Here’s Why Using the DuckDuckGo Search Engine Is Better for Your Privacy
*Note: This article was originally published by the author on February 14, 2021.
“We all need places where we can go to explore without the judgmental eyes of other people being cast upon us, only in a realm where we’re not being watched can we really test the limits of who we want to be. It’s really in the private realm where dissent, creativity and personal exploration lie.” ~Glenn Greenwald in Huffington Post
With a swipe of your thumb or a click of a mouse, you open that internet browser on your computer or your mobile device and search for the information you’re looking for. But what happens to all of those searches that you make? Do they disappear forever after you’ve searched or are they tracked with browser cookies and if so, by whom? When it comes to browsing the internet there is certainly a multitude of browser options but not all browsers all equal in terms of privacy and many users just aren’t aware of that fact or haven’t been educated on the risks of browser tracking and fingerprinting in the larger scheme. They are oblivious to its effects on their privacy and it’s something that big tech has exploited for years.
While Google’s Chrome, Microsoft’s Edge, and Apple’s Safari browsers each have their unique and sleek pros/cons, privacy is not a central theme in any of these browser options. There are some far better options for those interested in privacy. Now, from a privacy perspective, a website being able to digitally fingerprint your computer or device that you access the internet from is not a good thing. Generally, you want to avoid fingerprinting if you can. Otherwise, the site can and will track your browser activity and share it with other sites and third-party data brokers.
PrivacyTools recommends using Firefox, or Tor for desktops/laptops; Firefox, Tor, or Bromite for Android; and Firefox, Tor, or the DuckDuckGo privacy browser for iOS devices. Bromite is another Chromium-based privacy-themed browser with built-in adblocking and DNS-over-HTTPS support (PrivacyTools). I’ll also add that Brave’s Chromium-based browser is a good choice with strong privacy features designed into it.
Browser privacy design and features are just one aspect of online privacy though. What about internet search engines? How does privacy play into the mix when someone uses a search engine to search the internet? What goes on behind the scenes? The truth is that when you search for information or media, even partially-typed search strings are logged by some search engine providers like Google. Once you press enter on a Google search like the one pictured below I did for the ‘best dating apps’ the Google search engine web crawlers will almost instantly return the top indexed results that pertain to your search string criteria after sending the query to one of Google’s many web servers which use search algorithms (i.e., biased results).
When you search for information using Google, Yahoo, Bing, Altavista, or most other search engines, often the search terms are visible in plain text in the Uniform Resource Locator (URL). That isn’t good because guess who else can see those searches? The URLs can be seen by your Internet Service Providers (ISPs) like Comcast, Spectrum, AT&T among others, and sold to third-party data collectors who in turn aggregate your private search data and sell it to marketers who use the data to target you based on your internet search history. Or, your internet search history can be shared, subpoenaed, or turned over to authorities with a lawful search warrant. What’s that? You thought those ads in your Facebook timeline and junk mail showing up in your mailbox were completely random? Oops, no that’s cute but that’s generally not how this works.
Most internet users don’t realize that their internet search history can be easily shared with Law Enforcement Officials (LEOs) or government officials who can simply subpoena your internet search history from your ISP and learn about you simply by your search history and the sites you visit online. There is software with complex algorithms that are designed to search for keywords. You will find yourself on a government watch list if you’re not careful. Of course, if you’re considered a foreign or domestic terror person of interest by the National Security Agency (NSA) or the Federal Bureau of Investigation (FBI), they don’t even need a search warrant under the current version of the USA Patriot Act.
If you understand how internet search history works and the associated risks then you also understand how important it is to use a Virtual Private Network (VPN) and search engines such as DuckDuckGo which doesn’t collect your search history, or use the Tor browser to anonymize your online identity. It’s just best to skip the Chrome browser altogether unless you’re using it for specific one-time searches or website visits. You’re better off using a browser like Brave, Firefox, or Tor which are far more privacy-focused.
