We're trying to put all the privacy essentials we can make seamless -- tracker blocking, upgraded encryption, private search and more to come -- all in one package, across all major browsers and platforms. In this respect, on any major mobile device or desktop browser, you should be able to look up DuckDuckGo and with one download get seamless privacy protection as you search and browse the web.
With regards to tracker blocking in particular, there are more nuanced UX differences. In the UI we're trying to move away from 'x trackers blocked' and instead group trackers from networks together, trying to identify the umbrella company and purposes.
Second, we're grading each site based on its privacy measures (including privacy policies with help from TOSDR), and telling you at a glance how protected you are on an A-F scale, based on what we could do (e.g. block trackers and upgrade encryption).
Ghostery makes/made its money selling things like a report on what advertising ends up being on your site, which you as site owner might quite reasonably want to know. (Advertising space is sold and resold at dizzying speed.)
IIRC Ghostery recently sold itself to Cliqz, which in turn is owned by Burda, a publishing conglomerate. Mozilla owns a bit too.
Yes, looks like they are now owned by some other company. Previously, one of many references [1] said this, which really smells fishy to me(Now not sure if the article itself is wrong):
"Ghostery is owned by Evidon, a company that collects and provides data to advertising companies. It has a feature called GhostRank that you can check to "support" them. The problem is, Ghostery blocks sites from gathering personal information on you—but Ghostrank will take note the ads you encounter and which ones you block, and sends that information back to advertisers so they can better formulate their ads to avoid being blocked. The data is anonymous, and Ghostery still does everything it promises to do to protect your privacy."
Seems logical - if you're an advertising company or an organized group of advertising companies and you know that people are going to be doing ad-blocking or at least tracker-blocking, if you can provide a tool that's 90% of the way there which also gets you metrics, etc. then at least you get that little bit of data and the existence of a "good enough" option may also delay stronger measures implemented by someone else.
That assumes that ghostery users block some ads, not all.
Try this alternative: The reports sold by ghostery tell example.com the link targets and reseller chains for each ad on its site, so it can keep away the ads for herbal viagra or fake gucci clothes. (Ad space is often sold through resellers, I've seen five-reseller chains myself and have heard stories about longer ones.)
Some sites have 100s of fallback ads and trackers (usually just domains and subdomains), once tracker 1 failed to load, it tries to load 2 which is the same file on a server, but with different URL. They have literally 100s or 1000s of such fallback URLs.
This is why the internet won't get better until ads are cut out like a cancer.
It is more profitable for them to keep adding layers of ads and trackers than it is to actually build something useful that people would be willing to pay for.
I'm just grateful that they still serve ads over separate domains, instead of rigging up the ad tech on the server side and embedding tracking into the "functional" Javascript.
I get more worried that once Wasm hits, the only way to tell if you're being tracked will be to monitor individual HTTP requests, which even then might become impossible if everything is sent to and from opaque CDN domains.
I imagine the only thing currently standing between us and this nightmare is that people don't want to actually work with any tracking on the backend; easier to embed it in the front-end and let the vendor put whatever they want in the script and serve all the requests.
Only a matter of time until Cloudflare starts offering ads. They can embed them at the edge with no/minimal JS and links/image files of the host domain.
I'm not sure I understand what value DDG is providing exactly.
I use Bing with cookies and JS disabled. DDG on the other hand can't be used with JS disabled.
Before you say that privacy is about cookies and JS has no bearing in it, think that Google for example uses all kinds of JS to gather information about your browser. That's extra datapoints that they gather about you.
Yes, I agree that the JS-less version could be more discoverable. I learned about it years ago when DDG was new, in some online discussion forum - perhaps even here on HN - and have been using it via a keyworded bookmark ever since. I never even visit their title page.
I'm trying to get this working on Firefox right now. Doesn't work for some reason. I'm trying to associate keyword "d" with duckduckgo.com/html, but instead I just land on duckduckgo.com/html itself.
Interesting. I just tried using it on the tor browser (which comes with noscript) and you're right, it does redirect.
However when I access it on Firefox + umatrix with all js disabled, it doesn't.
I suspect I know what it is. Possibly noscript sends some header saying that the browser doesn't have JS which causes ddg to respond with the redirect, whereas umatrix just breaks the whole thing entirely.
EDIT: I just tried going to about:config and setting javascript.enabled to false, and indeed now I get redirected. This has significantly improved my view of ddg.
AFAIK it's the handling of <noscript> blocks in the HTML: if JS is on in the browser, the browser skips the block and extensions can't easily activate it after-the-fact.
> However when I access it on Firefox + umatrix with all js disabled, it doesn't.
Be sure you have the setting "Spoof <noscript> tags" enabled if you want noscript tags to be rendered when 1st-party scripts are blocked. It's a per-site setting, but you can enable it globally in the "Settings" pane in the dashboard.
I am not so sure why you are getting different results but the page redirects me to the '/html' section when I use the search-query and explicitly forbid everything (besides html).[0] And it is readable, even if css is disabled.
This announcement is more than private search; it's all the privacy essentials to search and browse the web -- tracker blocking, upgraded encryption, and private search (with more to come) -- all in one package, available on all major desktop browsers and mobile platforms.
