177 comments

[ 1.3 ms ] story [ 255 ms ] thread
Strangely enough, and with all the anti-google hype lately, this really makes me want to ditch google for web searches (Gmail is harder to leave...)
Good explanations of privacy issue using Google for the neophyte. Thanks for this, I'll use this link when I tell someone about the online privacy stuff.
I think it's some valid info here, and it's certainly worth being wary of the info Google collects, but I also sense a little bit of FUD here. The whole "...which can often uniquely identify you" makes me feel like this is playing on fear a little too much. It's not like that "big ebony booty" search is going to come up in a job interview any time soon guys.
Yeah but someday it might and if it does today's info will be there. Because these companies are collecting the info now.

So while there's not yet a company collecting, collating and selling this info from all the various sources the database that company will eventually sell is already being built.

Once upon a time what you did on myspace and facebook had no impact on your work life.
I really tried hard with this not to perpetrate any FUD. I re-read all the recent WSJ reporting many times and ran this by a bunch of critical eyes. Tracking down to the individual level is certainly real.
The 'F' in FUD stands for fear. While tracking down to the individual level is certainly real, it certainly isn't anything a typical user needs to be concerned about - at least not to the extent that the WSJ's encouraging.

(Many people in the ad industry assume the WSJ's spreading such FUD because the WSJ as a premium brand benefits disproportionately in a world with dumbed-down ad targeting. I don't have any evidence for this - but it would explain the WSJ's vituperativeness.)

To me, this looks like you've just reproduced the WSJ's FUD, since the FUD just happens to reflect favorably on DuckDuckGo. That's not exactly laudable, although it is understandable.

I guess that is our point of disagreement. I don't think the WSJ stuff is FUD. I think it is a long overdue expose on what is actually going on in this industry that the average person is completely unaware of.
In this case, the 'F' stands for Facts.

I know of at least two start-ups that are currently building advertising revenue streams on facebook apps and twitter that are also data mining like crazy. The goal is to replicate your "facebook friends" data and have it accessible on-demand without needing facebook. They also plan on extracting all your likes and interests. Then, if your friend (who is uniquely identifiable) buys something and its within your "liked" interests, you get a micro-targeted ad telling you your friend has bought it.

So, sometime soon, the Beacon-scandal from facebook (a few years ago, if people can remember -- users said that facebook "ruined christmas") is going to play out again on the greater web. And there will likely be no opt-out.

The company Gabe is afraid will come to be is already in the process of an alpha test. Consumers are largely ignorant of how powerful data mining software can be, and will continue to be until its "too late".

Agreed. I didn't see FUD here, just an accurate presentation of how much tracking Google does. So I decided to start out the new year by switch my search to DDG and seeing how well it performs.
>"...which can often uniquely identify you" makes me feel like this is playing on fear a little too much.

A browser signature is somewhat akin to a physical finger print.

https://panopticlick.eff.org/

bigebonybooty.com can sell your data too.

The browser signature presented on panopticlick is really not akin to a physical finger print at all.

Most of the features that are called out as making up your browser's 'finger print' actually change fairly regularly on most users machines. Using these features, your finger print would change anytime you update your browser, add a new plugin, or disalbe an old font.

You know what? I'm one of those people that can probably say "who cares", but I think I'm going to try out DuckDuckGo over the upcoming week.
How would that solve the problems listed in the original link?
Encryption would just make sure that only Google gets your search queries. They would still profile your searches. Also, opting out of Google Analytics does not affect your search profile.

But then, why should we have to opt out of this instead of opting in?

Isn't your browser, computer info, ip address sent to every site you visit? Google isn't doing that, they're just adding the search terms you used to get there. This doesn't change any of the ad stuff at all, which would still all be true when searching from duckduckgo. It's very misleading.
I switched definitely to duckduckgo one month ago and I'm happy about it. I find that for us, tech-oriented people, it provides very pertinent result pages, plus it is fast enough, and you can always !google or !wikipedia or else if not satisfied... Its recall is perhaps less than Google, but the smart handling of "spam" gives it a really nice precision. Never went on page 2!
(comment deleted)
"which can often uniquely identify you."

"and potentially show up in unwanted places, like insurance, credit & background checks."

yeah, i'm pretty sure that's not a thing that can happen.

also, if you like the internet being free then you shouldn't mind seeing ads for your demographic that get a better roi and make more money for publishers of the content you don't pay for.

If you pay with your data instead of money, how does that make a service "free"? It would only be free if your data was worthless. But then they would not collect it in the first place.
Be careful how you define value / cost / worth. It costs me nothing if they duplicate information I give them. It costs me something if it's used to abusively manipulate me. It pays me something if it's used to manipulate me (ie, what I see) in ways I approve of.
Does the duplication of private information reduce it's value? I think it does. If there is a transfer of value from you to a company then you can call transfer that a sort of payment. The company may sell you something in return, but I wouldn't confuse selling with paying.
>The company may sell you something in return, but I wouldn't confuse selling with paying.

