There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted:

  • Nefarious History of DDG founder & CEO:
    • DDG’s founder (Gabriel Weinberg) has a history of privacy abuse, starting with his founding of Names DB, a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006)
    • Weinberg’s motivation for creating DDG was not actually to “spread privacy”; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg’s means (not ends) in that endeavor. Clearly he doesn’t value privacy – he values perception of privacy.
  • Direct Privacy Abuse:
    • DDG was caught violating its own privacy policy by issuing tracker cookies.
    • DDG’s app sends every URL you visit to DDG servers. (reaction).
    • DDG is currently collecting users’ operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the “network” tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
    • DDG is accused of fingerprinting users’ browsers.
    • When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
    • DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium.
  • Censorship: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
    • DDG is complying with the “celebrity threesome injunction”.
  • CloudFlare: DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity:
    • Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network.
    • Privacy: All CloudFlare sites are surreptitiously MitM’d by design.
    • Net neutrality: CloudFlare’s attack on Tor users causes access inequality, the centerpiece to net neutrality.
    • DDG T-shirts are sold using a CloudFlare site, thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying “DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs.” (2019)
    • DDG hired CloudFlare to host spreadprivacy.com (2019)
  • Harmful Partnerships with Adversaries of Privacy Seekers:
    • DDG patronizes privacy-abuser Amazon, using AWS for hosting.
      • Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy worldwide.
      • Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes.
      • Amazon paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
      • Amazon runs sweat shops, invests in climate denial, etc… the list of non-privacy related harms is too long to list here.
    • DDG feeds privacy-abuser Microsoft by patronizing the Bing API for search results and uses Outlook email service.
      • Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations)
      • Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress.
      • Microsoft paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
      • DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==> “…duckduckgo-com.mail.protection.outlook.com”
    • DDG is partnered with Yahoo (aka Oath; plus Verizon and AOL by extension). DDG helps Yahoo profit by patronizing Yahoo’s API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways:
      • Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills)
      • Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay.
      • Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace.
      • Verizon supports the TTP treaty.
      • Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration.
      • Yahoo recently recovered “deleted” e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy.
      • Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers.
      • (2014) Verizon fined $7.4 million for violating customers’ privacy
      • (2016) Verizon fined $1.35 million for violating customers’ privacy
      • (2018) Verizon paid $200k to fight privacy in CA. See also this page
      • (2018) Verizon caught taking voice prints?
      • more dirt (scroll down to Verizon)
      • (2016) Yahoo caught surreptitiously monitoring Yahoo Mail messages for the NSA.
  • Advertising Abuses & Corruption:
    • DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources.
    • Tor Project accepted a $25k “contribution” (read: bribe) from DDG, so you’ll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over Ss – and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG – a likely consequence of EFF’s close ties to Tor Project.

For the record, this is how Tor Project responds to criticism about their loyalty toward DuckDuckGo (their benefactor) in IRC:

18:20 < psychil> if torbrowser is going to be recommended, it should also be open to scrutiny. in the absence of that transparency, you create an untrustworthy forum.

18:20 < psychil> we’ve seen a loyalty from TB toward duckduckgo, but DDG is in partnership with Verizon, Yahoo, AOL et. al.

18:21 < psychil> all CISPA-sponsoring companies

18:22 < psychil> if ppl choose to trust them fair enough, but this trust shouldn’t be pushed on every user weighing their choice of browsers

18:26 -!- mode/#tor [-b psychil@!@*] by ChanServ

18:27 < YY_Bozhinsky> psychil: i am using Tor (thanks to Tor Devs)… PLUS brain - good bundle. I am happy. And please, don’t rush to change Reality (do it slowly with love and respect). Because it’s home for many ppl. They construct their lives in it. Think twice before ruining that. Please.

18:27 -!- mode/#tor [+b psychil!@] by ChanServ

18:27 -!- psychil was kicked from #tor by ChanServ [wont stop the FUD]

Indeed, Tor Project is notoriously fast to censor any discourse (no matter how civil) when it supports a narrative that doesn’t align with their view / propaganda.

@hownowbrowncow
link
91Y

They also need to supply your IP address in order to serve geo-specific search results, which they do for the Bing API, effectively passing on your PII with every search.

@Molly666
link
31Y

And I believe that privacy on the Internet does not exist. And this is my main argument. In the modern, indexed model of the Internet, privacy is impossible. https://utopia.fans/privacy/the-myth-of-the-privacy/ Yes, you can use privacy tools, which to some extent reduce the vulnerability of personal data, but this is still not an option. It has long been proven how global corporations hunt for our data and make money from it, and besides, the hacker community hunts for them, because they can then be sold on the darknet.

art
link
122Y

This has inspired me to start testing out Searx as my default again.

Dessalines
admin
link
112Y

I love searx but instances keep getting taken down, or results not coming back from the main sources.

@gravity
link
82Y

I was considering self-hosting my own SearX instance for personal use. Not going to lie though, I really do enjoy the aesthetic customization of the JS ver of DDG, which SearX seems to lack. But I could be wrong and just haven’t toyed enough with it? As far as results, I can’t say how different they are to DDG. I probably will switch to SearX for a little and see how I like. Can anyone comment on the aesthetic customization part though?

@developred
link
2
edit-2
9M

deleted by creator

@gravity
link
21Y

Well you could host it on a VPS, but still I tried it out and it was pretty shit I found. Idk. I just could not find it nice to use.

@AgreeableLandscape
admin
link
4
edit-2
1Y

deleted by creator

@gravity
link
01Y

Can probably run it through Tor

@AgreeableLandscape
admin
link
3
edit-2
1Y

deleted by creator

@gravity
link
31Y

Can pay with vanilla card, some accept crypto Depends on the service and the information they require.