With regards to the search component, we actually offer two Non-JS sites: https://duckduckgo.com/html & https://duckduckgo.com/lite. Also, turning off JS and cookies still doens't prevent a search engine from tracking you, which they can do simply by your IP address.
That's quite cool, thank you. For some reason it I can't make it work with Firefox's "search keyword" (the feature of starting a query with a keyword on the smart-bar which forwards that query to the search engine of your choice)
> Also, turning off JS and cookies still doens't prevent a search engine from tracking you, which they can do simply by your IP address.
Sure. Some datapoints about you are easier to hide than others. So are you saying that DDG doesn't store that?
Can I give you a suggestion. When someone is using ddg with JS off, I think that dgg shouldn't "redirect to non-JS site". Instead you guys should have the same page being useable without JS using the <noscript> tag. Google and Bing both have achieved that, so it's possible.
>When you search at DuckDuckGo, we don't know who you are and there is no way to tie your searches together.
> When you access DuckDuckGo (or any Web site), your Web browser automatically sends information about your computer, e.g. your User agent and IP address.
> Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy.
They also provide tools to help prevent other sites from tracking you:
>Finally, if you want to prevent sites from knowing you visited them at all, you can use a proxy like Tor. DuckDuckGo actually operates a Tor exit enclave, which means you can get end to end anonymous and encrypted searching using Tor & DDG together.
>You can enter !proxy domain into DuckDuckGo as well, and we will route you through a proxy, e.g. !proxy breadpig.com. This feature is part of our !bang syntax. Unfortunately, proxies can also be slow, and free proxies (like the one we use) are funded by arguably excessive advertising.
I occasionally get trolled around my previous company, Opobox, an early social networking company that I ran from 2003-2006. As far as I can tell, the trolling theme is that since I ever was associated with any kind of social networking company, that somehow taints me/DuckDuckGo. It's purpose was to help reunite old friends and classmates, and it actually helped develop my privacy views and practices for what became DuckDuckGo.
For example we did what I think were some innovative things:
--We collected the minimum amount of information possible.
--Allowed people to automatically remove all their minimal information permanently with one click or email.
--Actually charged money as a business model instead of using advertising.
--Never worked with any third-parties in terms of data targeting (and didn't need to since that wasn't our business model).
Of course, these also made the company ultimately not able to compete in the space, which was completely subsumed by Facebook.
I took these privacy ideas to DuckDuckGo, though, and realized in the case of Web search the minimum amount of information needed is actually zero. Hence, our privacy policy.
Unfortunately, like with social networking, there is an established freeness in the market, and so it is hard to charge people en masse. Fortunately for web search though, you can make plenty of money without tracking people, and so we've been profitable since 2014 and have no long-term viability issues.
w00t!! Is there some great public link that would be best to use in contacting the rare honorable advertiser who might advertise with DDG?
I'm thinking along the lines of a conversation about why it's unethical to feed Google / FB etc. given their fundamentally invasive business models and someone asks what to do otherwise, so I send them a great intro link that explains both that advertising on DDG is good ROI and more ethical…
I wonder how DDG's new privacy tools compare to uBlock and Brave.
The Terms of Service; Didn't Read [0] project is super cool. Looks like their information is a bit dated though. Hopefully teaming with DDG will give them a boost.
We're working on that. Because the content blocking mechanism doesn't offer fine-grained controls, we couldn't make it seamless and still block the things we think should be blocked -- like Google Analytics.
Hmm, can't speak for other people, but I seldom whitelist anything. I just leave or avoid the site. I also has Safari configured to go into Reader Mode automatically. Makes for a very clean web.
Have DDG written anything about how you make money?
I wouldn't mind paying a modest yearly fee. And I also wouldn't mind getting to vote on feature-requests such as "Better support for presenting stackoverflow results".
> Because the content blocking mechanism doesn't offer fine-grained controls, we couldn't make it seamless and still block the things we think should be blocked -- like Google Analytics.
Just curious, what about the Content Blocking API makes this impossible? I was under the impression that you could block JavaScript from the rule list.
Some google analytics code is embedded into buttons that are essential for the Web site to operate, so if you block them then the website will cease functioning properly. To get around that, we still block it, but insert some inert code in its place that will make the button function again properly. This nuanced replacement is not available through the API -- it's more all or nothing.
I applaud the initiative, but how does the Firefox extension differ from Privacy Badger or Disconnect?
Does the extension learn trackers as it goes, like Privacy Badger? What does it offer over something like uBlock Origin with the appropriate tracking blocklists?
Also in Firefox, I now have two "Search DuckDuckGo" entries in the right click menu, one from being the default search engine, and one (with an icon) from the extension. They do the exact same thing, so why have them both?
We're trying to put all the privacy essentials we can make seamless -- tracker blocking, upgraded encryption, private search and more to come -- all in one package, across all major browsers and platforms. In this respect, on any major mobile device or desktop browser, you should be able to look up DuckDuckGo and with one download get seamless privacy protection as you search and browse the web.
