghostery and HTTPSEverywhere (1)

zenlessyank (748553) | about a year ago | (#44272741)

Then you don't have to worry about which quackin' search engine you use to search for your knowledge with.

VPN (4, Informative)

xtal (49134) | about a year ago | (#44272749)

Run your traffic encrypted through another country with actual privacy protections.

It's not perfect, but it is another complication and barrier to direct monitoring.

Ultimately, the NSA reveal is a good thing - it's going to drive demand for virtual private cloud services where you hold the keys, and perhaps, a move back to corporate controlled cloud services on-site. Great news if you're in IT.

Re:VPN (1)

Anonymous Coward | about a year ago | (#44272797)

Great way to get marked a foreigner and guarantee for intense surveillance.

Re:VPN (1)

Clsid (564627) | about a year ago | (#44274363)

Lol, keep spreading the FUD. There are things that can be done. They are not God you know.

Re:VPN (1)

wisnoskij (1206448) | about a year ago | (#44272947)

Was that not part of the NSA spying reveal.
The huge amount of cooperation between countries with laws that protect spying on their own citizens but not other nation's citizens?

You route your data through a country with strict privacy laws, and that country intercepts it because their laws do not protect you, a non-citizen.
They then allow access of that data to the NSA, and no one broke any laws.

Re:VPN (0)

Anonymous Coward | about a year ago | (#44273097)

Please name for me this wonder country that will protect my rights even though I am not a citizen. Furthermore, please tell me how you guarantee that any so-named country does not already have agreements in place with the government of my own country (I am a U.S. citizen) to spy on my traffic.

Re:VPN (1)

Clsid (564627) | about a year ago | (#44274415)

No country or government will protect your rights. But there is something you can do about it, like having your own small server back home and use alternative services like Yandex, etc. Yandex is a Russian company that have to comply with government requests in the same way American companies have to do back home. So as far as search engines go, you truly have to go with whatever lesser evil you are willing to tolerate. In that regard, DuckDuckGo is a good option.

But if you get a cheap VPS server, even if it isn't as secure as having your own, it's very convenient and you don't have to rely on stuff like Dropbox/GDrive/SkyDrive, ad-supported e-mail, or internet companies with huge tracking issues like Facebook and Google. You can also use DailyMotion to try and break your dependence on YouTube.

Re:VPN (1)

g1nG3Rj0urNAl157 (2926785) | about a year ago | (#44273895)

Am I missing something really obvious? Why would you even try something like DuckDuckgo? It's only "remedy" for privacy is it's policy of not tracking users. Serious considerations for privacy would impel one to consider an anonymizing network layer such as I2P. Or if you really want relatively foolproof privacy, get a VPN connection, install VPN network monitoring software and configure your DNS settings manually.

Ixquick? (4, Informative)

rycamor (194164) | about a year ago | (#44272755)

At least Ixquick is not a U.S. company: https://ixquick.com/eng/prism-program-revealed.html [ixquick.com]

While their searches aren't as fast as Google's, I have found them to be pretty good quality-wise.

No PFS at DDG (2)

Lawrence_Bird (67278) | about a year ago | (#44272761)

DuckDuckGo, a search engine, has been prominent in the media since the start of the Snowden revelations due to its privacy policy which promotes anonymity. If the private key used by DuckDuckGo were ever compromised — for example if one of their servers were seized — all previous searches would be revealed where logged traffic is available. DuckDuckGo may be a particularly interesting target for the NSA due to its audience and the small volume of traffic (as compared to Google).

This is because DDG does not use crypto algorithms which support perfect forward secrecy.

When PFS is used, the compromise of an SSL site's private key does not necessarily reveal the secrets of past private communication; connections to SSL sites which use PFS have a per-session key which is not revealed if the long-term private key is compromised. The security of PFS depends on both parties discarding the shared secret after the transaction is complete (or after a reasonable period to allow for session resumption).

So it would require significantly more work for NSA to deal with a site using PFS. Source: netcraft [netcraft.com]

Re:No PFS at DDG (1)

anagama (611277) | about a year ago | (#44272897)

I'm trying to understand PFS having not heard of it before -- If I understand correctly, it is a system wherein a unique public/private key pair is generated on demand using a long term key. Or to put it more simply -- a system that gives every session a new and unique set of encryption keys, thus making compromise of the private key hugely less of a bonanza. If that's the case, that sounds like a great system.