Absolutely, those are entirely different. But you do seem to be defining "providing a service" as not-paying. If you go down that route, why do houses cost money? You are paying the builders for their service, but if that's not-paying, then you're just giving away huge sums of money for zero value in return. Tangibility isn't a defining line, or utility companies would be out (they don't provide water, they bring it to you. An intangible service.).

The service in these cases being fewer "enlarge your breasts/penis" ads for the wrong sex, or anything you may find offensive, replaced by ads which (ideally) would help you discover things you want which you may not have found otherwise. You're paying the ad services to be your personal product investigators, and they return value by providing relevancy.

edited to add more. I'm done now!

I don't see why this COULDN'T happen. There are already list brokers out there who buy information from retail outlets (all those "member" programs that collect what you buy). They then combine them into master lists to sell

In that same way if you search for Herpes and then are directed to a web site they'll have your IP and maybe a cookie. If you then go to another site and log in with your Facebook ID they'll have your IP, Name and Facebook ID.

So all it would take is an industrious list broker to start combining that info like they already do with offline info (and in fact probably combine that with the offline info to get even more comprehensive lists)

It's already happening to various degrees, and that is just what we know about. See the three WSJ articles I linked to at the bottom of the post, http://online.wsj.com/article/SB1000142405274870464860457562... http://online.wsj.com/article/SB1000142405274870397700457539... http://online.wsj.com/article/SB1000142405270230441050457556...

Their whole privacy series (http://online.wsj.com/public/page/what-they-know-digital-pri...) taken together is what inspired this page. I urge anyone interested in what is really happening to read all the articles (13 so far).

I like the internet being free, but it was also free in the early days before advertising and tracking of users were prevalent. The "content" was mainly of an academic nature, which also wasn't such a bad thing. I don't mind publishers making money on the net, and I hope they don't mind me blocking their ads, but if push comes to shove, why should we care if they go out of business when the worst case scenario would probably consist of the net going back to the way it was before?
Or, you could use https://encrypted.google.com which disables the referral[1]. You can also turn off the history[2].

Other info, like your IP address (which they partially anonymize after... 9/18/24 months (conflicting details)) and cookie[3] (which you can clear / block), is still stored. Odds are DDG does this too (edit: they don't, see replies), as it's mostly useful for overall statistics.

[1]: http://www.google.com/support/websearch/bin/answer.py?answer... [2]: http://www.google.com/support/accounts/bin/answer.py?answer=... [3]: http://www.google.com/privacy/faq.html#toc-terms-server-logs

Other info, like your IP address...is still stored. Odds are DDG does this too, as it's mostly useful for overall statistics.

You could have checked this assertion by reading DDG's plain-language privacy policy:

When you access DuckDuckGo (or any Web site), your Web browser automatically sends information about your computer, e.g. your User agent and IP address.

Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy.

Edit: TOS -> privacy policy

>This is a very unusual practice

So I was close. They even admit the odds were in my favor. Thanks for the fact!

Close, but wrong.
Which is why I edited my top post. No need to spread inaccurate information.

Since you're going on the offensive, a defensive move might be in order: no, I wasn't. I said "odds are", not "DDG does", because I didn't know for sure and did not intend to claim to. The odds are in my favor, the fact is an aberration on otherwise almost-uniform behavior by search providers.

(comment deleted)
Nope, you were just plain wrong.

The odds would have been in your favor if you have said "odds are a search engine chosen at random does this too".

But, instead, you said: "odds are DDG does this too", thus binding the odds to DDG.

Since the general stance of DDG is pro privacy, you should have reasoned that the odds were in favor of DDG NOT doing this.

(Not to mention that posting that you "were close" didn't provide anything to the discussion --apart from some ill-conceived face saving from your part).

It bound the odds to DDG in the face of a lack of information, where you can only extrapolate from what you know - other search providers. It would've bound straight to DDG if I knew one way or another, but I didn't. Context is very important for such phrasing.

I used it to say "thanks", which was the primary reason for me. The rest was perhaps ill-conceived, but it has been amusing to see the spikes up and down in its rank - it went > +10 for a while.

(comment deleted)
We do not store IPs or have any personally identifying cookies (actually no cookies whatsoever by default). We don't store user agents either, which have also been shown to be able to uniquely identify you. Also, "partial anonymization" has been shown time and time again not to work. More details on our privacy stuff here: https://duckduckgo.com/privacy.html
Yeah, there's been flack about Google's anonymization before. Specifically, they apparently remove the last 8 digits. Which allows you to (partially) reconstruct (some) people by tracing IP + cookie. A failed anonymization, absolutely, but blockable if you are already taking steps to actually guard your privacy online, as part-way-there is almost the same as nowhere-near when you have enough data.

Solved everywhere, of course, by anonymizing your IP address and blocking the cookie. And as you give your IP to the site you visit through DDG, as well as to their advertisers if you're not proactively blocking them (and those tools can fail / be nullified by a server transmission), extreme measures are the only effective means of actually protecting your privacy. As such, I don't find those two steps to be at all unexpected for someone who actually wishes to guard their privacy.