With regards to other extensions, we found that they generally lack some combination of all the essentials (e.g. missing encryption, private search), aren't totally seamless (i.e. break some of the web), or aren't available across all major browsers and platforms.
With regards to tracker blocking in particular, we would like to be as comprehensive as possible while not breaking the Web, and are close to that with this initial launch, utilizing some open source lists including Disconnect and Easylist. We are not currently using the machine learning aspects of Privacy Badger, however.
There are more nuanced UX differences, however. In the UI we're trying to move away from 'x trackers blocked' and instead group trackers from networks together, trying to identify the umbrella company and purposes.
Second, we're grading each site based on its privacy measures (including privacy policies with help from TOSDR), and telling you at a glance how protected you are on an A-F scale, based on what we could do (e.g. block trackers and upgrade encryption).
Thank you for the feedback on the right-click menu. We will look into that.
One privacy essential is a built-in vpn/proxy like Opera has done with its browser, this makes it slightly harder for some fingerprinting ad trackers to follow a user around.
Proxies can be useful, but I'm not comfortable with sending all my traffic over a centralized proxy operated by a single entity. Just like Cloudflare, the entity that runs the proxy gets a free pass to MITM everyone!
A decentralized solution that can be easily configured to send traffic over any third-party VPN service, HTTP proxy, or ssh tunnel would be much cleaner. Bonus points if the proxy seamlessly kicks in only when visiting a site with a low privacy score or when browsing on public Wi-Fi.
How are you dealing with the "temporary disabling" scenario?
I have Disconnect and uBlock, but then it's a pain to use sites like Quidco, that rely on tracking. Ideally one should be able to easily say "disable all protections for 20 minutes" or something like that, do what needs to be done, then after re-enabling protection the slate (cookies etc) is wiped clean (or ideally brought back where it was before the suspension).
The way I end up doing it, I must keep a browser (typically Safari or Explorer) fairly unprotected just to deal with those transactions, and use the hardened-up Firefox for everything else. That's suboptimal.
What I gather is that the new DDG extension functions roughly as a replacement for Disconnect/Ghostery (or specific lists in uBlock Origin), HTTPS Everywhere and ToS;DR, as well as adding DDG search to the browser (if applicable)?
As a one-stop extension, that's a pretty good deal. In addition to the learning aspect like in Privacy Badger, have you also considered canvas blocking/scrambling, link referrer cleaning and possibly a function similar to Decentraleyes, to prevent big CDN tracking?
slightly off topic but will the extension work for mobile as well? [off topic bit:] because I've noticed the mobile ddg experience isn't as great as on desktop: the !bangs are harder to type, image search on mobile is frustrating, etc... (and even more off-topic: have you considered partnering with tin-eye for reverse image lookup?)
On mobile, we produced apps that have all the extension functionality, plus additional browser functionality, and more privacy browser features like a one-tap erase data button (we're calling the fire button).
Thank you for the feedback on image search -- tineye is something we've considered, though haven't implemented yet.
I'm not really interested in a different browser, though. I like Firefox, and I like the consistent sync to my other devices running Firefox.
Right now the DDG plugin doesn't work on Firefox for Android, it just says "we don't filter special pages" or somesuch, probably because it tries to filter its own tab? (Firefox Android pops up extensions in separate tabs)
btw I just tried image search again after being scared off a while ago because it was buggy, and it's in a much better state than it was back then!
Love how you guys show you don't have to sell out to be able to thrive, and that caring for freedom shouldn't come at the cost of design or functionality (quite the opposite!)
No issue here on 58, with uBlock Origin and Privacy Badger. Maybe HTTPS Everywhere conflicts, as it provides the same functionality as DDG (forcing pages to use HTTPS).
Disconnect" was killing/blocking the Google's captcha so it had to "go". I am using AdBlock+ (a slightly earlier version when Ctrl+Shift+V still works), NoScript and a BIG hosts file from someonewhocares.
I am more than happy to see and adopt any efforts that would reduce tracking and props to DDG for doing the effort!
I will of course be checking/testing their app on iOS as well!
DDG as a search engine is just good. Its been my default for a long time. I wish Mozilla would make it the default so more users could be introduced to it. Why hasn't this happened yet?
Advertising. But not via tracking and personalization. They show ads to you based on the keywords you used to search and don’t follow you around the web.
Ads of course. Bot not as greedy as google. Not tracking every fingerprint of you. They just show sponsored search results according to your search terms at that moment, in contrast to your whole browsing history/habits.
I use ddg as my main search engine but disabled ads because I can't stand them. I wish they'd let me pay for the service. "If you're not the customer you're the product". I want to be the customer.
I tend to agree, but at least a few times a day have to resort to using !g to actually find a decent result. It's usually Angular/Symfony related but just last week I couldn't find the website of my local tennis club at all, not even by exact name. On google it was the first result...
The answer I suppose is almost always found on stackoverflow.com anyway, so why not go to SO search directly? Because SO search isn't up to it of course.
Why don't they improve their search system? I think they're really leaving money on the table, or maybe it's a job for a third-party SO search app for a fellow HNer (not that there aren't already enough SO scrapers showing up in searches).