Using Tor doesn’t make you look like a criminal. It makes you look like you’re serious about privacy. There is no obligation to surf the dark web if you choose not to. Tor exit nodes are widely published so internet traffic involving those IP addresses could raise eyebrows if your online activity is being monitored. If you’re worried about what other people think about how you search the internet, you’re doing privacy wrong. Worry about not being easily tracked and spied on by the authorities, not about frivolous stuff.
Follow the Money Trail to Find Privacy, It Is Telling
If there is money involved, and it almost certainly always is, then the chance that user privacy is being sacrificed for profit gain is going to be high. Every software application development project needs some level of funding but there is a massive difference between an independent project such as DuckDuckGo and a big tech behemoth like Google in terms of profit margin. Typically, the way it works is the more that profit is the central theme of the tech service, the less user privacy you should expect. That’s been true for companies like Facebook, Google, Amazon, Microsoft, and even Apple to some extent albeit I contend that Apple should still be applauded for their iPhone encryption stance against government encryption backdoors.
What sets DuckDuckGo apart from the other internet search engines you may wonder? Well, for starters, DuckDuckGo makes profits by allowing private ads on their search engine which is different from how Google and other search engine companies operate. Whereas the most famous Google search engine ads are based on user profiles using previous search, browsing, and online purchase history, DuckDuckGo only sells private advertisement space on their search engine platform that is generic and not based on your profile.
Perhaps you were not aware that Google retains your search history forever by default unless you change the settings. Additionally, Google’s cookie trackers exist on 75% of the top 3 million websites (DuckDuckGo, 2021). Take a moment to let that sink in. It’s not just that though, Google also filters the search results you see return when you conduct a search which means that certain sites who pay Google money can get top ranking on search results returns. So, that means that you’re not necessarily getting the ‘best’ search results. In some cases, you’re getting what companies paid Google to tell you is the top result for your information search.
With DuckDuckGo, if you search for cars you might see an advertisement for a car but it’s not going to be ultra-targeted to your past search history like Chrome’s search engine might do. Additionally, DuckDuckGo automatically blocks tracker cookies and affords users site encryption by default whereas users may need to take additional steps to enable these features within Google Chrome’s search engine.
Another aspect of DuckDuckGo that is actually a net positive for me is that it is blocked by China which tells me that DuckDuckGo is good for privacy. Most tech services that are blocked by China, Russia, and other authoritarian regimes are blocked because those governments don’t want their citizens to be able to bypass government surveillance monitoring. It tells me that DuckDuckGo puts the internet browsing privacy of its users over international politics and that they won’t bend to authoritarian regimes (Millward, 2014).
There has been some speculation within the tech industry that Apple may seek to acquire DuckDuckGo so it can finally divest from Google. However, there hasn’t been anything official from either Apple or DuckDuckGo regarding the potential acquisition. There is also concern that if DuckDuckGo were acquired by Apple that it would countermine the privacy aspects of the currently independent nature of the search engine.
Startpage is Another Potential Option, but…
Startpage, another privacy-first internet search engine provider, is another potential option to consider. However, despite Startpage being headquartered in the Netherlands which falls under Dutch and GDPR strict privacy regulations, the company CEO, Robert Beens, announced in 2020 that U.S. company System1 via its subsidiary Privacy One Group partially acquired (i.e., majority-owned) Startpage through investments. The public relations announcement from the CEO was murky to say the least, however. Still, very little is known about System1/Privacy One Group or what its true motives are. It is prudent to tread carefully here until more information comes to light.
Startpage CEO Robert Beens discusses the investment from Privacy One / System1 — Startpage.com…
Earlier this year, we announced a significant investment in Startpage that we are excited about. This will enable us to…
Startpage’s CEO was and has been intentionally vague about this partial acquisition and there’s speculation as to whether the company is a Dutch or U.S.-owned company at this point despite Beens saying it’s still a Dutch-owned and operated company. It’s not surprising that Startpage doesn’t mention anything about it being majority-owned by U.S. investors. They likely don’t want to dissuade users from using their search engine. Company ownership and headquarters location matters in terms of legal jurisdiction and government access to data. Even if it is still Dutch-owned, if you understand how majority stake ownership works in any business then you also understand how the direction of a company can change very easily.
