Thursday, July 11, 2013

Duck Duck Go: Illusion of Privacy


There have been several articles in the press recently about users flocking to DuckDuckGo in the wake of the recent NSA snooping revelations.  If you are in this category this post is meant for you.

If you use DuckDuckGo solely for the myriad of other benefits, such as reducing advertiser tracking, filter boxing, etc. move along nothing to see here.  DuckDuckGo will provide you at least that level of “privacy”. 

Update: Wow, I didn't expect this blog post to spread so widely.  First of all, let me say to those accusing me of hating on DDG, I am a DDG user.  I think they have a great service.  This post is solely about the misconception that seems to have spread primarily from The Guardian article that DDG can somehow protect you from NSA monitoring.

DDG stated, "We literally do not store personally identifiable user data, so if the NSA were to get a hold of all our data, it would not be useful to them since it is all truly anonymous."  I would like to direct readers to this article which basically nullifies whatever protection DDG thinks it can provide, or you the reader think you have.


Standard Wiretaps

DuckDuckGo can easily be compelled either under the Communications Assistance for Law Enforcement Act (CALEA), standard court orders, or by secret orders from the Foreign Intelligence Surveillance Court (FISA) to provide tap-on-demand.  I don’t think anyone can dispute that.  If you are specifically targeted in an investigation, you can bank on the fact that all of your searches and their history “going forward” after the court order will be collected on you and stored.

Google has at least a transparency report detailing the number of non-FISA requests it receives and now a “ballpark” reporting of FISA requests.  Users should demand the same of DuckDuckGo.



Deep Integration

DuckDuckGo has made a lot of hay about their privacy, but like many other technology companies they have remained silent about their collaboration, if any, with law enforcement and security agencies.

Why shouldn't they?  They are reaping the benefits of an uninformed populace flocking to their service to avoid the NSA dragnet.  The privacy they offer is privacy from third-party advertisers and cross-site tracking.


The MarCom departments of big players like Google, Yahoo!, Microsoft and others are getting good at crafting extremely carefully worded denials through lies of omission.

DuckDuckGo says:
DuckDuckGo does not store any personal information, e.g. IP addresses or user agents
But what if DuckDuckGo provided a splitter-feed to the NSA?  DuckDuckGo can claim without lying that they store no personal information, but that speaks nothing of a collaborating partner storing it.

Can they refuse to collaborate with the NSA if approached?  If one looks at the recent reports about Yahoo! and others the answer is “No, you cannot”.   Yahoo! apparently made concerted efforts to resist, sending lawyers into battle, and ultimately (and silently) lost the fighting the FISA Court.  “Silently” because their loss and the ruling that handed it down is also secret.

Assume, nay bank on, the fact that corporations located within the United States can be and are being compelled to participate in programs like PRISM and are legally powerless to refuse.

The NSA Can’t Lose

Let’s be realistic, if services start popping up on the internet that shield substantial amounts of communications from the NSA that the NSA thinks is valuable, how long to you think the NSA will allow that to persist before making efforts to abate it?

What can they do?

According to the Washington Post a NSA initiative called “Upstream” siphons off of “communications fiber cables and infrastructure as data flows past” at all the major “choke points” of the internet.  So, we can assume that the NSA has access a substantial amount of ingress and egress packets to DuckDuckGo.

However, DuckDuckGo is using SSL encryption.  Without DuckDuckGo's private SSL certificate, your search queries (but not your location) are invisible.  What is a spy agency to do?

What is a SSL certificate key after all?  It’s simply a small block of data, often in the form of a file.   And it’s a file that must be installed on every webserver or load-balancer in a data-center.  If you possess DuckDuckGo’s cert, you can decrypt all traffic to DuckDuckGo.  The NSA could get the DuckDuckGo master cert in one of three ways:
  1. Be given the cert
  2.  Physical access to servers or load-balancers
  3. Remote access to servers or load-balancers
Let’s eliminate (1) for the sake of argument.

Option 2
Many smaller internet companies, including DuckDuckGo, do not operate their own data-center, but instead are “hosted” in another provider’s datacenter.  In DuckDuckGo’s case, they are hosted by Verizon Internet Services.  We’ve all learned about the cozy relationship between the NSA and Verizon, it is quite imaginable that Verizon would simply give them access to a DuckDuckGo server, or the load-balancer which is likely owned and operated by Verizon and upon which the SSL decryption key is installed.  They don’t need continuous access, 30 seconds is all that would be necessary to copy the cert.