For me DDG results are vastly inferior to Google's. If there was a search bar addon that defaults to DDG with the !g bang I would happily set it as default though
Convenient redirection? If you do a search on DDG and don't get a viable result, move to the beginning of the search field and add !g and try again.
Depending on their logging, this may also allow DDG to see what kinds of searches are being done and then redone/redirected to Google. In aggregate, that may provide useful information on areas where their search results aren't good enough.
Just to clear things up: it really doesn't matter where you include the bang. The beginning, the middle, or the end of the search query, the result is the same.
When looking at the search results H, left or right arrow, and type in the bang.
Use Firefox and Container Tabs. I have set up a Container for Gmail and use tabs for Google Calendar, sites that use Google for authorization, etc.
My default window (and other Container Tabs) doesn't have a Google account attached to it. So I see "Sign In" on the top right when doing Google searches.
you can use !s instead, which goes to startpage, a proxy for google search results (i don't think it will completely hide you from google, but it's better than a naked !g search).
It's really odd - sometimes it's great or even better than Google, other times it just does really weird stuff. Putting porn at the top of the results, totally ignoring one aspect of a topic and giving 2 pages for only one meaning of the word (I assume Google has special handling for that?), when maps are shown for geographic queries seems to follow no pattern at all, ...
Let me use this thread to lazily look for simple advice.
For privacy, I'm now using: DuckDuckGo Plus, First Party Isolation, Smart Referer, HTTPS Everywhere, uBlock Origin, Privacy Badger, Canvas Defender and Decentraleyes. There's also NoScript installed, but disabled (waiting for its clickjacking protection to return in WebExt version, although I might switch back to whitelisting JS sometime). Plus there's also Firefox's Tracking Protection enabled all the time.
Anything worth adding? Anything that can be removed for sure, cause it just duplicates something else from this list? Anything should be replaced? (if yes, then why?)
ClearClick is what I'm interested in, not script blocking, at least right now. WebExt version doesn't have it now, but I'm keeping it installed, so it just upgrades when it's added back.
Firefox bypasses right-click blocking when you press shift.
What it doesn't bypass is websites placing transparent things on top of what you wish to right-click on (for example images on Twitter). For that I use Stylus to add CSS and move things away.
It's not about right-click bypassing, it's exactly about transparent things. ClearClick checks whether the image of what you click matches the image of element that's being clicked, shows you the preview and asks if you really want to click it. The best pre-WebExt feature of NoScript.
Are you using Firefox Quantum? I used to whitelist cookies on a per-site basis, but WebExtensions no longer appear to have the necessary access for that, and the built-in settings page is too much of a hassle. Would be interesting if uMatrix has a way to provide the functionality anyway.
> as an additional benefit it helps fight the ad industry actively
What does that mean, and why would I want to fight the ad industry actively? (I'm being serious, I don't like the tracking of the ad industry generally resorts to online, but I think blindly assuming the whole industry has no value whatsoever is very shortsighted)
Edit: Man, I hate when I write 300+ words on a a reply only for the parent comment to be deleted prior to my getting to post it. :/
> For privacy, I'm now using: DuckDuckGo Plus, First Party Isolation, Smart Referer, HTTPS Everywhere, uBlock Origin, Privacy Badger, Canvas Defender and Decentraleyes.
How does the Safari extension play with the native content blockers like 1blocker? Is this supported? I noticed that with 1blocker enabled, the initial grade is usually higher than what it would be without 1blocker.
What is the advantage of this over Firefox Focus? And is the Privacy Essentials extension available for Firefox for Android? Trying to understand why I should use the DDG app over either of those two, since the DDG app seems like it is just a browser without tab functionality.
Also, not really related, but does anybody know how to make the home screen search bar on Nexus/Pixel phones use DDG instead of Google?
Tab functionality should be coming shortly, along with other standard browser functionality -- feel free to influence the roadmap with more suggestions :).
It is not available yet for Firefox for Android, though we would like to make it so shortly.
Our app additionally includes a few things:
--Upgraded encryption, in that if we can determine a site works on an encrypted version, we will also send you there automatically.
--Privacy grading, in that we show you at a glance how protected you are, which you can tap to dig into the details. We have more to do, though we've spent a long time trying to make this UX intuitive and informative, including an A-F grading scheme, grouping trackers by networks, and showing you over time who we caught trying to track you.
--Special attention given to blocking while at the same time not breaking the Web.
Can you please elaborate as to the issue -- I'm having trouble understanding exactly what is going on. If it is easier, you can email me directly at yegg at duckduckgo.com
OK, so when the Extension is installed in Chrome it takes over the omnibox search, directs it to DDG, and does not allow it to be changed.
Put differently, to get the features like tracker blocking, privacy policy scoring, etc. you must also be using DDG for search. I'd call that something that probably should be changed, or at least changeable in the options.
Unfortunately, this is currently the way Chrome works. We're looking for a way around it, but it looks like they changed this behavior sometime last year. In other browsers you can easily use another search engine without disabling the entire thing.