SSL doesn't disable the referrer header. It just happens to not be sent when the link you've clicked on isn't also using SSL. If the link you click on happens to be to an SSL site, they get the full referrer header as intended. A more appropriate way to hide the referrer is to just use a redirection that doesn't include the search terms.
I'm sure google is not as "evil" as those recent bashing campaigns tend to insinuate, but the fact is, if google could publish clearer, more-defined data-privacy or data-retention policies instead of the vague assertions you can find in their TOS, things would be clearer. The current situation is just feeding doubts, and nothing serious or accompanied by hard facts comes to contradict this illustrated guide
Agreed. The deeper you delve into Google's TOS, Privacy, or other legal-requirements pages, the more their corporate identity of 'fun and clear' dissolves.
I've been using Duck Duck Go as my primary search for the last month - it's pretty great! And if you need to fallback to google because you want a map or something else there are a bunch of ! shortcuts to go right there. (!map is most frequently used by me)
FYI:

!gm is a bit shorter and also goes to Google maps.

I'm forever confused by technical users who laud DDG's ! support. I love DDG and use it as my primary search engine, but Firefox has featured keyword searches for years now. Any search box anywhere can be turned into a URL keyword search.

I use "m" for searching Google Maps, "im" for Google Images, "w" for Wikipedia, "dict" and "thes" for dictionary.com, "bt" for searching torrents, and the list goes on. Just yesterday I added one so that I can type "to 123 Main St 12345" in the Location Bar and it automatically gives me the Google Maps driving directions from my house to the indicated address.

It's as simple as right-clicking a search box and selecting "Add a Keyword for this Search...". Use it :)

I've been using keyword searches for longer than I've been using DDG but the thing is that instead of looking for a site to search on, you can just search for it on DDG and if there's a ! search for it you don't need to do the extra effort. It's essentially a precompiled search library with keywords that correspond to what you want to search for.
Here goes some feedback, hopefully we can gather some suggestions for Gabriel instead of saying 'Encrypted Google' all the time...

In my opinion (using my designer side) the site lacks basic design, the text is well written, and the images make it really easy to read, but its missing some eye candy. Something to do would be structure each argument as a page/slide, and make the reading more like slides or a book.

In my opinion, -quite ironic- you should have a look (copy format) from Google's 20thingsilearned [1], the book format, with the beautiful design and the animations would make the site stand out and more attractive to be read than it is now.

But dont do as them, there is a pretty good job done keeping the text short and concise but informative and clear.

If the site is kept well formatted as well as structured and 'playful' will continue to be a pleasure to read.

Good luck with the campaign, happy to help to my default search engine :)

[1] http://www.20thingsilearned.com/

Ugh, disagree. I detest the online-slideshow thing, and often wish people would just take their "slides" and put them on the same page and just let me scroll.

Whenever I see someone doing a slideshow-type presentation, my immediate assumption is that they are just dragging me through the process so they can get more eyeballs for their advertising. (Cf. much of Cracked.com and other "Top x Lists".)

There are things that could be done to make the page more appealing, if you're not into the lowdef look that I think they're going for intentionally, but breaking it into multiple pages if it does't really have to be is just obnoxious.

Yes, I wanted to keep the lowdef look, though I'm happy to entertain any design changes within that look.
What about a scrolling format but more visually appealing? Something like benthebodyguard.com [1]

In light colors avoiding the darkness but funnier to scroll

[1] http://benthebodyguard.com/

I'm not sure if Ben the Bodyguard qualifies as "low-def". The problem with heavy designs like this is that they look great, but their efficacy is rarely ever supported by raw data.
Ok, fair opinion, but if you look at the google website, It doesnt look neither spammy nor disgusting (at least for the regular user (i think). Its clean, informative, and fun to use.

Anyway, A/B test should give him the answer to which is the best way to aproach the Google non-techy crowd

Ironically your example site is not only a Google property, but also raises a "this website is asking to store data on your computer" security warning and runs horribly slowly in my browser (maybe I'm guilty of having too many tabs open, but maybe they're guilty of optimising for Chrome...). For casual browsing I'd much rather scroll than click the right hand side of the page and wait whilst Firefox thinks about running a page curl animation. Even with it working properly in Chrome I'd rather not be slowed down like that...

For Gabriel's intended audience (presumably social media) the simplicity and silly cat memes probably work perfectly well without attempting to make it beautiful.

For me, all the FUD simply makes me think "hang on, even if I use DuckDuckgo the site that built the Herpes landing page, optimised it for health advertisers and probably has Facebook widgets too gets all that information, and is far more likely to sell their data than Google...". I don't think HN is the target audience for that page.

Given the recent spate of articles on how scraper sites that DDG blocks pollute Google results, I'd think a similar info page about how DDG's spam blacklist would go down nicely now though...

That site turned me off. I am using DDG as my primary search engine for many months now.