Option 3
If Google’s servers can be compromised by a bunch of Chinese hackers, and if the computers controlling Iran’s uranium enrichment equipment can be compromised without even being connected to the internet, how long would a service like DuckDuckGo (or Verizon Internet Services) standup against a concerted effort by the NSA?  Verizon Internet Services is almost the better target given that penetrating their infrastructure gives you access to potentially all companies hosted by them.

Again, this is a “get in, and get out quick” type operation.  All they need is the key, they’ve already got the data.

In Summary

This is not an indictment of DuckDuckGo per se.  Except in as far as they are taking advantage of the hysteria to their own ends.  Every provider needs to be upfront with saying, “If it is indeed true that the NSA is monitoring our ingress/egress traffic, we can make no guarantee of privacy regardless of encryption or other efforts on our part.”

In the larger picture, this is the crux of the problem not just for DuckDuckGo, but the internet as a whole.  Until and unless agencies like the NSA are forbidden from conducting dragnet collection and analysis of data, there can be no privacy.  Privacy is merely an illusion at this point.



86 comments:

  1. Author, you seem not to understand how DuckDuckGo differs from its competitors such as Google or Bing.

    ReplyDelete
    Replies
    1. I understand their differentiators quite clearly. Dodging NSA monitoring is not one of them. That is all.

      Delete
    2. Just use DuckDuckGo with Tor... seriously people...

      Delete
    3. As if every other Tor server isn't the government.

      Delete
    4. wow wow wow... aside from brett and matt4542 you guys are as ignorant as you are blind... and maybe deaf too. they call y'all "sheepal";

      a) Tor is a about as private as a toilet thats. centre stage of madison square. with snowdens disclosure that the nsa targets encrypted connections, and the "anonymity" of the peered connections (whatever the onion network calls them) not only is matt4524 is exactly right, you're holding a god damned microphone between your legs while u number 2 on the Lou centre stage at the Madison².

      b) Brett not only hit the nail head dead centre, he drove it in on the first hit.

      thats 2 for 2. the sheepal haven't formed a concept of their own opinions, instead they assimilate those opinions expressed by social networks such as peers family and media.sheepel will defend any mainstream [mis]concepts as though they are their own ideas or the sources of info are credible and non partisan/non biased

      Delete
  2. Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business.

    We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt.

    There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example.

    ReplyDelete
    Replies
    1. First off, assuming it's legit, this is an important reply, and I hope it gets more attention up top. Second, I'm interested in the "additional and technical inaccuracies"-- Gabriel, is there a page on DDG's site that discusses for technical-minded people the security measures that are used to protect keys/certs, the obligations/relationships concerning the NSA, etc? Has DDG's methods and practices been discussed publicly and subject to the scrutiny of the Internet's security experts? Also, what are the advantages/disadvantages of DDG vs smartpage.com, which I think is Tor's default search engine...?

      Delete
    2. I think what duck duck is going in the right direction, but the cynics have a point, even if its muddy and inaccurate in the details. Fundamentally, right now duck duck in relation to users is a 3rd party privacy effort, not a protocol based effort that the user can see locally.

      Perhaps if duck duck baked in a webRTC data channel onion passing among ? So that after you first connect duck duck would connect to peers and client side encrypt your request so that only duck can decode but you never directly send your request to duck duck, and it always hops through a few peers. Likewise while your on the page you would potentially pass off encrypted packets to duck duck for a peer.

      I.e webRTC Tor. If duck duck did that and the source was open ( would basically have to be open since it will run client side ) I think that would go a long way. Sure you would still want a way to validate peers, but if the system was working, your search would be guaranteed through your own outgoing traffic inspection to be indistinguishable searches you had passed on for peers.

      Sure it would result in slower experience (like tor) but then you could more legitimately say look we don't know who this search came from, and we can't know tomorrow neither, and the EEF agrees... And I think you could leverage this system for other service offerings, like msg and email. Bring actual privacy to the growing demographic that does not appreciate the current status quo.

      In a world with secret laws and gag orders, the point is sadly you can only know what you see, so better to see privacy at the protocol level then hear a variation of ~trust us~ or "I don't think we could be compelled to do X, Y or Z" ... Or "its not constitutional" whatever that means now days...