I actually made that stories feed originally for myself, before DuckDuckGo even existed. As I still rely on it, I ported it personally to https://twitter.com/watrcoolr
This isn't really a big deal, but the features they are touting as new "today" have been in the FF version of the extension for at least the month or so I've had it installed. I'm honestly curious if I'm missing something or not.
We had to soft-launch early in Firefox because of the change in Firefox 57 of how extensions work, though were still getting out the kinks and preparing it for the rest of the platforms.
Use DuckDuckGo every day, but wish it had a date range of one year as a search filter like google, needed for programming searches where the landscape changes rapidly...
This has been a long-term struggle to get right, though I really see the light at the end of the tunnel and think it may come sometime this year, hopefully sooner than later.
For others who may not know though, we do have last month -- drop down above results.
I just wanted to take a moment and write my appreciation for your fantastic work. Services such as duckduckgo are needed now more than ever. The fact that it is stable and responsive enough for me to depend on it 100% every work day is amazing
Curious, why is that of all things so hard to implement compared to the gargantuan task of searching the entire internet? I know nothing about the field of search or big data but it seems to an outsider like it would be almost trivial compared to the rest of what you do.
However, there can be situations where it gives you malicious results instead.
Some months back a client of mine was searching for some insurance forms and included the year. The actual forms don't change often and the insurance company website did not include a year, so what she got instead was a bunch of malicious results for pages that included all of her terms plus a year. She was using either Bing (because it was the search engine on her browser on Windows....) or Yahoo, but a very similar set of results came up on DuckDuckGo when I checked there. Google's results were clean.
I did report the issue to both Bing and DDG, but I haven't gone back and tested whether results have improved.
Ukraine region not available any more: while "ua-uk" URL parameter is still mentioned on search params page[1], it's not working. I didn't get the answers on DDG forum (now closed in favor of reddit), neither on /r/duckduckgo. I suspect this could be connected somehow to Yandex block. Anyway, currently can't use DDG for local search, sad :(
Thank you so much! We really appreciate the support and are glad that you're enjoying the search experience. This announcement should give you more privacy protection when you leave our search results pages.
I notice AdNauseam blocks your adds even when I have it set to allow non-tracking ads. What sort precautions does DDG do to protect users who use your ads?
Our entire search results page is anonymous at page load, and our ads are non-tracking in the sense that they are just based on that one search page request and have nothing to do with any other personal information (as we don't have any). It's unfortunate that adblockers are blocking our ads, but I understand that our more privacy-aware ads are extremely rare.
Privacy is cool and all, but I switched because Google was very obviously suppressing results. I don't want to be in a political bubble, completely unaware of events that might not be pleasing to Google employees. I'm not Google's small child.
One thing I often add to my search terms is the site: tag to restrict results to, say stackexchange, reddit, etc... In the past it's been a necessity to get non-spam results on DuckDuckGo. I'm not sure how needed it still is.
I'm using DuckDuckGo every day, but I wish DuckDuckHack was easier to contribute to. Maybe something like letting users load their own modules for local use, and public repositories? I'd like to help improve instant answers and widgets (like json pretty print).
It wasn't really difficult to contribute to them about a year or two ago. I've contributed a couple of cheatsheets (for example, clicking on the info icon when searching for "nmap cheatsheet" will reveal my GitHub username), which were, at the time, considered a low-hanging fruit way of contributing instant answers.
Later on, I was later on added to the DuckDuckHack Contributors team[0], which was border-line spamming, up to the point where I had to redirect email notifications from the DuckDuckGo organization to my non-primary email address. Occasional email is fine, a dozen or two dozens of emails in my inbox almost every single day was not.
And finally, I am aware that there was some grand change about how people contribute to DuckDuckGo introduced relatively recently, which makes my experience a bit outdated.
The combination of their actions after I've contributed to them made me pretty uninterested in the idea of contributing more instant answers. Nowadays, I only suggest bangs from time to time, which is as easy as filling out a form[1].
Sorry about the experience you had with the org. DuckDuckHack is indeed in maintenance mode right now as we couldn't figure out the best contribution model that scaled with the search engine, though are still thinking about how to do that.
All of these new apps and extensions are open source though, and we'd welcome any contributions.
One of the many nice features of DDG is that you can fall back to Google searches trivially enough by adding a "!g" at the front of your search results. The bang syntax also works for directing searches to YouTube, Wikipedia, etc.
I value my privacy, so the few times I have to redirect a search to Google is a small price to pay. Definitely recommend making the switch.
(Of course, if Google already knows everything about you, you'll probably find their results much better tuned for you, so YMMV. I was quite amused and pleased when all the suggested search completions for—IIRC—"git" in a recent DDG search were completely irrelevant to me.)
334 comments
[ 4.7 ms ] story [ 303 ms ] threadWith regards to tracker blocking in particular, there are more nuanced UX differences. In the UI we're trying to move away from 'x trackers blocked' and instead group trackers from networks together, trying to identify the umbrella company and purposes.
Second, we're grading each site based on its privacy measures (including privacy policies with help from TOSDR), and telling you at a glance how protected you are on an A-F scale, based on what we could do (e.g. block trackers and upgrade encryption).
[0] : https://addons.mozilla.org/en-US/firefox/addon/donottrackplu...