Imo still a waste of time and money seeing all your traffic already goes through your ISP and even if it was encrypted it’s a search engine and for most people even DDG would be sufficient imo. I do wish DDG had slightly better policies though…

art
link
42Y

That’s ultimately why I left the last time. That and the speed in which most instances load is terrible.

@raverrebel
link
31Y

Anyone has an opinion on startpage.com? This would be the best alternative imho.

@SudoDnfDashY
link
12M

I would recommend MataGer as they are a non profit and have their own crawlers.

@dirtfindr
creator
link
2
edit-2
1Y

Startpage is only slightly better than DDG, but quite far from being the “best” alternative. Startpage financially feeds Google.

Ss is the best alternative (Tor required).

@gmate8
link
1
edit-2
3M

deleted by creator

@koalp
link
9
edit-2
2Y

I think the fact that it isn’t open source is enough to try to avoid it.

Does anyone know a “good enough” open source alternative to duckduckgo ? I know there is yacy but the last time I tried it was disappointing. But maybe I don’t know how to use it :grinning face with sweat:

@ljt84846
link
51Y

alterna

What about qwant.com? They do have their own index and are based in Europe, out of US privacy violating agencies. Not open source sadly. But I have been using it for about a year and the results are great.

@ajz
link
112Y

SearX and MetaGer are open source. I find MetaGer reasonably okay for my searches (I was not too happy with SearX instances results). YaCy is also open source (Java based) and as a bonus it can be used for local search.

@joojmachine
link
24M

I just wish both of them had a more polished UI, so I could better recommend it to normies. MetaGer is a little better in this regard, but none of them come even close of startpage and DDGs in the normie appeal category, which just makes harder for people that aren’t 100% devoted to focus on privacy to switch.

@someone
link
1
edit-2
4d

deleted by creator

@AgreeableLandscape
admin
link
5
edit-2
1Y

deleted by creator

@dirtfindr
creator
link
62Y

This thread does an interesting comparison:

https://lemmy.ml/post/29179

YaCy is a crawler. It’s a great tool for supplying your own search engine to the public, but end users will find searx nodes more practical.

@AgreeableLandscape
admin
link
4
edit-2
1Y

deleted by creator

@dirtfindr
creator
link
4
edit-2
2Y

The privacy policy is where a supplier can attest that they are executing an unmodified copy of a published free software program. So DDG could publish their source code and then make themselves legally bound to execute the code as-is.

Obviously considering the OP, DDG has things to hide. If they were to hypothetically take that step, users would still be left with trusting DDG, who has already been caught violating their privacy policy – but there’s value to having the accountability.

To answer u/koalp, searx is actually free software, and likely many searx instances run unmodified copies of it. I don’t know of any instances that guarantee that they run unmodified code, however.

@NoEmail
link
42Y

NB: Can’t believe I had to register here with an e-mail address to comment about privacy…

Problem I have with searx is it does no regional searches at all - I just can’t find what I’m looking for in my own country. Results seem to be .com results. I see a Github issue was opened for that about 4 years ago and is still open.

I notice that DDG does allow users to set their search method to POST requests and support redirects to prevent search leakage. Partly the problem of browser and OS etc identity is our own browsers that are sending this info? DDG does do good regional search too.

So my big challenge is give me a metasearch engine that can at least do regional searches. For someone living in the US they probably don’t have a problem with “global” results, but outside the US we need results for locally in Botswana, South Africa, Egypt, etc and language is no good to filter on.

@dirtfindr
creator
link
52Y

NB: Can’t believe I had to register here with an e-mail address to comment about privacy…

Supplying an email address on Lemmy used to be optional. Has that changed?

Problem I have with searx is it does no regional searches at all

I think that’s determined by the searx instance. Some instances let you choose your UI language, as well as the results language. You can also do “site:de” if you want to search *.de sites for example.

I notice that DDG does allow users to set their search method to POST requests and support redirects to prevent search leakage.

Why would POST prevent leakage? As long as the site is HTTPS, the query is encrypted regardless of whether it’s HTTPPOST or HTTPGET.

@unknownnumber
link
51Y

I just registered yesterday and did not use an e-mail address.

@someone
link
3
edit-2
4d

deleted by creator

@developred
link
1
edit-2
9M

deleted by creator

@someseven
link
-51Y

Censorship: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.

If you care about censorship then why did you escape Reddit for Lemmy of all the alternatives?

@urtlifnc
link
4
edit-2
4M

deleted by creator

@developred
link
5
edit-2
9M

deleted by creator

@AgreeableLandscape
admin
link
4
edit-2
1Y

deleted by creator

@hownowbrowncow
link
21Y

https://www.mojeek.com/ has it’s own index, but is smaller than Bing and Google and caters more for English and European languages. They were the first engine in the world to have a no tracking policy

@dirtfindr
creator
link
5
edit-2
2Y

Startpage is not linked to half as many privacy abuses as DDG. But it still makes sense to replace both of them with searxes.eu.org, which is the only search engine that goes as far as to filter out CloudFlare sites. Note that Searxes down ATM due to attack.

@nutomic
admin
link
12Y

There are a lot of other searx instances, eg searx.info.

@unknownnumber
link
31Y

PSA: This changed to https://searx.space/

@dirtfindr
creator
link
32Y

None of them filter out CloudFlare sites. Only searxes.eu.org.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 user online
  • 11 user / day
  • 75 user / week
  • 198 user / month
  • 597 user / 6 month
  • 3.6K subscriber
  • 1.95K Post
  • 8.8K Comment
  • Modlog