Reading your linked article demonstrates that some sites already do this ... how do I make sure I'm taking advantage of it?

Re:No PFS at DDG (1)

Lawrence_Bird (67278) | about a year ago | (#44272959)

Use this [ssllabs.com] it details towards the bottom the ordering of ciphers.

Re: No PFS at DDG (0)

Anonymous Coward | about a year ago | (#44272973)

they have pfs. check their blog

Re: No PFS at DDG (1)

Lawrence_Bird (67278) | about a year ago | (#44273055)

actually, I found it in a forum post and have verified, they do now use ECDHE, clearly as a result of the netcraft article.

Re:No PFS at DDG (0)

Anonymous Coward | about a year ago | (#44273225)

SSL offering at Ixquick [ssllabs.com] and Startpage [ssllabs.com] are way better. DuckDuckGo doesn't even support TLS 1.1 and 1.2 yet.

blog colors (-1)

Anonymous Coward | about a year ago | (#44272765)

J. F*cking Christ, what a horrible design, it HURTS!!!!!1111

Re:blog colors (2)

Jeremy Erwin (2054) | about a year ago | (#44272801)

Be gentle. It's his first Blog Post.

Re:blog colors (2)

93 Escort Wagon (326346) | about a year ago | (#44272915)

I found it funny that, right there at the top, there's a big proud "Ads by Google" link. There's nothing wrong with that per se, but it does color one's perception when the blogger is basically saying "sure Google is cooperating with the NSA, but they're a lot bigger than DuckDuckGo" (for whatever reason we should care about that).

I switched to DDG a few weeks ago, but it had more to do with my changing perception of companies like Facebook and Google than it did with any idea the move would somehow deter the NSA from snooping on me.

Re:blog colors (1)

Clsid (564627) | about a year ago | (#44274425)

I have been using DDG for quite a bit, but its lack of image search is a little bit inconvenient. I'm testing Yandex to see if I can use it for everyday stuff.

Blogs are not news; they're Op-Ed (0)

Anonymous Coward | about a year ago | (#44272769)

IMHO, any "story" that's clearly a blog entry should be rejected as op-ed flamebait. Slashdot devs should make this easier for the "editors" by blacklisting blockspot in the submission filter.

With that said, I don't think anyone here is naive enough to think that federal agencies can't spy on anyone they want. My guess is that people are using DDG to make a statement. I personally don't use DDG because its results were terrible when I gave it an honest try about 6 months ago after Google briefly broke their search engine results for anyone using Adblock.

Derp (1)

SGT CAPSLOCK (2895395) | about a year ago | (#44272781)

It's kind of tough to understand why people would think that DDG has any magic to stop the NSA from eavesdropping on it in realtime. Isn't its hosting done by Amazon to begin with? (srsly a question, idk)

Aside from that, DDG does have its benefits. Not setting any cookies is important. Not remembering search history on their end is important. It also prefers to serve up SSL-enabled pages instead of their unencrypted counterparts. And a very beneficial feature is that it doesn't set the referrer when you go somewhere.

But NOTHING will prevent the NSA from eavesdropping on traffic en-route if they choose to do so, given that they have the incentive to do so and the cooperation of the providers that actually matter.

icons (1)

atherophage (2481624) | about a year ago | (#44272795)

At least it appears DDG is trying to help with privacy. They have links on their minimalist home page which lead to suggestions for protecting your search privacy. Found out about Disconnect.me through DDG. DDG also has way cool swag [http://help.dukgo.com/customer/portal/articles/216375-t-shirts-stickers-more] on the cheap.

You're kidding, right? (0)

Anonymous Coward | about a year ago | (#44273251)

At least it appears DDG is trying to help with privacy.

You're kidding, right? They're a Union Square Ventures startup, which is a Fred Wilson VC funded fund.
http://en.wikipedia.org/wiki/Fred_Wilson_(financier) [wikipedia.org]

Chase Capital Partners as the sole active LP. This is JPMorgan/Chase Bank:
http://en.wikipedia.org/wiki/Chase_Manhattan [wikipedia.org]

This is one of the "Big Four" ... these guys got $25B in TARP funds in the Wall Street bailout because they were "too big to fail":
http://projects.propublica.org/bailout/list [propublica.org]

These guys collect more information on people than God. When the Pope wants to know something, instead of praying, he calls up these guys.