Ghostery makes/made its money selling things like a report on what advertising ends up being on your site, which you as site owner might quite reasonably want to know. (Advertising space is sold and resold at dizzying speed.)
IIRC Ghostery recently sold itself to Cliqz, which in turn is owned by Burda, a publishing conglomerate. Mozilla owns a bit too.
"Ghostery is owned by Evidon, a company that collects and provides data to advertising companies. It has a feature called GhostRank that you can check to "support" them. The problem is, Ghostery blocks sites from gathering personal information on you—but Ghostrank will take note the ads you encounter and which ones you block, and sends that information back to advertisers so they can better formulate their ads to avoid being blocked. The data is anonymous, and Ghostery still does everything it promises to do to protect your privacy."
[1] : https://lifehacker.com/ad-blocking-extension-ghostery-actual...
Try this alternative: The reports sold by ghostery tell example.com the link targets and reseller chains for each ad on its site, so it can keep away the ads for herbal viagra or fake gucci clothes. (Ad space is often sold through resellers, I've seen five-reseller chains myself and have heard stories about longer ones.)
It’s cool to know where not to go if you can avoid it
Some sites have 100s of fallback ads and trackers (usually just domains and subdomains), once tracker 1 failed to load, it tries to load 2 which is the same file on a server, but with different URL. They have literally 100s or 1000s of such fallback URLs.
It is more profitable for them to keep adding layers of ads and trackers than it is to actually build something useful that people would be willing to pay for.
I get more worried that once Wasm hits, the only way to tell if you're being tracked will be to monitor individual HTTP requests, which even then might become impossible if everything is sent to and from opaque CDN domains.
I imagine the only thing currently standing between us and this nightmare is that people don't want to actually work with any tracking on the backend; easier to embed it in the front-end and let the vendor put whatever they want in the script and serve all the requests.
I use Bing with cookies and JS disabled. DDG on the other hand can't be used with JS disabled.
Before you say that privacy is about cookies and JS has no bearing in it, think that Google for example uses all kinds of JS to gather information about your browser. That's extra datapoints that they gather about you.
In any case, I'm still waiting to understand why this is better than using any other search engine with cookies and JS turned off.
I'm trying to get this working on Firefox right now. Doesn't work for some reason. I'm trying to associate keyword "d" with duckduckgo.com/html, but instead I just land on duckduckgo.com/html itself.
However when I access it on Firefox + umatrix with all js disabled, it doesn't.
I suspect I know what it is. Possibly noscript sends some header saying that the browser doesn't have JS which causes ddg to respond with the redirect, whereas umatrix just breaks the whole thing entirely.
EDIT: I just tried going to about:config and setting javascript.enabled to false, and indeed now I get redirected. This has significantly improved my view of ddg.
Be sure you have the setting "Spoof <noscript> tags" enabled if you want noscript tags to be rendered when 1st-party scripts are blocked. It's a per-site setting, but you can enable it globally in the "Settings" pane in the dashboard.
Thank you so much for umatrix! It really has changed the way I use the internet.
[0]: https://i.imgur.com/Y2SdDFQ.jpg
With regards to the search component, we actually offer two Non-JS sites: https://duckduckgo.com/html & https://duckduckgo.com/lite. Also, turning off JS and cookies still doens't prevent a search engine from tracking you, which they can do simply by your IP address.
That's quite cool, thank you. For some reason it I can't make it work with Firefox's "search keyword" (the feature of starting a query with a keyword on the smart-bar which forwards that query to the search engine of your choice)
> Also, turning off JS and cookies still doens't prevent a search engine from tracking you, which they can do simply by your IP address.
Sure. Some datapoints about you are easier to hide than others. So are you saying that DDG doesn't store that?
On privacy, yes, -- that's our privacy policy in a nutshell: we do not collect or share any personal information -- https://duckduckgo.com/privacy
>When you search at DuckDuckGo, we don't know who you are and there is no way to tie your searches together.
> When you access DuckDuckGo (or any Web site), your Web browser automatically sends information about your computer, e.g. your User agent and IP address.
> Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy.
They also provide tools to help prevent other sites from tracking you:
>Finally, if you want to prevent sites from knowing you visited them at all, you can use a proxy like Tor. DuckDuckGo actually operates a Tor exit enclave, which means you can get end to end anonymous and encrypted searching using Tor & DDG together.
>You can enter !proxy domain into DuckDuckGo as well, and we will route you through a proxy, e.g. !proxy breadpig.com. This feature is part of our !bang syntax. Unfortunately, proxies can also be slow, and free proxies (like the one we use) are funded by arguably excessive advertising.
For example we did what I think were some innovative things:
--We collected the minimum amount of information possible.
--Allowed people to automatically remove all their minimal information permanently with one click or email.
--Actually charged money as a business model instead of using advertising.
--Never worked with any third-parties in terms of data targeting (and didn't need to since that wasn't our business model).
Of course, these also made the company ultimately not able to compete in the space, which was completely subsumed by Facebook.
I took these privacy ideas to DuckDuckGo, though, and realized in the case of Web search the minimum amount of information needed is actually zero. Hence, our privacy policy.