I really dislike the style and "atmosphere" of that site. The images are seemingly unordered and could use some borders. The images of the dog biting the women or the predator disgust me. Then some "motivationals" and memes that do not help the case.

This site gave me mental stress (the left-alignment of varied sized text and images maybe, maybe the white, maybe the images) and overall broke a chunk off the good impression the DDG creator gave me so far. I'd suggest either not making such weird site or at least make it properly designed.

(When I clicked the link I expected it to be related to the http://hackademix.net/2010/12/28/x-do-not-track-support-in-n... disaster which dramatically "uniquifies" your browser fingerprint so I started with a bad feeling. Thanks for adding ad-blocking recommendations though! And even more so: Tor!)

Truly sorry about that -- of course not the intention. I tried to keep it as simple as possible, and didn't iterate much on the design. I'm open to design changes if anyone has any concrete ideas.

Personally I hate disgusting images, and didn't think those two rose to that level. If anyone has suggestions for equally good replacements, I'm fine with that too.

Truly sorry about that...

Whenever anyone begins with "That site turned me off," it may be a good idea to hear their feedback, but it does not necessarily follow that they deserve an apology or that you need to act upon that feedback. I think you're dealing with an outlier, and we already know what trying to please them can lead to.

If anyone has suggestions for equally good replacements, I'm fine with that too.

Don't change a thing.

As Edward Everett said to Abraham Lincoln at Gettysburg: "I should be glad, if I could flatter myself that I came as near to the central idea of the occasion, in two hours, as you did in two minutes."

I thought it was hilarious. Agree that the poster is an outlier.
The only thing that really annoyed me was the proper spelling of "now" in the lolcat.
It looks like something that was thrown up quickly. If you have 'mental stress' because some pictures and text lacks design, the problem may be you, not the website.
Surely that might be the case, I was simply stating my experience.
"This site gave me mental stress"

Take it easy, man! I mean, whatever...

The first sentence when I stripped out the pictures was "When you search Google, and click on a link, your search term is sent to that site, along with your browser & computer info, which can often uniquely identify you."

Referrers are a part of the way the web has worked since before Google existed. They're a browser-level feature more than something related to specific websites. But if referrers bother you, just use the SSL version of Google to prevent referrers from being sent to http sites (or change your browser not to send referrers at all).

The corresponding sentence even for a website that strips referrers would be "When you search on domain X, and click on a link, your browser & computer info is sent to that site, which can often uniquely identify you."

Read more carefully in that light, the first sentence is really saying that third-party sites that you land on after searching or visiting a domain can track you. That's independent of whether you came from Google or any other search engine, of course.

The referrer header is indeed a reality of HTTP, but that doesn't mean we can't and shouldn't work around that reality and correct for it, if it has real privacy implications, which I think it definitely does.

By getting rid of that header I think we take away a lot of private context, i.e. the actual search terms that landed you on that page, which in and of themselves can provide a lot of background into what was personally going on with that person on that page.

So yes, the first sentence is all about the referrer header. And yes, it is just one piece of the privacy puzzle, but it is one that I think can certainly be solved. It is also a piece I feel the average person knows nothing about.

Here's the original post when I made the change to make searches externally anonymous: http://www.gabrielweinberg.com/blog/2010/05/duck-duck-go-sea...

Yup, that was the same day we announced SSL search, which prevents referrers to http sites.

I don't begrudge you trying to make privacy a selling point for DDG, but donttrack.us felt like trying to paint Google with a pretty broad brush. Honestly, it reminded me of when Privacy International decided to give Google a worse privacy rating than any other company. Here's how I responded to Privacy International at the time: http://www.mattcutts.com/blog/privacy-international-loses-al...

The fact is that Google has a good history of supporting privacy, from fighting overly broad subpoenas from the DOJ to SSL Search to creating a browser plugin to opt out of personalized advertising: http://www.google.com/ads/preferences/plugin/pluginfaq.html .

I really wasn't trying to paint with a broad brush, but instead concentrate on very specific things that I think the average person doesn't know about.

Personally, as you can gather, I don't think SSL search is enough (or browser plugins). The average person doesn't know it exists and so it essentially doesn't "exist" for most people. If you made it the default, or did something like what we did by dropping the referrer header, I think it becomes moot (at least the first sentence).

I'm really not trying to say Google is all bad or anything. In fact, I use a lot of Google services myself, e.g. Gmail. And I know you take privacy very seriously. However, the ad networks and other aggregators are starting to do some pretty scary stuff, and so I think you need to do more faster to catch up, or stay ahead of them in the privacy arena.

> "The average person doesn't know it exists"

Is there any evidence to suggest the average person really cares about privacy online to such an extent?

Yeah I'd take that with a giant pinch of salt.

"90% of respondents said they pay little or no attention to online ads."

eg the respondents are in no way a representative sample.

It also sounds like an entirely loaded poll - eg "Would you like more ability to opt out of online tracking".... "um... yes? I guess".