      Its not enough to simply say "we don't block tor". If duck duck is competing in the space of "we don't track / others can't track you when you use us" ... we should see innovation and new ideas here, not just turning off the log files (something we as users can't actually see or check against in their outgoing traffic )

      Delete
    3. Gabriel worked with me to test the speed of his Tor in-proxy and I can attest that he isn't doing this for the money. If the NSA came in, I have no doubt that he would shut his service down or make it impossible to comply.

      Smartpage.com mixes queries to fool Google's servers. It is no more/less secure than DDG.

      DDG has a proxy between AWS and their back-end servers, publishes most of the source code for the site, and it has stronger-than-normal SSL. There might be some cutting edge stuff they are not aware of, but DDG has always been secure by default, even if it costs more (and it does).

      Researchers are still trying to work out ways of nullifying the NSA's techniques. They are experimental and DDG is pushing the envelope by incorporating as much as they have. Now that they have this big uptick, you can expect them to start being able to invest in fundamental research.

      Delete
    4. First of all, thank you Gabriel for replying directly.

      >I do not believe we can be compelled to store or siphon off user data
      >to the NSA or anyone else. All the existing US laws are about turning over
      >existing business records and not about compelling you change your
      >business practices.

      This is absolutely incorrect.

      If you believe this I strongly suggest reading:

      http://news.cnet.com/8301-13578_3-57593538-38/how-the-u.s-forces-net-firms-to-cooperate-on-surveillance/

      "Under federal law, the National Security Agency can serve real-time "electronic surveillance" orders on Internet companies for investigations related to terrorism or national security."

      Do you think that Google, Yahoo!, and Microsoft willingly collaborate with the NSA? They were confronted with the Hobbesian choice of 1) either altering their business practices and providing direct integration with the NSA (which they could somewhat control), or 2) allowing the FBI or NSA to install their own hardware into their networks under court order (over which they have no control).

      Quoting that article again, and Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society:

      "They can install equipment on the system. And I think that's why companies are motivated to cooperate [and] use their own equipment to collect for the government. They would rather help than let any government equipment on their service, because then they lose oversight and control."

      And, "Nobody wants it on-premises," said a representative of a large Internet company who has negotiated surveillance requests with government officials. "Nobody wants a box in their network...[Companies often] find ways to give tools to minimize disclosures, to protect users, to keep the government off the premises, and to come to some reasonable compromise on the capabilities."

      Again, I appreciate your responding Gabriel, but saying "There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example", and then only the one you do point out is where your front-end servers are located?

      It is in fact your assertion that court orders can only effect turning over existing records that is quite troubling (and inaccurate). If this came to you from your "many lawyers", I suggest you talk to the lawyers of Yahoo! et al.

      Technically, the only thing you can dispute is how difficult it would be for the NSA to get your private cert. They might already have it, you would never know. Anyway, eventually they are more likely to come knocking at your front door with a court order, rather than sneaking through a backdoor. But when they do, it will come with a gag order (ask Yahoo!) and you won't be able to say peep.

      Let me say that I *am* a DDG user. I appreciate your service for blocking tracking by third-party advertisers and peeling away the "filter box". But do not disrespect your users or me by any implication that using DDG protects them from government tracking.

      Delete
    5. DDG does operate a TOR exit node if you do want to use that: http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-now-operates-a-tor-exit-enclave.html

      However, I think the author and some other commenters do have good points about DDG. Being operated within the US, it is compelled to laws that allow it to be searched from various points and cannot admit to doing so. But, I do think DDG would fight the order if they got one and attempt to make public that fact. Even with all he knows, and under the realization DDG has to be taken at its word, experts who were aware of the NSA surveillance all along, such as Bruce Schneier trust DDG.

      With that being said, Startpage.com/IXQuick are based in the Netherlands, so avoid this particular facet of US law (with the exception of their domain running on the US based .com TLD, which is operated by Verisign). That's not to say their results aren't monitored by whatever the Netherlands secret service(s) do and use, or even be scooped up by the NSA/GCHQ access to worldwide fiber backbones -- which, they would need to sort and is an incredibly time consuming and laborious process (having access to the "firehose" takes up vast amounts of space and requires quite a lot of time to go through).

      But, if you're super duper paranoid, you should always be running TOR or a non-domestic VPN service to protect yourself.

      Delete
    6. Why should the average consumers purchasing/browsing patterns be treated differently than other forms of intellectual property?