Have you considered charging for premium DDG features? IOW, what's the long-term viability of DDG?
I'm thinking along the lines of a conversation about why it's unethical to feed Google / FB etc. given their fundamentally invasive business models and someone asks what to do otherwise, so I send them a great intro link that explains both that advertising on DDG is good ROI and more ethical…
FWIW, I would pay to disable ads.
Maybe it was ahead of its time.
What user information was turned over in the buyout?
That seems like a pretty important piece to leave out, and I'm surprised nobody else asked.
I wonder how DDG's new privacy tools compare to uBlock and Brave.
The Terms of Service; Didn't Read [0] project is super cool. Looks like their information is a bit dated though. Hopefully teaming with DDG will give them a boost.
[0] https://tosdr.org/index.html
Let's hope they do in the future.
Have DDG written anything about how you make money? I wouldn't mind paying a modest yearly fee. And I also wouldn't mind getting to vote on feature-requests such as "Better support for presenting stackoverflow results".
Just curious, what about the Content Blocking API makes this impossible? I was under the impression that you could block JavaScript from the rule list.
Does the extension learn trackers as it goes, like Privacy Badger? What does it offer over something like uBlock Origin with the appropriate tracking blocklists?
Also in Firefox, I now have two "Search DuckDuckGo" entries in the right click menu, one from being the default search engine, and one (with an icon) from the extension. They do the exact same thing, so why have them both?
With regards to other extensions, we found that they generally lack some combination of all the essentials (e.g. missing encryption, private search), aren't totally seamless (i.e. break some of the web), or aren't available across all major browsers and platforms.
With regards to tracker blocking in particular, we would like to be as comprehensive as possible while not breaking the Web, and are close to that with this initial launch, utilizing some open source lists including Disconnect and Easylist. We are not currently using the machine learning aspects of Privacy Badger, however.
There are more nuanced UX differences, however. In the UI we're trying to move away from 'x trackers blocked' and instead group trackers from networks together, trying to identify the umbrella company and purposes.
Second, we're grading each site based on its privacy measures (including privacy policies with help from TOSDR), and telling you at a glance how protected you are on an A-F scale, based on what we could do (e.g. block trackers and upgrade encryption).
Thank you for the feedback on the right-click menu. We will look into that.
A decentralized solution that can be easily configured to send traffic over any third-party VPN service, HTTP proxy, or ssh tunnel would be much cleaner. Bonus points if the proxy seamlessly kicks in only when visiting a site with a low privacy score or when browsing on public Wi-Fi.
I have Disconnect and uBlock, but then it's a pain to use sites like Quidco, that rely on tracking. Ideally one should be able to easily say "disable all protections for 20 minutes" or something like that, do what needs to be done, then after re-enabling protection the slate (cookies etc) is wiped clean (or ideally brought back where it was before the suspension).
The way I end up doing it, I must keep a browser (typically Safari or Explorer) fairly unprotected just to deal with those transactions, and use the hardened-up Firefox for everything else. That's suboptimal.
And another one for BANKING without plugins and with the correct bank URLs hardcoded as bookmarks.
What I gather is that the new DDG extension functions roughly as a replacement for Disconnect/Ghostery (or specific lists in uBlock Origin), HTTPS Everywhere and ToS;DR, as well as adding DDG search to the browser (if applicable)?
As a one-stop extension, that's a pretty good deal. In addition to the learning aspect like in Privacy Badger, have you also considered canvas blocking/scrambling, link referrer cleaning and possibly a function similar to Decentraleyes, to prevent big CDN tracking?
Thank you for the feedback on image search -- tineye is something we've considered, though haven't implemented yet.
Right now the DDG plugin doesn't work on Firefox for Android, it just says "we don't filter special pages" or somesuch, probably because it tries to filter its own tab? (Firefox Android pops up extensions in separate tabs)
btw I just tried image search again after being scared off a while ago because it was buggy, and it's in a much better state than it was back then!
Love how you guys show you don't have to sell out to be able to thrive, and that caring for freedom shouldn't come at the cost of design or functionality (quite the opposite!)
<3
It appears that this combo causes the DDG extension to return a blank dropdown when I click on the DDG icon.
Disconnect" was killing/blocking the Google's captcha so it had to "go". I am using AdBlock+ (a slightly earlier version when Ctrl+Shift+V still works), NoScript and a BIG hosts file from someonewhocares.
I am more than happy to see and adopt any efforts that would reduce tracking and props to DDG for doing the effort!
I will of course be checking/testing their app on iOS as well!
With time, as DDG is getting bigger and getting more revenue I think and hope that they will become the default instead!
Why don't they improve their search system? I think they're really leaving money on the table, or maybe it's a job for a third-party SO search app for a fellow HNer (not that there aren't already enough SO scrapers showing up in searches).
Depending on their logging, this may also allow DDG to see what kinds of searches are being done and then redone/redirected to Google. In aggregate, that may provide useful information on areas where their search results aren't good enough.
Just to clear things up: it really doesn't matter where you include the bang. The beginning, the middle, or the end of the search query, the result is the same.
When looking at the search results H, left or right arrow, and type in the bang.