There's so much FUD around the issue - "should advertising networks be allowed to target products to you based on tracking". The term 'tracking' sounds bad. It sounds like they are monitoring everything you do, when in fact they're just storing a cookie and noticing which other sites you visit that also carry ads from the same network.

I don't think that statement renders the poll invalid. That is to say, I think 90% of people in general would say they pay little or no attention to online ads.

But more generally, I don't know if there is any poll that would satisfy you. I've been watching you make these comments for years :).

heh true, true.

I think generally though, a very very vocal minority make a ton of noise about privacy.

Look at adblock. If you were a newcomer to the net and just read comments here or at reddit, you'd assume everyone uses it. But the figure is more like 1 or 2% at most have adblock or similar installed.

There's this big elitist movement that supposes that only idiots click on adverts, that they only click because they're confused, that adverts are all bad and irritating. But there's no real evidence to back that up.

Nearly everyone clicks on adverts. Nearly everyone buys stuff as a result. Consumers find stuff via adverts, Sellers sell stuff via adverts. They work.

I appreciate what you're trying to do though, and hope it does pay off for you, the time is right for some google competition.

I'd be satisfied I'm wrong if adblock usage jumped to 50%+ or if more than a few thousand people used Tor or whatever the usual figure is (extremely low).

I hate ads. I despise them. And I work as a small-time consultant along with my studies.

When I install/fix a machine, I always load Firefox with adblock plus due to the amount of harassing nasty ads. Being the location where I do the majority of my business, they are almost exclusively on dialup, so even a 100kb image add is literally 25 seconds extra load time.

Now, am I anti-capitalist? Not quite. I agree that someone doing work for money (be it a sole proprietor or company) has a right to 'hang their shingle'. I most certainly do. However, when I look at content, I do not want myself distracted from material that has no bearing on what I am looking at.

And yes, I full well understand that ad-click and purchase is what increases revenue for content based websites. I also know, from the many articles here, that google is THE player in this sphere, along with their multitude of complaints.

I also, control my network connection from my side. I also control my CPU, what resides in ram, what lands on my screen, and what I choose to not display. As I look at it, we have dealt with nearing 15 years of increasingly hostile ads. I'm only reacting in kind by being hostile to them. And I attribute banners and such like the 'last minute' sale grocery stores attempt by putting candy in the checkout lane.

Yes, I do know that my viewpoint is a minority. But I also recommend goods and services to others. So, yeah, don't abuse us and we'll pass on the sales.

I do not want myself distracted from material that has no bearing on what I am looking at.

Just to play devil's advocate, but wouldn't targetted ads be more preferable then, since they WOULD have a bearing on what you're looking at?

No, they would have bearing onwho is looking at them.
I'm all for targeted ads, when I am looking for products and/or services to buy.

99% of the time im on the internet, I am NOT going to buy stuff. I'm going to forums that I attend, getting email, working to help that ubuntu works better (by bug reports and fixes), and researching on more stuff that I can do in IT

> and researching on more stuff that I can do in IT

And as we all know, there are absolutely no adverts to do with that.

Your comment looks like you assume that the majority of internet users have an informed opinion about privacy on the internet. I deny that assumption.

My observation is that more than 90% computer users don't have a clue. They don't know how computers work, what they store, and what they send. I've even seen computer engineering students that don't know that Gmail does semantic analysis on their e-mail, despite the presence of targeted ads and a very good spam filter.

Now, of the 10% who do have a clue, most don't know the exact nature of each threat to their privacy. They just know they are being watched by Big Profitable Companies that sell each other their data. They don't always know that they can protect themselves from some of those threats, let alone how. Even when they do, it requires some effort up-front, and the benefits tend to be long-term and invisible.

Therefore, the extremely low percentage of people who use adblock, noscript, Tor or whatever isn't the result of most people doing a rational cost-benefit evaluation based on informed opinions about privacy on the internet. Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor.

Why should they have a clue about inner workings. Most people also don't know how a car engine works.

My comment isn't that people have an informed opinion about privacy, more that it's a moot point to them. It's like asking them their opinion on a new fuel injection component.

Users rightly assume that their personal details will be kept securely by any website they give them to.

> " Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor"

BS. Try using tor for a day. It's useless, ridiculously slow, and means things don't work properly. Also I tried adblock for a day, and I hated it. I want to see the internet uncensored. If a website pisses me off with popup ads, I'll just not go there again. I think that's pretty typical behavior. NoScript is an even stupider idea. Who in their right mind would disable javascript? Pretty much all websites will be broken. The only people who would install noscript are the analy OCD afflicted control freaks.

Your post looked like it was trying to assess that privacy isn't such a big deal, period. One of its arguments was an appeal to popularity: the extremely low percentage of people who use special privacy tools. Appeal to popularity can be valid, but I say that it doesn't work here, because the extremely low popularity of privacy tools is fully explained by the fact that nearly everyone doesn't have a clue, and therefore no opinion worth listening to. (When seeking truth, at least. Studying uninformed opinions has other uses.)