      Delete
  3. The NSA Can’t Loose

    Seriously?! Loose=not tight, LOSE=opposite of win

    ReplyDelete
    Replies
    1. Why do you morons go to such lengths to distract from the actual point of the article?

      Oh cause you're a troll. Go get a job at the NSA bud, then you can get paid for distracting the masses. You arsecakebuttmuffin.

      Delete
    2. I get the point of the article, I just can't take someone very seriously when they can't fix a mistake that I see morons making on Facebook 50 times a day.

      Delete
    3. "I get the point of the article, I just can't take someone very seriously ..."
      should be "I get the point of the article, but I just can't take someone very seriously..." or "I get the point of the article. I just can't take someone very seriously..."

      I get the point of your comment, but I just can't take someone very seriously when I see someone making a mistake that I learned in 6th grade grammar. :-)

      Delete
    4. "I get the point of your comment, but I just can't take someone very seriously when I see someone making a mistake that I learned in 6th grade grammar."

      It is "learnt" and not "learned". :-)

      Delete
    5. @ BillyCravens - The way he said it, without the 'but', is perfectly acceptable. Maybe you should try learning grammar beyond the 6th grade level.

      Delete
    6. Sadly, nobody is taught this anymore.

      Delete
    7. Sadly, you are off topic and still Gene Cronk. Who else would go anonymous just to defend his poor grammar? Who gives a shit about grammar when you're typing on a keyboard you can barely see? Get a life.

      Delete
    8. Some of us care about our grammar.
      Also, some of us don't have social networking profiles, myself of choice. Perhaps the person you're referring to is not, in fact, Gene Cronk?

      Delete
  4. Does anyone know of any off-shore Search engines that use English Language? I would trust them a little more than any US based search engine.

    ReplyDelete
    Replies
    1. You can use Yandex.com, it is the best alternative I have found by far. Granted, it is Russian and probably monitored by the Russians the same way Google is. But at this point I trust the Russians more since I have zero business over there.

      Delete
    2. https://startpage.com/eng/

      Delete
    3. https://startpage.com/

      Delete
    4. http://en.wikipedia.org/wiki/Exalead but maybe spied by the French

      Delete
    5. There is Ixquick, which is based in Norway (i.e. outside the EU)

      Delete
  5. This article brings up good points but why they seem to be menacingly squared at DDG is a little confusing. The fact that NSA is Room 641A-ing everyone's traffic has little to do with DDG's efforts to maintain privacy for its users. The "Upstream" program has been happening for at least a decade, so if you're paying attention and haven't been living under a rock since 9/11 you would have known about it already. The real revelations of the Snowden leaks have been that there is private corporate complicity (and in some cases, like MS, going out of their way to brown nose), which I might add was a scenario people like myself were called "tin foil hatters" or simply "the paranoid" for believing until very recently.

    The Upstream program is real and we should absolutely be concerned about it, but it has nothing to do with DDG in particular, they have no power over that whatsoever. There is no need to make up "What if" scenarios about SSL certs and the like. You're speculating up a furry about DDG when there is documentary evidence that firms like MS, Amazon, Google, etc are actually engaged in the might-be scenarios that you're entertaining.

    Granted DDG is certainly taking advantage of the current state of affairs (and who isn't?) but crying fire because they don't have a giant banner on their home page that says "FEAR YOUR OVERLORDS FOR THERE ARE NO INTERNET SEARCHES THE NSA CANNOT SEE" is ridiculous.

    It also seems a little suspicious that there is only one blog post for this blog, it kind of seems like someone from a competing privacy service just made a blog because they're wah-wah about DDG getting all the traffic in these trying times.

    ReplyDelete
  6. >Every provider needs to be upfront with saying, “If it is indeed true that the NSA is monitoring our ingress/egress traffic, we can make no guarantee of privacy regardless of encryption or other efforts on our part.”

    Yet you call out tiny DDG (on your new blog, in your first post) after all the revelations about other internet companies who've been in bed with the NSA? Your motives and accuracy (Amazon) are questionable.

    ReplyDelete
    Replies
    1. I am the author. What exactly are my motives? I can tell you where I'm going from. What I saw this past week was a spat of news stories that looked more like marketing than news talking about users flocking to DDG because of NSA snooping. And the few quoted statements from DDG seemed to further this idea that users were safe from NSA snooping at DDG.