Decrypting SSL (4, Interesting)

BringYourOwnBacon (2808547) | about a year ago | (#44272837)

I think the article brings up and interesting point about who's SSL certs the NSA has access to. It's reasonable to assume that they are capturing most if not all Internet traffic in the states (at the very least all packets entering or leaving the county.) What is unknown is how much of that encrypted traffic can be easily decrypted. If I were a three letter gov't agency intent on decrypting massive amounts of traffic, I would go straight for the keys. It's particularly of note that DuckDuckGo does NOT use session keys in its SSL implementation, meaning if their private key got compromised, all previous searches would also be compromised. I don't think it's too much of a stretch to assume that the NSA has found a way to that key, either through secret court orders, or good old fashioned nefarious means. Especially for a site like DDG, who makes promises of "privacy". Makes you wonder who else's keys they have access to.

100% serious question (0, Interesting)

Anonymous Coward | about a year ago | (#44272841)

When was the last time you searched for something and found it using a commercial search engine? I've never, ever found anything on search engines. I have my bookmark library (entirely non-cloud) and ask HUMAN BEINGS for recommendations when I need a new kind of software. Then I might use the search engine to find their site the first time, but that's hardly blindly searching for stuff. I always just find 100% spam, irrelevant crap and generally low-grade junk when I search for *anything*. The entire concept of searching for things in general (not counting service-specific engines) is foreign to me. It just doesn't work in my world. I don't understand what people search for that they get proper results. Or maybe they just have extremely low demands.

Re:100% serious question (1)

zenlessyank (748553) | about a year ago | (#44272893)

You are an idiot. A lying fucking idiot. >>>>>>>>>>>>" I've never, ever found anything on search engines." "Then I might use the search engine to find their site the first time" See??

Re:100% serious question (1)

number11 (129686) | about a year ago | (#44273379)

When was the last time you searched for something and found it using a commercial search engine? I've never, ever found anything on search engines. I have my bookmark library (entirely non-cloud) and ask HUMAN BEINGS for recommendations when I need a new kind of software. Then I might use the search engine to find their site the first time, but that's hardly blindly searching for stuff. I always just find 100% spam, irrelevant crap and generally low-grade junk when I search for *anything*. The entire concept of searching for things in general (not counting service-specific engines) is foreign to me. It just doesn't work in my world. I don't understand what people search for that they get proper results. Or maybe they just have extremely low demands.

Maybe I just have extremely low demands. But when I want to know what a particular error message means, or if some unknown program that seems to be running is malware, or if the latest "OMG This Unlikely Thing Happened" post is true, or how to knock the password off of a protected pdf file, or how to spell "indefatigable", or where the hell "Bozy's Bar" (where the meetup is) is, or where I can get a cheap replacement bumper for my car, I use a commercial search engine. Maybe your problem is searching for "anything", I find it works much better if you have a particular subject in mind.

DuckDuckGo Response (5, Informative)

yegg (1908960) | about a year ago | (#44272845)

Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business. We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt. There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example. A couple other responses to things I've noticed in the comments already: --Our servers are already located around the world. European users are generally not hitting US-based servers, for example. --We do have PFS on our cert: https://www.ssllabs.com/ssltest/analyze.html?d=duckduckgo.com&s=50.18.192.251 [ssllabs.com]

Re:DuckDuckGo Response (-1, Flamebait)

Antique Geekmeister (740220) | about a year ago | (#44272979)

> All the existing US laws are about turning over existing business records and not about compelling you change your business practic

This is a *BLATANT* lie. The US encryption regulations are precisely about controlling corporate behavior, especially the encryption export regulations HIPAA, FISA, and the more fascinating regulations of the misnamed Telecummincations Privacy Act. And it *does not matter* that the request is unconstitutional, your servers can be shut down while the non-court-approved, unconstitutional Patriot Act request is shoved up your backside. And you *would not be allowed to admit it had happened*.

Any corporate president too stupid to lie better than that is too stupid to protect their client's privacy, or money, or electronic documents and should not be trusted to hold a spoon by the right end. Nice job costing yourself any customers you had left who read Slashdot.

Re:DuckDuckGo Response (4, Interesting)

Khopesh (112447) | about a year ago | (#44272983)

Thanks, that was a nice official response to a crackpot article that should never have made it to slashdot.

My read of that article was that nothing is really safe (which is true, but you have to be reasonable about these things) and that larger companies at least have accountability. It kindly forgets that this accountability isn't to users, it's to shareholders. DuckDuckGo protects against these larger companies, and DDG might just fly low enough under the radar to avoid the attention of the NSA.