> BS

Ah, that is a meaningful disagreement. Well, you've just treated me of an OCD afflicted control freak, along with Eben Moglen. :-) By the way, the majority of the web site I go to (mostly from HN), work like charms, and I don't often have to enable Javascript. Tor doesn't work, true, and that's why I intend to run an exit node very soon. It'll be a drop in the ocean, but we gotta start somewhere. I liked Adblock while I used it, but animated ads stopped bothering me since NoScript.

The average person can't decide if they care about it until they understand it. Until they do, I'm glad people like Gabriel are being paranoid on their behalf.
Reminds me of stallmans endless ranting about freedom and software.

The evidence is that the masses don't care. They just want stuff that works and solves problems for them. Is it open source? Why would anyone (apart from a geek) care?

Disagree. People usually aren't aware of these privacy problems, and would care if they did know. Result: this page.

Same goes for free software: more casual users (probably) would use more free software if they knew about it. And the bit about it just working is mostly FUD.

If the average person knew that their Google searches can potentially lead to credit rejections or trouble with health insurance providers (hypothetical at this point, but with recent trends not as farfetched as before), I think they certainly would care.

The reason why the masses don't care is because they don't know why kind of havoc this sort of lack of privacy can cause. I for one am glad someone is educating the layman in an accessible and non-condescending way.

Highly hypothetical - to the extreme. How would any insurance co. know if it's me, or someone else in the household?

Also afaik health insurance is mainly a US phenomenon thank god.

http://online.wsj.com/article/SB1000142405274870464860457562...

There are lots of ways this could play out. If you go to the site and register (increasingly likely), they might be able to detect you individually. Secondly, providers are starting to line up data by email address and other personal facts, so they may be able to match you like that. But even if they aren't absolutely sure it is you, they can still use the information to put you in different initial pools that could be used, for example, to ask you more specific follow-up questions that then put you in different risk pools.

It's a tangential question, but why shouldn't insurers be able to know a fair amount about you to assess risk?

If you're endlessly searching for cancer cures, perhaps they should be aware of that.

Of course the solution is the US is universal health care for all. But that's never going to happen.

I think that the lack of understanding about how this stuff works really is the root of non-tech people being apparently apathetic about it. Of course, the observation is all anecdotal on my part, and a lot of people seem to have anecdotal evidence (One that stands out in my mind: http://twitter.com/dozba/status/19237941121388544 ). I wonder if anyone has done a study about how accurately the average user models this stuff internally.
And yet Stallman's endless ranting was instrumental in getting the Open Source movement started, and developing the GNU tools which brought us Linux, which is used widely in embedded systems and on servers, as well as by small businesses to cheaply bring users applications that solve problems for them. Sometimes solving problems for developers does trickle down.
I don't think Stallman would be particularly keen on your mistaken impression that he has anything at all to do with advocating Open Source.
Not until their life is impacted negatively (e.g., turned down for health insurance).

Most people (in North America anyway) don't appear to care much about their health, either... that is, until they are diagnosed with cancer or suffer a heart attack.

Supporting privacy is one thing and I'm appreciative of Google's stance. But when we're talking about personally identifiable information we're talking about a binary. Either you're personally identifiable from the data being stored or you're not. The bottom line is that I'm identifiable with the data stored on me by Google but not by the data stored on me by DDG. Google has made this decision to store identifiable information in order to improve the usability of their search and DDG has opted for a different route.

I will point out that there is nothing wrong with that. Google is not for those with strong privacy requirements, just as all popular operating systems are not for those with strong security requirements. Google falls at one point on the privacy/usability continuum and DDG falls at another point. But as far as the article being unfair to Google goes, I'll have to disagree. You are identifiable with Google's data and that's a reality.

Mixing the 'search term' and 'browser & computer info' points in the same lead sentence is misleading, suggesting (again to the 'average' person) you're more different from Google than you are.
(comment deleted)
If SSL was the default and sending headers was opt-in, it would probably add some weight to your argument. What Google actively promotes to the typical web user, however, is not SSL or anonymous search but rather features that collect user data to an ever greater degree, e.g. Toolbar, Instant Search, and the Chrome browser.
SSL adds latency, because you're setting up an encrypted connection. Google hates slowing down users, and we don't want to slow down every user unless it's a clear win. That's one reason.

When Google switched to AJAX-based search, that temporarily stopped sending referrers, and lots of people screamed bloody murder. For example, http://getclicky.com/blog/150/googles-new-ajax-powered-searc... said "So what can we do about it? If you run a blog, write about this. Submit this story or your own story to large tech blogs like TechCrunch, CenterNetworks, ReadWriteWeb, GigaOm, etc - no large site has written about this yet, and one of them needs to. ... Do anything you can to spread the word and let Google know that this is not acceptable."

Or see http://www.seobook.com/Ad-Networks-Partners-Hoarding-Publish... or http://econsultancy.com/us/blog/3240-google-ajax-bad-news-fo... or http://blogs.sitepoint.com/2009/02/04/google-update-breaks-t... . So we heard lots of complaints.

