• 2 Posts
  • 3 Comments
Joined 3Y ago
cake
Cake day: Nov 13, 2019

help-circle
rss

The updated article is here:

http://techrights.org/2021/03/15/duckduckgo-in-2021/

There is too much censorship & shenannigans like concealing censorship from modlogs to trust lemmy.ml anymore. I just saw a post about how the admins removed a community creator and quietly put someone else in control.


Privacytools ("PTIO") is a project with the noble mission to "*provide knowledge and tools to protect your privacy against global mass surveillance*" Sounds useful, no? Sadly, their [website](http://privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/) does the opposite of its claim: it leads people straight into mass surveillance centers through endorsements of bad players. The site is rife with entities that privacy seekers should be avoiding. They not only show poor judgment by endorsing privacy abusers who work directly against their mission, but they also neglect to enumerate the traps and pitfalls on the endorsement pages. Apart from the transparency problem, security experts expose lots of privacy abuses in the website bug tracker which have little influence on decisions made by the staff that's in control of commits. # Dangerous and misinformed endorsements * ***Signal*** PTIO claims to "*provide knowledge and tools to protect your privacy against global mass surveillance*", yet PTIO [knowingly and willfully](https://github.com/privacytoolsIO/privacytools.io/issues/779) sends privacy seekers directly into several mass surveillance traps via OWS Signal. * ***Keybase*** PTIO endorses Keybase despite [reckless and malicious wrongdoing](https://github.com/privacytoolsIO/privacytools.io/issues/740#issuecomment-460076395) -- which PTIO is aware of. * ***DuckDuckGo*** ("DDG") is falsely marketed (but very well marketed) as privacy-respecting. It's a popular choice among naive users. Experts know better. Sadly, PTIO does not. [Copious privacy abuses](https://dev.lemmy.ml/post/31321) are linked to DDG. PTIO betrays the public trust through this reckless and uncautioned endorsement. PTIO down plays the non-controversial and superior [alternatives](https://dev.lemmy.ml/post/29179). * ***Qwant*** Has a history of hostility toward Tor users. Metager and Mojeek have never mistreated Tor users, and yet they rank low in PTIO endorsements. # Incompetence and deception * ***Searx*** PTIO has a fundamental misunderstanding of what Searx is. It's smart to [endorse](https://www.privacytools.io/providers/search-engines/) searx, but not as a search "provider". Searx is not a service. Searx is free ***software*** search engine. PTIO erroneously claims "No logs, no ads and no tracking". It's a deception. Anyone can run a public searx instance and implement logs, ads, tracking, and any other anti-feature they want. There are [many instances](https://searx.space/). And some searx instances do in fact push ads to pay their bills. All but one searx instance will push privacy abusing CloudFlare results to users -- and at least half a dozen of them are evil to the extent of proxying through CloudFlare themselves. It only makes sense to endorse particular searx instances. There is one searx instance that is uniquely above all privacy respecting, which filters out CloudFlare results: searxes.eu.org. # Hypocrisy- refusal of PTIO to eat their own dog food PTIO is totally blind on the importance of setting an ethical example that is consistent with their own mission. If PTIO cannot handle ethical privacy-respecting tools themselves, how can they possibly expect to give novices confidence? PTIO's credibility is in the shitter as it proudly displays branding for the following on their website: | *shameful example* | *why it's a problem* | |---|---| | **Microsoft Github** | PTIO uses a Microsoft Github repo to manage bug reports. There are [copious problems](https://github.com/privacytoolsIO/privacytools.io/issues/843) with this foolish choice. PTIO makes a failed attempt to reason that they want to be where the most people are. With that kind of rationale, they've self-defeated their mission. | | **Twitter** | PTIO [claims](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-486891131) Twitter is "for outreach". If PTIO needs to reach Twitter users, they can have a Twitter account. But to ***link into Twitter*** from their website takes the hypocrisy beyond outreach. Users who land on their clearnet website have already been reached. It's both foolish and reckless to lead people from the open web back into Twitter. | | **Facebook** | Richard Stallman gives [good advice](https://stallman.org/facebook-presence.html) to those who refuse to accept the reality that they don't really need Facebook. If you believe you cannot live without Facebook, you still cannot justify linking into FB from the free world. To link from FB to the open web is sensible. To link the other direction is to be an excessive and needless enabler of privacy abuse.| | **Microsoft LinkedIn** | same issue as Twitter and Facebook | | **Reddit** | Amazon-hosted. Same issue as Twitter and Facebook | It’s plainly evident when navigating privacytools.io that there’s a serious credibility problem.
fedilink