Keep up the good work, Gabe. If you're in the SF area, I'd love to buy you a beer.

Re:DuckDuckGo Response (0)

Anonymous Coward | about a year ago | (#44273101)

Yeah, but all traffic from US and all north America has to go through the tel-co combine. I'm sure everything is secure once it reaches your servers, but there is no way to secure the traffic from local IP through the cloud server farms (like hetzner.de and mmu.nac.net) before it arrives at your server. At least not from the tel-co gang.

Re:DuckDuckGo Response (0)

Anonymous Coward | about a year ago | (#44273195)

Ixquick and Startpage offer better SSL than DuckDuckGo. They have TLS 1.1 and 1.2 (DDG has only 1.0), and have enabled TLS 1.2 256-bit ciphers with a higher priority. I think they still keep RC4 for TLS 1.0 and SSL 3.0 to mitigate the BEAST attack [qualys.com] for CBC ciphers, since 128-bit RC4 is the better devil [qualys.com] until everybody moves to TLS 1.2.

Ixquick/Startpage seem to have servers in both the US and Europe.

https://www.ssllabs.com/ssltest/analyze.html?d=startpage.com&s=69.28.209.119 [ssllabs.com]

https://www.ssllabs.com/ssltest/analyze.html?d=ixquick.com&s=69.90.210.8 [ssllabs.com]

Why was this posted? (0)

Anonymous Coward | about a year ago | (#44272861)

Article has nothing to do with title. No supporting evidence either. Author obviously has done no research and throws a bunch of hypothetical nonsense against Weinberg. Thumbs DOWN.

I defaulted all my browers to DuckDuckGo (0)

Anonymous Coward | about a year ago | (#44272993)

About four hours ago and saved off a new image so they'll stay that way on restore. I care less about privacy that redirecting money away from Google.

Dice (0)

Anonymous Coward | about a year ago | (#44273023)

Slashdot: Illusion of Content

Speculative and inaccurate opinion piece (3, Informative)

PureRain (231574) | about a year ago | (#44273025)

I feel compelled to let anyone here who has not RTFA to not bother. It is a poorly written blog entry that's nothing but hyperbole and speculation. It's also badly researched and contains a lot of inaccuracies. One of the commenters is the CEO of DDG and he corrects some of the misinformation.

I've been using DDG for 2 years and it is great. Not always as good as Google but a good alternative for most searches. Make sure you set it to your region (settings).

Larger picture... (3, Insightful)

Shoten (260439) | about a year ago | (#44273043)

So, the majority of the population now realizes that their activity is in some way monitored, and they wish to evade that monitoring. They need to consider this: they are amateurs playing for nickel stakes in this game. The NSA doesn't care about them, and the people aren't used to playing this game either, for their part. This game exists, at the moment, primarily between the most sophisticated intelligence apparatus in human history and a very small population that is doing everything they can possibly do to hide. We think that using airgapping a network and using USB drives simply to move data across the room is a powerful security measure...these guys used USB drives to move data between countries, and even that wasn't good enough to protect them. The average citizen merely worries about some amorphous knowledge of their habits...the real target population faces death, or perhaps even worse internment in a black site somewhere for years first. And that population has been working on hiding for quite some time now; this is not a new game just because the rest of us know it's being played now.

So...with that context, why would anyone think that simply using a different search engine fucking matters?

Re:Larger picture... (0)

Anonymous Coward | about a year ago | (#44273131)

Because this is Slashdot. People here think so highly of themselves as to believe that NSA or any other spying organization gives a shit about their gay porn activities, blatant Linux/Google cocksucking, or any other man titted bullshit that occurs here.

Re:Larger picture... (0)

Anonymous Coward | about a year ago | (#44273161)

It doesn't matter because NSA's facial reaction will always be the same on the type of shit I look up in google images. Goatse doesn't even begin to describe the horror. I welcome the entire census of neticens(sp?) to do the same.

the NSA doesn't care about them?? (2)

transporter_ii (986545) | about a year ago | (#44273193)

> .these guys used USB drives to move data between countries

Look, if anyone with any sense can bypass the snooping, they must know that. That only leaves *us* that they are snooping on.

Re:Larger picture... (2, Insightful)

Anonymous Coward | about a year ago | (#44273633)

why would anyone think that simply using a different search engine fucking matters?

It may not. But anything that makes more work for the secret police is a good thing.

