in which the author put forwards arguments for not using DDG for having “substantial privacy and civil liberty issues”. I haven’t dug further into this yet but I just wanted to address myself to more experienced forum fellows to ask what are their experience and thoughts about DDG being a “privacy abuser”.
# available at: https://www.arin.net/resources/registry/whois/tou/
# If you see inaccuracies in the results, please report at
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
NetRange: 184.108.40.206 - 220.127.116.11
CIDR: 18.104.22.168/14, 22.214.171.124/13
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Assignment
Organization: Microsoft Corporation (MSFT)
OrgName: Microsoft Corporation
Address: One Microsoft Way
Weinberg’s motivation for creating DDG was not
actually to “spread privacy”; it was to create something big,
something that would compete with big players,
Whilst it would be ideal if he wanted to spread privacy as well, I think even if his objective had been capital and privacy being the means of obtaining it the service would still need to be solid in order to obtain it. Surely this cannot be overstated in a circle like this, where his audience are users well aware of how the service works.
I would be a lot more worried about this:
DDG’s third violation (2021): Microsoft hosts DDG’s service and
also supplies Bing search results for the same
transaction. This means Microsoft sees both sides of the
transaction and can link your IP address (i.e. identity) to
your search query that Bing processes. DDG makes this
false statement: “we never share any personal information with
any of our partners. The way it works is when we call a partner
for information, it is proxied through our servers so it stays
completely anonymous. That is, any call to a partner looks to
the partner as it is from us and not the user itself, and no
user personal information is passed in that process (e.g. their
IP address). That way we can build our search result pages using
these 100s of partner sources, while still keeping them
completely anonymous to you“ (emphasis added). While it may
be true that DDG doesn’t transmit users’ IP addresses to
Microsoft, Microsoft has already seen users’ IP addresses via
Azure. That combination of data given to Microsoft makes DDG’s
Microsoft collects IP addresses.
But it is an area I’m not that familiar with, so my question would be this: who would be a better actor to host it? I wouldn’t consider AWS better from a privacy standpoint, it seems more like a sidestep. So what is the alternative?
This was what actually triggered me to do a bit of a digging. It was mentioned in that F-Droid forum post that I linked to above. Admittedly, I lack general and background knowledge in this area so that’s why I put it here for others more knowledgeable people on the forum to comment on it.
Frankly, I am unfamiliar with that particular website and if it is a FUD-spreading platform or not. However I think that the article posted should be judged by the strength of its argument and the evidence presented. Time permitting I will do a bit more digging. In the meantime I appreciate all the light being shed from whatever perspective.
Under “3. Censorship”, point 1 is that DDG “is complying with the ‘celebrity threesome
injunction’”. Its primary source for this is https://stallman.org/articles/duckduckgo-censorship.html which states that “the ‘celebrity threesome injunction’ forbids publication in England and Wales of the identities of a famous married couple who reportedly had sex with someone else”. The second addendum to this post (only 3 three days after the original post) notes that “it appears that duckduckgo inherits this censorship from Yahoo”.
So DDG is not censoring anything about the “celebrity threesome injunction” - it just happens to be using Yahoo for search results, and Yahoo is complying with a court judgement in the UK. There are valid arguments about privacy injunctions, and also about why anyone should care about “celebrity threesomes” or who Elton John has sex with. But at the end of the day Yahoo operates as a business in the UK, and thus has to comply with the law.
BTW, when I search for “celebrity threesome injunction” today on DDG, the seventh result names Elton John in the summary.
Under “5. Cloudfare”, the claim is that “DDG results give high rankings to CloudFlare sites, thus leading users into the largest privacy abusing walled garden on the web”. Given how may websites use Cloudfare’s services, DDG’s search results would be pretty useless if it excluded any website with a Cloudfare connection. There are a number of valid criticisms of Cloudfare, and whether its ubiquity is a risk to the internet as a point of failure. But expecting DDG to exclude or downgrade Cloudfare connected websites in its searches is missing the point of search engines, and arguably also censorship (and a far more important censorship issue than “celebrity threesomes”).
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft.
“What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites. Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using Safari, Firefox and other browsers. Our goal has always been to provide the most privacy we can in one download, by default without any complicated settings.
“I understand this is all rather confusing because it is a search syndication contract that is preventing us from doing a non-search thing. That’s because our product is a bundle of multiple privacy protections, and this is a distribution requirement imposed on us as part of the search syndication agreement that helps us privately use some Bing results to provide you with better private search results overall. While a lot of what you see on our results page privately incorporates content from other sources, including our own indexes (e.g., Wikipedia, Local listings, Sports, etc.), we source most of our traditional links and images privately from Bing (though because of other search technology our link and image results still may look different). Really only two companies (Google and Microsoft) have a high-quality global web link index (because I believe it costs upwards of a billion dollars a year to do), and so literally every other global search engine needs to bootstrap with one or both of them to provide a mainstream search product. The same is true for maps btw — only the biggest companies can similarly afford to put satellites up and send ground cars to take streetview pictures of every neighborhood.
“Anyway, I hope this provides some helpful context. Taking a step back, I know our product is not perfect and will never be. Nothing can provide 100% protection. And we face many constraints: platform constraints (we can’t offer all protections on every platform do to limited APIs or other restrictions), limited contractual constraints (like in this case), breakage constraints (blocking some things totally breaks web experiences), and of course the evolving tracking arms race that we constantly work to keep ahead of. That’s why we have always been extremely careful to never promise anonymity when browsing outside our search engine, because that frankly isn’t possible. We’re also working on updates to our app store descriptions to make this more clear. Holistically though I believe what we offer is the best thing out there for mainstream users who want simple privacy protection without breaking things, and that is our product vision.”