DuckDuckGo is a fully remote company with employees scattered over 15 countries which according to their website is headquartered in Paoli, Pennsylvania. I’m more comfortable with the ‘evil ogre’ in my own backyard that is the U.S. government being able to submit search warrants and subpoenas to DuckDuckGo because, well, DuckDuckGo doesn’t track user search history which means there isn’t anything to hand over to authorities in the first place. Search until your heart’s content. All of your traffic, even cookies is anonymized.
Startpage Acquired by System1, Privacy One Group — Still Safe?
Recently there has been lots of talk about Startpage being acquired (or at least partially acquired) by a US company…
If the above-referenced article is accurate, then there appears to be at least some cause for alarm due to the lack of transparency by Startpage. On the same token, I’m also suspicious of any so-called cybersecurity, self-proclaimed privacy experts, or journalists who promote non-transparent services like these. You’ve got to be very careful with whom you trust with your data and from whom you take privacy or security advice. Just because one company’s free, “privacy-themed” product or service is located in the Netherlands or Switzerland (i.e., the gold standard for privacy), it doesn’t necessarily mean it is a better privacy technology service option.
As a longtime security engineer, let me assure you that there are many factors to be considered that can compromise the effectiveness of particular technology services. But when a company isn’t honest and transparent about who even owns the majority of the company, well that is just a dead giveaway to steer clear of it in my humble opinion. Privacy is about trust and my trust is in short supply these days. I simply don’t trust Startpage because of the reasons I stated above. PrivacyTools.io even posted a disclaimer about Startpage on its website and it lists the top 3 privacy-respecting search engines as Searx, DuckDuckGo, and Qwant as pictured below. Decide for yourself what search engine to use.
Browser Add-Ons (Extensions)
In addition to the search engine and browser privacy aspects, installing browser add-ons such as EFF’s Privacy Badger, uBlock Origin, HTTPS Everywhere, Decentraleyes, ClearURLs, and xBrowserSync provide extra help in improving privacy. It’s best not to get too carried away though when it comes to browser extensions because they are a direct threat to both your privacy and security. The fewer browser add-ons, the safer your browsing experience. Sometimes, browser extensions are sold off to other developers who make bad changes to them in terms of privacy without notifying users or it’s contained somewhere in the fine print. Limit your attack surface by only installing what you need.
The moral of the story is that we are all being tracked in so many ways, especially on the internet for both marketing and potentially by government authorities. So, why would you willingly make their jobs easier by using non-privacy-respecting search engines? Ask yourself that question.
*The author is an independent security researcher and is not affiliated with DuckDuckGo or any other privacy tool developers
Here’s Why Signal Is Better for Your Privacy Than WhatsApp or Telegram
*Note: This article was originally published by the author on January 10, 2021.
Here’s Why Protonmail Is Better for Your Privacy Than Gmail
*Note: This article was originally published by the author on December 7, 2020.
Web Anonymization Techniques 101
*Note: This article was originally published by the author on September 24, 2020.
z3r0trust Privacy Newsletter_47.20
*Note: This article was originally published by the author on November 21, 2020. A concise weekly privacy digest with…
Transport Layer Security Is Not A Substitute For Virtual Private Networks
*Note: This article was originally published by the author on July 24, 2019.
Koch, R. (2019, December 9). Most secure browser for your privacy in 2020. Retrieved from https://protonmail.com/blog/best-browser-for-privacy/
Millward, S. (2014, September 21). DuckDuckGo joins Google in being blocked in China. Retrieved from https://www.techinasia.com/duckduckgo-joins-google-blocked-china
Privacy Tools (2021). Browsers. Retrieved from https://www.privacytools.io/browsers/