(If you object to the NSA being called "secret police", remember that they turn over any evidence of crimes that they find to other police agencies. They don't have "active" agents, they don't torture like the Gestapo, the US has other organizations to do that, they're more like a department of the Stasi.)

A Dubious Article (2)

Kplx138 (2523712) | about a year ago | (#44273083)

Apparently all you need to get front page on slashdot is an article with one link to a blog, that has only one post, created by a random user. Hell the 3rd paragraph of the article beings with 'TL;DR' a phrase I associate with image boards such as 4chan than I do actual journalism and news. While the article is somewhat interesting it's nothing more than an op-ed piece or a letter-to-the-editor at best or some anti-DDG fud created by some PR firm at worst.

Tor and Hidden Service (2)

UnsignedInt32 (1118617) | about a year ago | (#44273277)

They have an exit enclave for DDG search engine traffic and also hidden service at 3g2upl4pq6kufc4m.onion...
So there at least they provide some additional layer of protection for those who are needed.

Re: Tor and Hidden Service (0)

Anonymous Coward | about a year ago | (#44273541)

Use the tails operating system to minimise your risk of unmasking yourself when browsing the net using tor. Their advice is to boot Tails from a Live CD.

Wait one second (1)

mpbrede (820514) | about a year ago | (#44273369)

The source link for the article is a new blog with one (yes, count it, one) post?? I call fowl.

Use it via Tor hodden service (1)

gweihir (88907) | about a year ago | (#44273669)

Sure, the NSA still gets what you search for and the results, but unless they have control over the Tor network (which is doubtful), they cannot associate that info with you.

Huh (0)

Anonymous Coward | about a year ago | (#44273683)

Duck Duck WTF

My next network protocol... (1)

OrangeTide (124937) | about a year ago | (#44273847)

The headers in my next protocol will use identifiers, like any ther protocol. except my identifiers will be: JIHAD, NUKE, SARIN, INFIDEL, ...

It's about time to apply techniques similar to Culture jamming [wikipedia.org] to these spying tactics. It probably won't stop them, but we can at least try to piss them off.

Usual Slashdot trolling (0)

Anonymous Coward | about a year ago | (#44274009)

DuckDuckGo has NOTHING to do with hiding from the NSA, and the owners of Slashdot know this. The privacy offered by services like this is against common or garden abuse of your search history by ordinary establishment agencies like the police.

It is standard operating procedure today for any person under OVERT government investigation to have their computer seized, and to have Google et al provide details of that person's search history. If that target has been a careful user of services like DuckDuckGo, their search history CANNOT be discovered. This being so, why is Slashdot attempting to downplay the usefulness of such services? Do you really have to be told?

The owners of Slashdot, with ZERO legal necessity, disconnected the citizens of Iran from all the open-source services they provide. Slashdot is the establishment, and the owners of Slashdot willingly participate in ALL black propaganda ploys designed to make people less careful online. We see the same phenomenon with US TV shows made today. There is a total BAN on shows reminding people that their cell phones are tracked in real-time so long as the phone has a powered battery. GPS like functions have been a legal requirement for all phones sold in the USA for years now, but the TV networks have agreed to NEVER remind the viewers that their phones provide law enforcement with a constant trace on their location.

Indeed, so insane is this rule, that there was a recent episode of the American version of 'Shameless' where the plot revolved around finding a person with a cellphone who was trapped in a lorry somewhere. The story included characters who were supposed to be technical experts, but not once did they suggest using the location tracking ability of the phone. You are probably stupid enough to disbelieve me (regarding the ban) but pay attention to any recent US TV show, and you'll see what I say is true. Much older shows, before the ban, of course frequently had the storyline using the location tracking feature, but the government has ALWAYS been concerned about TV shows 'educating' potential criminals.

Watch any popular show with criminal activity, and you'll see the characters ALWAYS do it wrong (by design). Realistic depictions of criminal methods are not allowed on shows popular with the sheeple. Your government calculates that far more (dumb) criminals will be caught as a result of their cell phone use if TV shows fail to remind people how the technology really works.

On a similar note, the owners of Slashdot would like to remind you that using encryption is a waste of time, because the NSA has magic computers that can crack any encryption, and using proper software methods to erase information on hard-drives is pointless, because data recovery teams have magic surface scanning technology that can reconstruct any erased data.

Yes, Slashdot uses that old psychological method known today as FUD. And sadly, this method does discourage a significant number of people from engaging in best practises, which is why Slashdot runs these stories.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?