SSL as an option provides a nice choice for people who care about these issues and don't mind taking a tiny hit in latency.

I think moving to SSL as a default is a good move. What difference does no logging on the receiving end make when your ISP can log everything you search for?

In particular, GMail initially had SSL configurable, but then moved it to the default: http://gmailblog.blogspot.com/2010/01/default-https-access-f... . Apparently they don’t think the latency is a problem—or if they do, that it’s worth it to get the security benefits of HTTPS.

I don't think latency is a problem for something like gmail, you open it once and much of it happens in an already opened connection or in the background.
Your argument would carry more weight if, the user had the ability to switch to SSL search from the "Classic" search page or if SSL search was a setting that was accessible from "Search Settings" or "Advanced Search" on the "Classic" page.

The articles you reference speak to the problems for advertisers and related interests. They do not address issues of web user privacy.

Don't get me wrong, Google is in the difficult position of balancing the display of results based on advertising revenue with the display of results based on utility to the user.

What I see Google facing is that given their market share and mind share and the typical web user's tolerance for providing information it is probably easy to make a business case for skewing the balance. The problem is that there is no precedent from which to draw long term conclusions about loss of anonymity at the scale at which it currently occurs.

I can talk a bit about why we didn't launch with "click here to switch to SSL search" links. When SSL search launched, web search was supported, but not every type of search was supported. For example, Google Image Search wasn't easily supported for some esoteric reasons (some browsers have a limit of 2 simultaneous connections, and that can interact badly with SSL + fetching bunches of thumbnail images).

The concern was that people might click into SSL mode, forget they were in SSL mode, and complain because they didn't see Images or Maps or whatever search mode they wanted.

For smaller websites, switching on SSL mode can be pretty easy, but we've still got changes going in to improve various rough edges on SSL search.

In fairness, Google deserves credit for providing SSL search in the first place, but exactly how does one go about contacting the Google Complaints Department?

http://www.google.com/search?hl=en&client=opera&hs=S...

We try to keep an eye out for feedback across the web, on Twitter, at search conferences, in comments on blogs, etc. There's also a forum linked to from google.com/webmasters that we keep an eye on.
Clicking on a link in a Google search results page creates a redirect URL that leads back to Google itself and logs the visit to your Google Web History if you are logged in. Its not a simple matter of referrals to third party websites. Its a personal detailed silo of personal information that Google sits on and can only stay private as long as Google can make good on its promise to.

DuckDuckGo, AFAIK doesn't log your searches or correlate your searches with a user account.

Ignoring the search term being sent, browser and computer info is ALWAYS available to the target site, that is not something Google can even stop. Browser send information on who they are, JavaScript allows probing of what is installed, how big the screen is and all of that fun stuff.

So I don't see how that sentence is even fair at all, Duck Duck Go might stop the search term from being sent (and as a webmaster I'd hate that as it makes it harder to figure out how users are getting to my site), but they can't stop browser and computer info from being sent.

I have a question: does this policy of DDG violate their legal responsibilities? Thats a serious question. I believe that law enforcement requires some form of data retention but I'm not sure what.
No, nothing that I've ever come across says you have to save and store peoples' personal information. If you have it, then you have to abide for legal requests for it, but if you don't have it, you don't have it.
As a caveat, I remember some techno-illiterate judge ruling that having the data in memory constituted a record with the implication that by not persisting the record/document you were intentionally destroying it. I'll try to find the link.

edit: found it

A federal judge in Los Angeles last week ruled (PDF) that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.

http://www.zdnet.com.au/us-ruling-makes-server-ram-a-documen...

IANAL, but I don't think so. What law would that be? If I walk into any retail store and pay with cash, is the store owner required by law to get my personal info? No, they are not.

Perhaps in heavily regulated industries such as banking that might be different but search engines are not government regulated (for now).

There are data retention laws in other parts of the world (many european countries for example).
But unless you do business in one of those countries you can pretty much ignore these laws.
It's a complicated subject. By law, you can not be compelled to create a document that didn't exist, but you can be compelled to produce a copy of the document that does exist. It becomes murky when you consider that IP addresses etc do enter the memory of the computer before being discarded, and thus can be argued to have temporarily formed a document.

There was at least one court case where a judge felt this was enough to say "you have the document, you must make a copy at my request". I don't remember the details of the case, and don't remember how it ended. I hope that sanity prevailed and the "thou can not be compelled to create a document" policy was reinterpreted in a more reasonable manner.

Could anyone comment on how much of this stuff could be sidestepped by just using an incognito window in Chrome? I don't mind ads targeted to, say, me as a Java developer. But, if I'm going to look up anything I'd rather others not know about, I simply pop open an incognito window and... am I good to go? Is there anything besides my IP address that can be read when I'm doing that?
Incognito is a pretty thin layer of privacy. What many systems will see is this:

"User foobaz123 logs in from IP u.v.w.x. Here we have a no-cookie session from IP u.v.w.x. This is probably foobaz123"

Any identity management system of modest complexity can do this with fairly good accuracy. So while they don't have you confirmed via an authentication cookie, it's certainly a far cry from total anonymity.