      However, I've seen no critical analysis at all from the media or even knowledgeable professionals on the internet who know better. This, I think, is a great disservice to the body of users who are not well read in the mechanisms of operations of the NSA as reported over the past few years frankly. It's like saying, "Here put on this bullet-proof vest" when in reality it is just an ordinary windbreaker.

      I *do* respect what DDG has done for privacy in the real of corporate tracking. I think it great. But please do not kid yourselves when it comes to DDG providing any kinds of security whatsoever from the likes of the NSA.

      Delete
  7. DDG over Tor is safe from NSA, assuming they don't control most of the Tor network - a reasonable assumption. It does not matter if NSA can listen to what you search. What matters is there is no tracking cookie linking all those searches, and there is no gmail account that can be raided in connection to them. Random query strings from random IP, there is nothing NSA can use unless you search for "Osama Bin Laden is housed in Bilal, Abbottabad no 34".

    ReplyDelete
    Replies
    1. [there is nothing NSA can use unless you search for "Osama Bin Laden is housed in Bilal, Abbottabad no 34".]
      Oops, there y'go, you're tapped now.

      OMG, so am I!!!

      Delete
  8. First of all, please. This is a ridiculous and paranoid post. See the CEOs response above. Secondly, when it comes to subpeonas, if you dont store user data, theres nothing to access. And if you want to monitor an IP address for its own sake, what does DDG have to do with that? The NSA already HAS that data. OK one sec while I make a cheese sandwich.

    Man i love cheese (swiss if your curious). Look dude, an upstream data collector can capture whatever it wants. If they come asking for data of DDG and they DONT HAVE IT, then they have to go screw and get it from upstream.

    As for the "oh i use tor" idiots, you are completely out of touch. The US Govt has done many a sting on TOR users, and your little onion is just not as bulletproof as you wish it was.

    Dont attack DDG for just not being douchebags like Google. Thats a valiant thing to do. Dont be a DOUCHE!

    The truth is the NSA cant get whatever they want from whomever they want by whatever means they want.

    Dont single out a do gooder for scorn just because your paranoid psyzophrenic little brain cant discern between being a victim of govt spying and collaborating with govt spies.

    Gonna make another cheese sandwich now. Have a good night.

    ReplyDelete
  9. a simple network look up on the duckduckgo domain would have been sufficient to throw option 2 out the window :)

    ReplyDelete
  10. Tor does NOT protect from NSA or any attacker who can listen to all traffic globally. It is because two things: timing attacks and the fact that Tor is low-latency. If they can correlate the time and size of your data transfer to and from the Tor network, which they can without a problem, they can track you all the time.

    ReplyDelete
    Replies
    1. You need to get your facts straight. Tor is padding and multiplexing messages. Timing attacks are not easily done.

      Delete
  11. erm nsa has been watching us since the net started and before . who made and used the net before we even had it lol

    ReplyDelete
  12. The unique way of assure the privacy is not to store any information of users (IP, ...). How can we trust in non-open-sourced company like DDG if we can't see what they do with our information. It's a act of faith, no different on thinking google is not "evil". The unique way is that DDG will be full open source search engine.

    ReplyDelete
    Replies
    1. "Open source" has nothing to do with "evil" or other stuff discussed here.

      Moron.

      Delete
  13. Wow, a new blog, with a single post, spreading FUD (with a Google-operated blog service, too)

    ReplyDelete
    Replies
    1. I'm not trying to spread FUD. I'm was just trying to set the record straight in the face of massive coverage this week of users flocking to DDG out of fears of NSA spying, when in fact there is zero that DDG can do with respect to NSA spying.

      Not one article pointed out that DDG's forte is preventing tracking by advertisers, not preventing tracking by the NSA. This is a huge disservice to the large number of non-technical users who falsely believe the hype.

      I like DDG. I use DDG. However, even when interviewed in some of these articles, at no point did DDG take the opportunity so say that they really couldn't help out in this regard.

      Delete
    2. The whole controversy is a disservice to people who think the NSA gives a damn about YOU.

      It's clear from the revelations that the government is doing successive rounds of keyword searching, so switching to DDG because you're worried about the NSA learning your secret family barbecue sauce recipe, your bout of genital herpes, or your shameful interest in interracial lesbian mud wrestling porn, is inherently absurd. It's magical thinking, pure and simple.