My default window (and other Container Tabs) doesn't have a Google account attached to it. So I see "Sign In" on the top right when doing Google searches.
- „Christian Guzman dog ava“ (dog of a YouTuber)
- „nkd dpd“ (drop-off locations for postal carrier DPD)
For privacy, I'm now using: DuckDuckGo Plus, First Party Isolation, Smart Referer, HTTPS Everywhere, uBlock Origin, Privacy Badger, Canvas Defender and Decentraleyes. There's also NoScript installed, but disabled (waiting for its clickjacking protection to return in WebExt version, although I might switch back to whitelisting JS sometime). Plus there's also Firefox's Tracking Protection enabled all the time.
Anything worth adding? Anything that can be removed for sure, cause it just duplicates something else from this list? Anything should be replaced? (if yes, then why?)
What it doesn't bypass is websites placing transparent things on top of what you wish to right-click on (for example images on Twitter). For that I use Stylus to add CSS and move things away.
What does that mean, and why would I want to fight the ad industry actively? (I'm being serious, I don't like the tracking of the ad industry generally resorts to online, but I think blindly assuming the whole industry has no value whatsoever is very shortsighted)
Edit: Man, I hate when I write 300+ words on a a reply only for the parent comment to be deleted prior to my getting to post it. :/
Tracking I'd say less: your browser is loading the ads embedded in various sites and reveals more than if it just blocked.
You forgot about F-Droid. Or you don't use it?
http://winhelp2002.mvps.org/hosts.htm
Also, not really related, but does anybody know how to make the home screen search bar on Nexus/Pixel phones use DDG instead of Google?
It is not available yet for Firefox for Android, though we would like to make it so shortly.
Our app additionally includes a few things:
--Upgraded encryption, in that if we can determine a site works on an encrypted version, we will also send you there automatically.
--Privacy grading, in that we show you at a glance how protected you are, which you can tap to dig into the details. We have more to do, though we've spent a long time trying to make this UX intuitive and informative, including an A-F grading scheme, grouping trackers by networks, and showing you over time who we caught trying to track you.
--Special attention given to blocking while at the same time not breaking the Web.
I was wondering if the app will get the "Open Link in Browser" option?
I tend to search with DDG and when I find what I want, open it in FF and keep it there. (I noticed the Bookmark bit).
Cheers!
Edit: Quick support made me change my wording to a less passive aggressive one.
1) Install App on chrome
2) Do a search using the browser's address bar
3) A dialog with the text "is this the search engine you expected" appears.
4) Click the button to revert to previous settings.
5) App is now uninstalled.
---
Problem B:
1) Install App on chrome
2) Go to chrome://settings/
3) Scroll to "Search engine used in the address bar"
4) Unable to change the settings as Chrome says "DuckDuckGo Privacy Essentials is controlling this setting".
5) Click "Disable" in the hope that the app will still be installed but with a different default search engine.
6) Entire app is disabled.
Put differently, to get the features like tracker blocking, privacy policy scoring, etc. you must also be using DDG for search. I'd call that something that probably should be changed, or at least changeable in the options.
@yegg, any chance of a stories-only spin-off app?
For others who may not know though, we do have last month -- drop down above results.
DuckDuckGo is a beacon of hope – thank you.
Some months back a client of mine was searching for some insurance forms and included the year. The actual forms don't change often and the insurance company website did not include a year, so what she got instead was a bunch of malicious results for pages that included all of her terms plus a year. She was using either Bing (because it was the search engine on her browser on Windows....) or Yahoo, but a very similar set of results came up on DuckDuckGo when I checked there. Google's results were clean.
I did report the issue to both Bing and DDG, but I haven't gone back and tested whether results have improved.
Especially for breaking news and articles that just came out like 20 minutes ago.
Google and Bing have nailed this. And I can understand why DuckDuckGo might have trouble in this area.
[1] https://duckduckgo.com/params
That was one of my first forays into open source and was hoping that there is more that I (and the community) can do to help improve DDG further.
Any thoughts?
Later on, I was later on added to the DuckDuckHack Contributors team[0], which was border-line spamming, up to the point where I had to redirect email notifications from the DuckDuckGo organization to my non-primary email address. Occasional email is fine, a dozen or two dozens of emails in my inbox almost every single day was not.
And finally, I am aware that there was some grand change about how people contribute to DuckDuckGo introduced relatively recently, which makes my experience a bit outdated.
The combination of their actions after I've contributed to them made me pretty uninterested in the idea of contributing more instant answers. Nowadays, I only suggest bangs from time to time, which is as easy as filling out a form[1].
[0] https://github.com/orgs/duckduckgo/teams/duckduckhack-contri...
[1] https://duckduckgo.com/newbang
All of these new apps and extensions are open source though, and we'd welcome any contributions.
I value my privacy, so the few times I have to redirect a search to Google is a small price to pay. Definitely recommend making the switch.
(Of course, if Google already knows everything about you, you'll probably find their results much better tuned for you, so YMMV. I was quite amused and pleased when all the suggested search completions for—IIRC—"git" in a recent DDG search were completely irrelevant to me.)