I love the reference to the austin powers' "in a nutshell" scene, heheh.
I've been using DDG for a while, and have been very happy with it. IMHO they should focus on this privacy aspect, trying to be the most privacy respecting search engine, because it's a key product differentiator and it's also an issue which is only likely to grow in importance.
How will they make money? I agree with you. I like privacy, but ad supported search seems to be the only viable business model. Advertisers won't pay DDG b/c there's no one to target.
I assume they have various methods. One of the methods I noticed by accident was that they add their affiliate id to Amazon links in search results
So amazon can track DDG users.
They can track that you came from duckduckgo yes. But that's it. They can't track what search terms you used, because that is what duckduckgo hides in the referrer. But only if the link is https so the referrer is passed at all.
I missed that until now--interesting. Is DDG an affiliate of any other websites?
Building a product that people use is first step. Money will follow, eventually. Google didn't have revenue model in place since first date.
(comment deleted)
I seriously do not get this privacy sham. All of a sudden everybody and there uncle is very concious about some algorithms (that select the ad for you) knowing what they searched for. I mean even if I search for something inappropriate and then google ads algorithm knows what I searched for, big deal yaar whats the harm?

I presume referrer headers existed even before google and this privacy outrage. The thing I do not understand is, why this sudden conciousness about some database of what you searched online?

I don't think it's "all of a sudden," rather that as the web continues to grow up, more and more people are becoming aware that what they do or say on the web isn't as private as they might once have thought. As an aside, I think it first really clicked for me a few years back with the whole Netflix Prize situation, where even though the data was anonymized, smarter folks than I were able to demonstrate how you could personally identify a subscriber's profile from it.
This isn't just a matter of advertising. Your search history is an incredibly personal and detailed profile of who you are, and governments have a history of trying to use that sort of information for $badThings. See: US DOJ request for search engine histories in 2005. There's a reason why librarians fought so hard to keep your book checkouts private when the Patriot Act passed. Search histories have a potential for abuse and their privacy should be an issue.
Then don't select such a government. Last time I checked USA was a democracy.
Last time I checked USA was a democracy.

These kind of glib assertions play much better when they are factually correct.

You must have checked a loooong time ago...
(comment deleted)
rofl so lame XDD installed the extensions.. don't really care about anything
Well, that finally worked for me. For the longest time I've seen the DDG "ads" on here and thought, "meh, Google works fine for me." Focusing on the privacy angle appealed to me, mainly because I like the idea of decoupling my search and email histories.

But - if you are so focused on not-tracking then how do you know if an advertising campaign such as this actually works? Presumably this is not the only campaign you are currently running. Must be the referrer string from donttrack.us, which is so amusingly ironic that I can't help but twist the corner of my mouth into a smirk.

Nice site, by the way, I found it clean, clear and readable. Scrolling and justification are no matter to me, I liked the simple single-page look.

I'm in the same boat - this has finally convinced me to give it a serious try. I've been using Google mostly in "private" mode in Chrome/FF for a while now, but that's not a real solution.
I'm still dreaming of a search engine that parses regular expressions. When that happens I'm there. Yesterday.
It would be an interesting day if someone could make regular expression searches over a large data set as fast as keyword or phrase searches against a sorted and indexed database.

They also need to make sure they use an implementation that doesn't suffer from exponential time[1] regular expressions.

[1] - http://swtch.com/~rsc/regexp/regexp1.html

Kudos to DDG. Finally a good alternative to the big G.

What scares me the most sometimes is when I think about how ubiquitous Google's ads network and analytics network are. Most of the websites I visit use AdSense and/or Google Analytics. Some are using Google's copy of popular javascript libraries like jQuery. This means that when you are moving from site A to site B to site C, there is a good chance that even though A or B or C does not know about it, Google knows your full browsing path and even how you move from one to another. I am not saying that Google is actually doing it, but it is scary someone has the capability to do it and to know more about you than the government and your mother do. It is important a significant portion of the website and our browsing activities are outside of Google's networks.

Some are using Google's copy of popular javascript libraries like jQuery. This means that when you are moving from site A to site B to site C, there is a good chance that even though A or B or C does not know about it, Google knows your full browsing path and even how you move from one to another.

Wrong.

When a browser gets a request for a JavaScript file that it has seen before, it returns a cached copy from the local hard drive rather than sending out a request to the website. Therefore sites that use Google's copy of jQuery are maximizing their chances of having browsers not make a round trip, rather than giving Google something that they can use for tracking.

"I am not saying that Google is actually doing it, but it is scary someone has the capability to do it"

Uh, eddieplan9, you know that ISPs not only have this data but also your identity? Or that some ISPs sell that data to metrics companies? Here: http://www.wired.com/threatlevel/2007/03/isps_selling_cl/

It's always strange to me that people worry about Google, when ISPs have a superset of the data that Google sees, plus your identity.