      That's not to say that there isn't a need for privacy, but most of whom we want privacy from is another individual we know. Even the comments here propagate that interpretation; re-read the commenters suggesting overseas search engines in that light. In that sense, all of our major search engines are still protecting us with that sort of privacy.

      The advertisers don't care two figs about you either. They pick from their pool of paid ads the most likely to interest you based on obscenely primitive data analysis algorithms fed precious little information. Any one of us who has seen the ads selected by Facebook know what a joke they are. Any one of us who uses a hosting service knows how many ads we get for the hosting service we already use. Visit a gay blog site or two and expect months of underwear advertising. Once again, it's magical thinking. The advertisers neither know nor care about you.

      The real solution to the privacy scare is education about how technology works, something apparently lacking even within our own community.

      Delete
    3. You're wrong about your essential point. It's naive to think that the information cannot be used again YOU. That's the assumption people make that will land everyone in trouble. You don't know how or when the information will be used - it's all done in secret, and that's the scary thing.

      Governments come and go, with their various agendas - good or bad. The information collected will be there for whatever use a corrupt government can dream up.

      Delete
  14. Ok this whole article reads to me like: hey the opponents / enemy (here read: feds, three letter agencies) can and will try anyways to get our data, our lives, our freedoms, so why fight it in the first place, and duckduckgo wont win either against the allmighty rulers king and devils.

    the author of this article should reconsider life as it inevitably leads to death. so why live in the first place?

    also: why not hand all your freedoms over and give up instead of fighting for your freedoms, your lives and rights.

    these kind of articles only show to me that humans are a pointless pathetic life form and not worth bothering with.

    ReplyDelete
  15. Why isn't DDG (or others) simply moving away from being a US corp? NSA doesn't have any jurisdiction over a non-US entity afaik. Don't host anything in the US and you're done? Or am I missing something?

    ReplyDelete
    Replies
    1. You're missing data exchange agreements between almost every country in the world.

      You're missing domain registration for any of the major domains is exclusively controlled by the US.

      Delete
    2. You're missing the fact that, outside of the US, not that many people care about .com/.net/.org.

      Delete
    3. You're missing the fact that he who owns the DNS owns the network and can do as they please.

      Delete
    4. "data exchange agreements..." - Essentially only by those who feel eternally subservient to the US such as the UK.
      "outside of the US, not that many people care about .com/.net/.org" - Actually, even outside the US, most pro sites are .com first of all.
      ICANN's days are numbered too. Thanks to their very US-centric principles & US fingers in everyone else's pies.

      Delete
  16. As an aside, if a non-US corporation, hosted on non-US servers provided the same services as DDG would they be out of the reach of server side tapping by the NSA?

    I am assuming of course that the NSA can't compel non-US corps outside of the US to do anything at all?

    Clearly this doesn't help with any intercept of the data in transit but maybe tackles one side of the problem.

    ReplyDelete
    Replies
    1. TLS takes care about the "intercept of the data in transit".

      Delete
  17. If the author is someone trying to spread FUD doesn't matter much. His arguments are valid: Does DDG have any means of assuring us protection against secret court orders/interceptions/surveillance from NSA? Don't forget, kids, they have secret courts (but we know they don't need the law to act; hey operate under secrecy, so who cares?). The Big Brother is watching you. =)

    ReplyDelete
  18. Interesting that a lot of "Anonymous" posters are piping in with their one liners and hand waving without addressing anything that the OP highlights as a concern with evidence. Yeah, let's make this a DuckDuckGo vs Google discussion...

    Anyone who doesn't think the NSA (or whomever) is monitoring/collecting/storing/whatever *all* traffic on *all* US (and possibly most of the world through its allies) Internet access points *regardless* of the business policies of companies running traffic through said Internet access points is either being extremely naive, or ignoring reality. Oh, and then add FISA, secret agencies and court orders, secret laws, gag orders, etc, and you might as well submit....

    Is this all new? No. It's been going on for years. The media has now decided that Snowden is good press so it's running with it. Consider Room 641A was news in 2006. It's good that we are having these open discussions though, because now everyone can realize how screwed everyone's privacy has been all this time...

    ReplyDelete
    Replies
    1. The original "firehose"
      http://www.nytimes.com/2013/07/06/opinion/lincolns-surveillance-state.html?_r=0

      Delete
    2. "NSA (or whomever) is monitoring/collecting/storing/whatever *all* traffic on *all* US (and possibly most of the world through its allies) Internet access points"

      This alone is of little use if everyone encrypts *everything*.

