Closed bakku closed 7 years ago
@GreenLunar I think they already kind of did.
@GreenLunar
end-users...almost always press OK without reading and investigating anything
Terms of Service; Didn't Read https://tosdr.org/
@Hillside502 Alas most of them don't know tosdr either. π’
It is funny to read this:
Because if we are going full on boogieman, hate all services from Five Eyes countries, why are we using Cloudflare for protection, Github for this project, Reddit for discussion, recommending backup cloud services using AWS and all other projects that use Five Eyes servers? How paranoid are we?
Because Cloudflare was subject of a major security flaw. Here is what the Google engineer who discovered the flaw had to say about it:
The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.
News article: https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/
Official report: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Reference for the comment of the Google engineer: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
List of websites potentially affected: https://github.com/pirate/sites-using-cloudflare
@woctezuma DuckDuckGo did not have any of the Cloudflare services enabled that would cause dataleaks for that specific issue. The cloudflare is mostly protection against DDoS attacks.
DDG was used to find the leaks and was not affected.
Qwant is miles ahead in result quality IMO. Is there still a need to recommend a US based service when as good or better services are out there? Trying to have some privacy and recommending US based services feels like shooting yourself in the foot before you are even started. Sure, they might be safe for now, but ultimately the chance of them not being so or not staying so are higher than with any non-US based service.
@Dustie for you maybe. I use it and like it but I still prefer ddg. I talked about it before
Reviewing this thread, it seems the consensus is to restore DDG. Can I get a vote π / π of the current consensus? Would anyone with reservations please reiterate them? I want to make sure DDG has a chance to respond to any outstanding objections.
upvote to keep or upvote to remove?
the consensus is to restore DDG
ππΌ
John Wunderlich,
Sent frum a mobile device, Pleez 4give speling erurz
"...a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy..." A. Michael Froomkin
From: Joseph Anthony Pasquale Holsten notifications@github.com Sent: Sunday, July 30, 2017 4:03:22 PM To: privacytoolsIO/privacytools.io Cc: Subscribed Subject: Re: [privacytoolsIO/privacytools.io] Remove DuckDuckGo (#84)
β You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/privacytoolsIO/privacytools.io/issues/84#issuecomment-318925794, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADTJ9lP-aQGUpSd1LJ4oShX9tHKvmSHTks5sTOGJgaJpZM4KnkPO.
--
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
ππΌ
@Shifterovich "I suggest adding DDG with a note that it's based in the US."
I could live with that.
Heya, sorry for necroing, but judging by the votes on the post by @josephholsten, I think that giving DDG a spot in the top search engines (and not just keep it as a "Worth Mentioning") or at least moving it higher in "Worth Mentioning" list is a better move than just keeping it at the end of "Worth Mentioning".
@Shifterovich
I'd move Qwant to Worth Mentioning, StartPage to 2nd and DDG to 3rd.
Sounds good to me.
Alright, I'm preparing a PR. Should I link to this discussion when mentioning that it's based in US?
I'd link to #ukusa.
This ticket was closed but there are several unaddressed issues. Please reopen this to remove (or make changes to) DuckDuckGo's inclusion.
@aloisdg
I am for keeping DDG but with a caveat and a link to their privacy policy. We cant trust promises, but they are better than nothing.
In this particular case those promises are useless. When it comes to trustworthiness of DuckDuckGo it has been pointed out in this thread that @yegg's previous project entailed privacy abuse. So the community needs to be convinced that he has reformed and redeemed himself. However, DDG is currently partnered with privacy abusers. What is the merit in trustworthiness here?
deception as well:
DDG has actually scrubbed their Yahoo relationship from public view, showing further that they cannot be trusted. Some may recall that DDG previously had βIn partnership with Yahoo!β on their search page and quietly removed it. When pressed on the issue they used some ridiculous weasel wording in their attempt to create a false distance from Yahoo. DDG has also removed details about that yahoo relationship, breaking URLs like https://duck.co/help/company/yahoo-partnership
.