DuckDuckGo's privacy abuses-- current, historic, and by proxy
There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted: * ***Nefarious History of DDG founder & CEO***: * DDG's founder (Gabriel Weinberg) has a [history](https://www.reddit.com/r/privacy/comments/aqz3q8/the_history_of_duckduckgos_founder_is_disturbing/) of privacy abuse, starting with his founding of [Names DB](https://en.wikipedia.org/wiki/Names_Database), a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006) * Weinberg's [motivation](http://web.archivecrfip2lpi.onion/web/20181116102800/https://www.eyerys.com/articles/people/search-engine-and-privacy-gabriel-weinberg) for creating DDG was not actually to "spread privacy"; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg's means (not ends) in that endeavor. Clearly he doesn't value privacy -- he values perception of privacy. * ***Direct Privacy Abuse***: * DDG [was caught](http://web.archivecrfip2lpi.onion/web/20130627082930/http://www.alexanderhanff.com/duckduckgone) violating its own privacy policy by issuing tracker cookies. * DDG's app [sends every URL](https://github.com/duckduckgo/Android/issues/527) you visit to DDG servers. ([reaction](https://cmpwn.com/@sir/104444543789319623)). * DDG is currently collecting users' operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the "network" tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together) * DDG is accused of [fingerprinting](https://betanews.com/2019/01/07/duckduckgo-fingerprinting-accusation/) users' browsers. * When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project [refuses](https://www.epicbrowser.com/FAQ.html) to set DDG as the default browser. * DDG [blacklisted](https://contact.framasoft.org/wp-content/uploads/newsletters/newsletter10.html) Framabee, a search engine for the highly respected framasoft.org consortium. * ***Censorship***: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer. * DDG is [complying](https://stallman.org/articles/duckduckgo-censorship.html) with the "celebrity threesome injunction". * ***CloudFlare***: DDG promotes one of the largest [privacy abusing](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity: * Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network. * Privacy: All CloudFlare sites are surreptitiously MitM'd by design. * Net neutrality: CloudFlare's attack on Tor users causes access inequality, the centerpiece to net neutrality. * DDG T-shirts are sold using a [CloudFlare site](https://duckduckgo.merchmadeeasy.com/), thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying "DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs." (2019) * DDG hired CloudFlare to host spreadprivacy.com (2019) * ***Harmful Partnerships with Adversaries of Privacy Seekers***: * DDG patronizes privacy-abuser **Amazon**, using AWS for hosting. * Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy worldwide. * Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes. * Amazon [paid](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/) $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) * Amazon runs sweat shops, invests in climate denial, etc.. the list of non-privacy related harms is too long to list here. * DDG feeds privacy-abuser **Microsoft** by patronizing the Bing API for search results and uses Outlook email service. * Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations) * Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress. * Microsoft [paid](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/) $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) * DDG hires Microsoft for email service: `torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w'` ==> "...duckduckgo-com.mail.protection.outlook.com" * DDG is [partnered](https://www.ghacks.net/2016/07/01/duckduckgo-yahoo-partnership/) with **Yahoo** (aka Oath; plus **Verizon** and **AOL** by extension). DDG helps Yahoo profit by patronizing Yahoo's API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways: * Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills) * Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay. * Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace. * Verizon supports the TTP treaty. * Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration. * Yahoo recently recovered "deleted" e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy. * Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers. * (2014) Verizon fined $7.4 million for [violating customers’ privacy](https://www.huffingtonpost.com/2014/09/03/verizon-privacy_n_5760132.html) * (2016) Verizon fined $1.35 million for [violating customers’ privacy](https://www.cnet.com/news/verizon-racks-up-1-35-m-bill-for-violating-consumer-privacy/) * (2018) Verizon paid $200k to [fight privacy in CA](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/). See also [this page](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) * (2018) Verizon caught [taking voice prints](https://www.reddit.com/r/privacytoolsIO/comments/ac8p1x/verizon_voice_fingerprinting_on_customer_support/)? * [more dirt](https://old.reddit.com/r/privacy/comments/62ezji/which_american_mobile_carrier_is_the_most_privacy/) (scroll down to Verizon) * (2016) Yahoo [caught](https://www.theguardian.com/technology/2016/oct/04/yahoo-secret-email-program-nsa-fbi) surreptitiously monitoring Yahoo Mail messages for the NSA. * ***Advertising Abuses & Corruption***: * DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources. * Tor Project accepted a $25k "contribution" (read: bribe) from DDG, so you'll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over [Ss](https://ss.wodferndripvpe6ib4uz4rtngrnzichnirgn7t5x64gxcyroopbhsuqd.onion) -- and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG -- a likely consequence of EFF's close ties to Tor Project. For the record, this is how Tor Project responds to criticism about their loyalty toward DuckDuckGo (their benefactor) in IRC: > 18:20 < psychil> if torbrowser is going to be recommended, it should also be open to scrutiny. in the absence of that transparency, you create an untrustworthy forum. > 18:20 < psychil> we've seen a loyalty from TB toward duckduckgo, but DDG is in partnership with Verizon, Yahoo, AOL et. al. > 18:21 < psychil> all CISPA-sponsoring companies > 18:22 < psychil> if ppl choose to trust them fair enough, but this trust shouldn't be pushed on every user weighing their choice of browsers > 18:26 -!- mode/#tor [-b psychil@*!*@*] by ChanServ > 18:27 < YY_Bozhinsky> psychil: i am using Tor (thanks to Tor Devs)... PLUS brain - good bundle. I am happy. And please, don't rush to change Reality (do it slowly with love and respect). Because it's home for many ppl. They construct their lives in it. Think twice before ruining that. Please. > 18:27 -!- mode/#tor [+b psychil!*@*] by ChanServ > 18:27 -!- psychil was kicked from #tor by ChanServ [wont stop the FUD] Indeed, Tor Project is notoriously fast to censor any discourse (no matter how civil) when it supports a narrative that doesn't align with their view / propaganda.
fedilink

I should also mention a couple tests that would be quite useful in the search engine comparison:

  • count of CloudFlare links. CloudFlare results are useless pollution to Tor users and to everyone else CloudFlare links are privacy abusing. DDG is insanely overrated for privacy. One of the problems with DDG is a high number of privacy-abusing CloudFlare links getting high ranking results. Whereas Mojeek seems to have relatively few CloudFlare results. This is a purely anecdotal observation, however.

  • there are rumors that DDG results are consistent on a per IP address basis, but differing from one IP to another. This ultimately suggests that DDG analytics have manifested into a filter bubble – contrary to the users’ expectations.

So it would be useful to test for presence of a filter bubble, and also to measure CloudFlare exposure. If you agree, then consider the importance of rank: a link is twice as likely to be clicked than the link that immediately follows it. So a measure of CloudFlare exposure should weigh the top results accordingly.


It’s important to state which Searx instance is used in the testing, because every instance is different. Every instance operator chooses who to source from, and some of them even source from their own YaCy crawler.