      Delete
  19. Does anyone else find it odd that the alleged ceos response comes from a blogger account that was just created and has no info tied to it? You'd think he would have a more legit account/profile that he would use for communicating to people about his product.

    ReplyDelete
  20. Could one way around invasive eavesdropping be to have these services hosted in countries unsympathetic to US law? It's true that China for example, could then spy on users, but then when has China been interested in what everyone in the world is up to. They have enough work spying on their own citizens. They could make a nice buck from it too.

    ReplyDelete
  21. You seem to operate under the assumption that the private key of DuckDuckGo's certificate is sufficient to decrypt all traffic.

    That assumption is incorrect. Actually, DuckDuckGo's Private Key is only used for *authentication*, not key exchange.

    Why? Because DuckDuckGo uses ECDHE for Key Exchange (if your browser supports it - recent browsers do). ECDHE (any DHE variant, actually) ensures perfect forward secrecy.

    Therefore, decrypting DuckDuckGo's traffic is *not* an "hit-and-run". Not by a long shot.

    To decrypt DuckDuckGo's traffic, you would need to infect the hosts that do SSL termination, and monitor the decryption process (or their outbound traffic). Not impossible, but not a "hit-and-run" either.

    ReplyDelete
    Replies
    1. You could also MIM the connection, but that would require an active attack that probably (maybe) is not worth it.

      Delete
    2. The private SSL key basically an interesting academic exercise, as I said in a comment above: "Anyway, eventually they are more likely to come knocking at your front door with a court order, rather than sneaking through a backdoor. But when they do, it will come with a gag order (ask Yahoo!) and you won't be able to say peep."

      Delete
    3. "The private SSL key basically an interesting academic exercise"

      IOW, you have zero idea what you are talking about.

      "Anyway, eventually they are more likely to come knocking at your front door with a court order"

      based on what?

      Delete
  22. If we have nothing to hide, why should we care if the NSA is watching us in the first place? They are after terrorists, criminals, etc.

    As NSA said:

    "If You Have Nothing to Hide, You Have Nothing to Fear"

    ReplyDelete
    Replies
    1. "If You Have Nothing to Hide, You Have Nothing to Fear"

      This statement always gets replayed in my mind with a German accent for some reason.

      Delete
    2. Nobody expects the Spanish inquisition...

      Delete
    3. If you have nothing to hide why are you "Anonymous" ?
      Or is your real name "Troll" ?

      Delete
    4. read this, please https://www.schneier.com/blog/archives/2007/07/privacy_and_the.html

      Delete
    5. "If we have nothing to hide, why should we care if the NSA is watching us in the first place? They are after terrorists, criminals, etc."

      I presume the naiveté of that remark is tongue-in-cheek. It is nonetheless worth pointing out that chasing terrorists, criminals, etc. is not as profitable an activity as is monetizing the intimate details of entire populations to the Big advertising/health/insurance/finance/etc. industries, to our collective frustration, inconvenience and, of course, cost. The "NSA" is the morally upstanding nice guy in the operation.

      Delete
  23. @OP

    You might expect that in perfect world, but ours is not one.
    http://townhall.com/columnists/bobbarr/2013/06/12/even-if-you-have-nothing-to-hide-you-have-something-to-fear-n1618353/page/full

    ReplyDelete
  24. fat-tire:

    I'm interested in the "additional and technical inaccuracies"

    Here's one:

    What is a SSL certificate key after all? It’s simply a small block of data, often in the form of a file. And it’s a file that must be installed on every webserver or load-balancer in a data-center. If you possess DuckDuckGo’s cert, you can decrypt all traffic to DuckDuckGo.

    Firstly DDG's cert is freely available. It's DDG's private key, not its cert, which is needed to decrypt traffic to DDG.

    Secondly, while the private key is necessary to decrypt traffic to DDG, it isn't sufficient. DDG uses ECDHE as its key exchange mechanism, which means a passive eavesdrupper, even one in possession of the private key (or who later comes into possession of it) will not be able to decrypt the communication. To do that would require an active man-in-the-middle attack, which could only be conducted at the time of the communication.