This is not good for trust. DDG is untrustworthy.
Privacy advocates don't solely care about the privacy of their immediate search. They also need reassurance that they are not doing something that indirectly causes privacy abuse. When we follow the DDG money trail we see that it leads to privacy abuse. Ethical privacy activists boycott privacy abusers. When DDG is presented on a trusted website like privacytools.io it misleads privacy activists and this is harmful.
Privacy Abuser | DDG relationship |
---|---|
Yahoo | DDG gets search results from Yahoo. DDG hides the details of how Yahoo is compensated for that, but DDG apparently pimps Yahoo-sourced ads. |
Amazon | DDG pays Amazon for data center use. Amazon is a big driver for facial recognition. No self-respecting privacy activist feeds Amazon's bottom line. |
@uncertainquark
Also, consider that StartPage is really a meta search engine ultimately. That means that it ultimately has a dependency on Google's search results. It doesn't affect our privacy directly but it does mean that the problem remains fundamentally unresolved. DuckDuckGo on the other hand is relatively independent and therefore represents a somewhat cleaner alternative.
StartPage and DuckDuckGo are both proxy search engines and both get paid results from privacy abusers (Google and Yahoo respectively). If I had to choose I'd favor supporting Google before the Verizon, Yahoo, and AOL corporate conglomerate (whose privacy abuses are criminal) along with Amazon. Google is also more transparent about it's privacy abuses than Verizon et al. Luckily this is hypothetical and we need not choose between them in the face of Searx.
DDG search results are rich in CloudFlare sites. CloudFlare is one of the top privacy abusers on the web. What good is it to have an allegedly untracked search when the results of the search contain malicious referrals leading users unwittingly straight to CloudFlare, who logs the user's IP address and sees their traffic among other abuses like DoS against Tor users?
@aloisdg
Long time DDG user. I am also using Qwant (mostly for french stuff):
The CAPTCHA hell that Qwant puts Tor users through is noteworthy. However, Qwant is still better for privacy than DDG. My comparison:
Factor | DDG | Qwant |
---|---|---|
server location | US and EU (the US presence screws US users; plus the US HQ & influence can still be detrimental to EU users as we know from the Lavabit fallout) | EU (perhaps even for US users?) |
adverse partners | Verizon + Yahoo, Bing, Amazon (notorious privacy abusers) | Huawai, allegedly, accuracy and adversity unchecked |
usability from Tor | .onion site but results heavily polluted with CloudFlare links |
CAPTCHA hell |
Qwant is more favorable than DDG in terms of overall privacy. OTOH, Qwant's CAPTCHA does more direct damage to privacy-embracing users as the inconvenience is sufficient to drive users off Tor or off Qwant.
Remove DDG as a recommendation. If DDG is mentioned at all then it's only responsible to also document the shortcomings (https://github.com/privacytoolsIO/privacytools.io/issues/729) and let users decide in an informed manner. Presenting DDG as a blind recommendation without the anti-features does a disservice.
Don't forget, DDG is reported to use US dollars, and the US is well known for invading peoples privacy, to say nothing of engaging in warfare, so we can't support them! Of course, @libBletchley did made his proposal on a site operated by Microsoft, so let's entirely ignore whether he would cut off his nose to spite his face.
Hi guys,
Recently I began searching for a search engine (pun intended). Certainly I came across DuckDuckGo and searched for information since a lot of people regard it as a search engine which respects privacy.
I came across a few problems (relevant source, sadly in german: http://www.zeit.de/digital/datenschutz/2014-01/duckduckgo-startpage-ixquick-nsa) :
I suggest removing DuckDuckGo from the list and maybe taking startpage.com as a candidate. I have not found information regarding startpage which shows that it is not trust worthy regarding privacy
EDIT: I would be delighted to create a PR if others agree