    I've no doubt that the NSA could do this to anyone it wants*. However I doubt it is doing it en mass. MitM attacks are quite easy to detect with a little technical knowhow, and you can bet your bottom dollar that there are people out there looking for signs of mass MitM. It it was happening, we'd know about it.

    *It wouldn't even need to obtain DDG's private key for this. All it needs to do is compromise one Cert Authority, out of dozens, then it can create its own certs for any site it likes.

    ReplyDelete
    Replies
    1. Thomas Orozco got there before me.

      Delete
  25. From https://duckduckgo.com/privacy#s4:

    "Similarly, we may add an affiliate code to some eCommerce sites (e.g. Amazon & eBay) that results in small commissions being paid back to DuckDuckGo when you make purchases at those sites."

    ReplyDelete
  26. Who's web surfing without the cover of a VPN? Most state flat out "no logs kept". Some have DNS leak protection and kill switches.

    ReplyDelete
    Replies
    1. Sure, your VPN can state whatever they may, but whether it's true or not is a completely different story. Any server that you're connected to regardless if it's a VPN, proxy, etc. will have been logged somewhere at some point. Just because you're using a VPN does not guarantee privacy. The majority of VPN companies are not well established or even reputable for that matter. To trust some providers marketing fluff only states you would be kidding yourself.

      Delete
  27. The OP may have valid points, i don't know. If the CEO of DDG can elaborate on "There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment" it would help a lot. Clear up any misconceptions resulting in all the facts from the OP and DDG CEO combined.

    I do believe DDG can keep your identity/location/search queries hidden from companies and individuals (though being hosted on Amazon servers, a company thats almost as bad as Google when it comes to collecting and selling user data, puts a small dink in DDG's credibility) but with governments (not just the US), agencies (not just NSA) and pretty much limitless funds... i think *they* have global monitoring down pretty tight. Many governments exchange data as it's a 'team sport' so what the NSA can't get, they can obtain from an agency or government somewhere else. Also if you do not own, operate and control your own servers i don't think you can make claims like DDG currently does with 100% certainty.

    DDG CEO please clear up whatever inaccuracies you found.

    ReplyDelete
  28. Who are some of the people that take the most precautions to try and stay invisible online; hackers (technically Crackers). Good ones bounce their signal all around the world, route it through many networks, VPN's etc etc and guess what... most still get caught. If there was a fool proof, perfect way to stay invisible online we'd all know about it and once it becomes mainstream enough the NSA or some agency/government would jump on that too putting us right back to square one. I appreciate services like DDG, start page.com, VPN's etc. as they allow me to get some of my privacy back. Do i think i am browsing the web invisibly without being logged or tracked by something or someone? no way.

    ReplyDelete
  29. @ DuckDuckGo: The National Society of Assholes (NSA) doesn't need to request anything from you. If your site is indeed hosted on Verizon servers, then the NSA can go direct to them, and as everyone knows, Verizon are only too willing to bend over for any government agency which tells them to.

    ReplyDelete
  30. That bit of info was already corrected (though i don't know if that was actually the CEO of DDG), apparently Amazon servers are used.

    ReplyDelete
  31. If ddg is anonymous why do I get ads for things I have searched for? Is there a setting to change this?

    ReplyDelete
  32. If duck duck go is what it says it is, then I think its great. NSA will get the data anyway, but why hand it to them? Lets run their budget up a bit by having everyone become harder to track.

    I am in Canada so I could care less how much money they waste, hopefully our government gives us more privacy. I would sure love to see the Canadian government request that PRISM and other programs not target Canadians though.

    ReplyDelete
  33. There is https://www.qwant.com it is french under european laws with no advertising and under the obligation of the french and german cnil who guarantee more privacy.

    ReplyDelete
  34. As of today, Duck Duck GO has reached 4 millions direct hits per day. Lets suppose the use of DDG makes it a small 1% more difficult to decrypt the data, just because it uses HTTPS everywhere, and that decyphering SSL flows slows the operation. That's means 40,000 less individual searches might be spied everyday. Of that the NSA annual budget should be raised by 1%, that is to say an estimated $100 millions increase.

    ReplyDelete
  35. "...There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example..." It doesn't mean nothing because if Verizon have to comply Amazon will comply to in case of been asked by US government.

    ReplyDelete
  36. The simple fact is that if a government agency like the CIA or the NSA want your info or data, they will get it. One way or another. It's what they are set up to do and are very good at it.

    ReplyDelete